Industry Vertical

Being Connected

Examining why closed-network systems are not immune to cyber threats and how cloud services add layers of security to minimize risk

Isolated corporate applications and infrastructures are becoming a thing of the past. That’s because trends such as bring-your-own devices (BYOD), internet of things (IoT) and cloud services are compelling businesses to become more connected. Now more than ever, IT departments are looking outside their environment at solutions that could lower costs and take the strain off their resources.

However, in the physical security industry, one common myth is still holding some decision-makers back: it’s the idea that keeping on-premises systems on closed networks is more secure. This article will not only help to debunk this false belief, but also show how companies can further enhance the security of their on-premises systems by connecting to the cloud services with built-in security mechanisms.

Why a Closed Network Doesn’t Protect Your Systems from Threats

The security of corporate data is critical to the integrity of operations. Yet, everywhere we turn, it seems like another company has become victim to some form of cyber threat, malware or ransomware attack. As more breaches occur and attract international press attention, fear grows, leading many to believe that opening up a network to external applications makes an organization more vulnerable to a cyberattack. This mentality is no longer accurate or true. In fact, many might be surprised to learn that a significant percentage of these breaches actually come from internal sources— whether unwitting or on purpose.

Last year, a data exfiltration study done by Intel revealed that “Internal actors were responsible for 43 percent of data loss, half of which was intentional, and half accidental.”1 Another report from Forrester called, “Understand the State of Data Security and Privacy,” found similar results.2 The study indicated that almost 40 percent of breaches came from inside a company, and that accidental and malicious intent was equal.

This data tells us that on-premises systems with closed networks are not entirely immune to threats. An employee can accidently open a phishing scam email and unleash a virus on a closed network. Or, a visitor could maliciously connect a USB stick to a computer with the intent to steal data or take down systems and halt operations.

Even when facing external threats, vulnerability often stems from systems that have not been updated with the latest fixes, or from passwords that have not been changed in months. For example, in the security industry specifically, many businesses unknowingly leave themselves vulnerable to hackers or prying eyes by not changing the default passwords on new video surveillance cameras.

While many believe that opening their network to cloud services might welcome greater risks, these studies and common mishaps suggest otherwise. Lack of employee education or defined cyber security policies, gaps in physical security and insufficient system maintenance contribute to the greatest number of threats.

How Connected Applications are Shaping Up to Be More Secure

Cloud is not all or nothing. Cloud services can be added to complement an on-premises system and its infrastructure. This can include using cloud applications to store long-term evidence, instead of on local servers or on external storage devices which can end up in the wrong hands. Cloud services can also play a critical role in disaster recovery.

In case servers are damaged by a fire or natural disaster, a full system back-up can be restored using cloud services so operations can continue without delay. Organizations can connect on-premises systems to cloud services to strengthen security and minimize internal and external threats. Here is how.

Automating Updates to Avoid Known Vulnerabilities

Many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Even when an IT team sets scheduled updates in a closed environment, it might not happen fast enough to prevent a breach. The perk of deploying cloud services is that system updates are facilitated by the vendor. As soon as the latest versions and fixes are available, the client will have access to them. This helps to ensure that their systems are always protected against known vulnerabilities.

In connected environment, the vendor also knows what software versions are running at customer sites, and what fixes they might need. This helps the vendor personalize its services and make sure each client is getting the security updates and mechanisms that they need to bolster their environment.

Monitoring System Availability and Health

IT and security departments have many priorities. When they are busy, it’s not always possible to keep an eye out for potential system failures. However, knowing when a camera goes offline or when there is a server failure can help organizations avoid potential threats. Cloud services can automate this task by immediately sending email or text alerts to directors and managers if a system vulnerability is identified.

Then, they can securely log into the system to investigate the issue and take corrective measures. This solution helps organizations keep their on-premises systems secure and working at peak efficiency.

Considering Security in the Selection of Your Cloud Service Provider

All cloud solutions are not created equally. To identity the most secure cloud services, it’s important for organizations to take a closer look at the vendor’s security policies and built-in security mechanisms. This should include encrypted communications, data protection capabilities, and strong user authentication and password protection.

These mechanisms help protect organizations against hackers and other internet- based attacks. From an internal standpoint, they also ensure only those with defined privileges will be able to access or use resources, data and applications.

Organizations should also look at the back-end cloud platform on which the services are built. Tier-one cloud providers such as Microsoft have a global incident response team that works around the clock to mitigate attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

Opening Up to Greater Connectivity and Security

Connecting an on-premises system to external applications does not invite threats. Instead, with the right vendor, organizations can use cloud services to strengthen and enhance the security of their onpremises systems.

These services provide the necessary updates, notifications and security mechanisms that keep on-premises systems free from common vulnerabilities that lead to more serious threats. They also help IT and security teams remain efficient and proactive in ensuring their systems are secure, and functioning at peak performance.

Here’s the truth—as adoption for the cloud increases, these cloud services will help organizations keep their on-premises system more secure than ever before.

This article originally appeared in the August 2017 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • Today's Enterprise

    Protecting servers and data has evolved rapidly over the past 15-plus years. Early on, concerns centered around the environmental conditions of where servers were housed within a building and the effects of humidity, temperature and air quality on their performance. This led to a better understanding of the need for a controlled environment to maximize equipment lifespan and capacity. It was also a driving force behind consolidating servers in a common space, i.e., the data center. Read Now

  • Study Proves It: Security Awareness Training Reduces Phishing Attacks

    Attackers are increasingly targeting human-based vulnerabilities to infiltrate organizations. Humans have direct access to insider systems and data – any threat actor can easily phish users, steal their credentials and secure keys to the kingdom without having to fight advanced cybersecurity defenses. Studies show social engineering attacks and human errors are behind 68% of all breaches.  Read Now

  • Security Questions Persist After Attempted Assassination Attempt of Donald Trump

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3