Industry Vertical

Being Connected

Examining why closed-network systems are not immune to cyber threats and how cloud services add layers of security to minimize risk

Isolated corporate applications and infrastructures are becoming a thing of the past. That’s because trends such as bring-your-own devices (BYOD), internet of things (IoT) and cloud services are compelling businesses to become more connected. Now more than ever, IT departments are looking outside their environment at solutions that could lower costs and take the strain off their resources.

However, in the physical security industry, one common myth is still holding some decision-makers back: it’s the idea that keeping on-premises systems on closed networks is more secure. This article will not only help to debunk this false belief, but also show how companies can further enhance the security of their on-premises systems by connecting to the cloud services with built-in security mechanisms.

Why a Closed Network Doesn’t Protect Your Systems from Threats

The security of corporate data is critical to the integrity of operations. Yet, everywhere we turn, it seems like another company has become victim to some form of cyber threat, malware or ransomware attack. As more breaches occur and attract international press attention, fear grows, leading many to believe that opening up a network to external applications makes an organization more vulnerable to a cyberattack. This mentality is no longer accurate or true. In fact, many might be surprised to learn that a significant percentage of these breaches actually come from internal sources— whether unwitting or on purpose.

Last year, a data exfiltration study done by Intel revealed that “Internal actors were responsible for 43 percent of data loss, half of which was intentional, and half accidental.”1 Another report from Forrester called, “Understand the State of Data Security and Privacy,” found similar results.2 The study indicated that almost 40 percent of breaches came from inside a company, and that accidental and malicious intent was equal.

This data tells us that on-premises systems with closed networks are not entirely immune to threats. An employee can accidently open a phishing scam email and unleash a virus on a closed network. Or, a visitor could maliciously connect a USB stick to a computer with the intent to steal data or take down systems and halt operations.

Even when facing external threats, vulnerability often stems from systems that have not been updated with the latest fixes, or from passwords that have not been changed in months. For example, in the security industry specifically, many businesses unknowingly leave themselves vulnerable to hackers or prying eyes by not changing the default passwords on new video surveillance cameras.

While many believe that opening their network to cloud services might welcome greater risks, these studies and common mishaps suggest otherwise. Lack of employee education or defined cyber security policies, gaps in physical security and insufficient system maintenance contribute to the greatest number of threats.

How Connected Applications are Shaping Up to Be More Secure

Cloud is not all or nothing. Cloud services can be added to complement an on-premises system and its infrastructure. This can include using cloud applications to store long-term evidence, instead of on local servers or on external storage devices which can end up in the wrong hands. Cloud services can also play a critical role in disaster recovery.

In case servers are damaged by a fire or natural disaster, a full system back-up can be restored using cloud services so operations can continue without delay. Organizations can connect on-premises systems to cloud services to strengthen security and minimize internal and external threats. Here is how.

Automating Updates to Avoid Known Vulnerabilities

Many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Even when an IT team sets scheduled updates in a closed environment, it might not happen fast enough to prevent a breach. The perk of deploying cloud services is that system updates are facilitated by the vendor. As soon as the latest versions and fixes are available, the client will have access to them. This helps to ensure that their systems are always protected against known vulnerabilities.

In connected environment, the vendor also knows what software versions are running at customer sites, and what fixes they might need. This helps the vendor personalize its services and make sure each client is getting the security updates and mechanisms that they need to bolster their environment.

Monitoring System Availability and Health

IT and security departments have many priorities. When they are busy, it’s not always possible to keep an eye out for potential system failures. However, knowing when a camera goes offline or when there is a server failure can help organizations avoid potential threats. Cloud services can automate this task by immediately sending email or text alerts to directors and managers if a system vulnerability is identified.

Then, they can securely log into the system to investigate the issue and take corrective measures. This solution helps organizations keep their on-premises systems secure and working at peak efficiency.

Considering Security in the Selection of Your Cloud Service Provider

All cloud solutions are not created equally. To identity the most secure cloud services, it’s important for organizations to take a closer look at the vendor’s security policies and built-in security mechanisms. This should include encrypted communications, data protection capabilities, and strong user authentication and password protection.

These mechanisms help protect organizations against hackers and other internet- based attacks. From an internal standpoint, they also ensure only those with defined privileges will be able to access or use resources, data and applications.

Organizations should also look at the back-end cloud platform on which the services are built. Tier-one cloud providers such as Microsoft have a global incident response team that works around the clock to mitigate attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls.

Opening Up to Greater Connectivity and Security

Connecting an on-premises system to external applications does not invite threats. Instead, with the right vendor, organizations can use cloud services to strengthen and enhance the security of their onpremises systems.

These services provide the necessary updates, notifications and security mechanisms that keep on-premises systems free from common vulnerabilities that lead to more serious threats. They also help IT and security teams remain efficient and proactive in ensuring their systems are secure, and functioning at peak performance.

Here’s the truth—as adoption for the cloud increases, these cloud services will help organizations keep their on-premises system more secure than ever before.

This article originally appeared in the August 2017 issue of Security Today.

Featured

  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3