Industry Vertical
Being Connected
Examining why closed-network systems are not immune to cyber threats and how cloud services add layers of security to minimize risk
Isolated corporate applications and
infrastructures are becoming a thing
of the past. That’s because trends
such as bring-your-own devices
(BYOD), internet of things (IoT)
and cloud services are compelling businesses
to become more connected. Now
more than ever, IT departments are looking
outside their environment at solutions
that could lower costs and take the strain
off their resources.
However, in the physical security industry,
one common myth is still holding
some decision-makers back: it’s the idea
that keeping on-premises systems on closed
networks is more secure. This article will
not only help to debunk this false belief,
but also show how companies can further
enhance the security of their on-premises
systems by connecting to the cloud services
with built-in security mechanisms.
Why a Closed Network
Doesn’t Protect Your
Systems from Threats
The security of corporate data is critical to
the integrity of operations. Yet, everywhere
we turn, it seems like another company
has become victim to some form of cyber
threat, malware or ransomware attack. As
more breaches occur and attract international
press attention, fear grows, leading
many to believe that opening up a network
to external applications makes an organization
more vulnerable to a cyberattack. This
mentality is no longer accurate or true. In
fact, many might be surprised to learn that
a significant percentage of these breaches
actually come from internal sources—
whether unwitting or on purpose.
Last year, a data exfiltration study
done by Intel revealed that “Internal actors
were responsible for 43 percent of
data loss, half of which was intentional,
and half accidental.”1 Another report
from Forrester called, “Understand the
State of Data Security and Privacy,” found
similar results.2 The study indicated that
almost 40 percent of breaches came from
inside a company, and that accidental and
malicious intent was equal.
This data tells us that on-premises systems
with closed networks are not entirely
immune to threats. An employee can accidently
open a phishing scam email and unleash
a virus on a closed network. Or, a visitor
could maliciously connect a USB stick
to a computer with the intent to steal data
or take down systems and halt operations.
Even when facing external threats,
vulnerability often stems from systems
that have not been updated with the latest
fixes, or from passwords that have not
been changed in months. For example, in
the security industry specifically, many
businesses unknowingly leave themselves
vulnerable to hackers or prying eyes by
not changing the default passwords on
new video surveillance cameras.
While many believe that opening their
network to cloud services might welcome
greater risks, these studies and common
mishaps suggest otherwise. Lack of employee
education or defined cyber security
policies, gaps in physical security and insufficient
system maintenance contribute
to the greatest number of threats.
How Connected
Applications are Shaping
Up to Be More Secure
Cloud is not all or nothing. Cloud services
can be added to complement an
on-premises system and its infrastructure.
This can include using cloud applications to store long-term evidence, instead of on
local servers or on external storage devices
which can end up in the wrong hands.
Cloud services can also play a critical role
in disaster recovery.
In case servers are damaged by a fire
or natural disaster, a full system back-up
can be restored using cloud services so
operations can continue without delay.
Organizations can connect on-premises
systems to cloud services to strengthen security
and minimize internal and external
threats. Here is how.
Automating Updates to
Avoid Known Vulnerabilities
Many vulnerabilities that hackers prey on
are quickly identified and fixed by vendors
in software version updates. Even when
an IT team sets scheduled updates in a
closed environment, it might not happen
fast enough to prevent a breach. The perk
of deploying cloud services is that system
updates are facilitated by the vendor. As
soon as the latest versions and fixes are
available, the client will have access to
them. This helps to ensure that their systems
are always protected against known
vulnerabilities.
In connected environment, the vendor
also knows what software versions are
running at customer sites, and what fixes
they might need. This helps the vendor
personalize its services and make sure
each client is getting the security updates
and mechanisms that they need to bolster
their environment.
Monitoring System
Availability and Health
IT and security departments have many
priorities. When they are busy, it’s not always
possible to keep an eye out for potential
system failures. However, knowing
when a camera goes offline or when there
is a server failure can help organizations
avoid potential threats. Cloud services can
automate this task by immediately sending
email or text alerts to directors and managers
if a system vulnerability is identified.
Then, they can securely log into the
system to investigate the issue and take
corrective measures. This solution helps
organizations keep their on-premises systems
secure and working at peak efficiency.
Considering Security
in the Selection of Your
Cloud Service Provider
All cloud solutions are not created equally.
To identity the most secure cloud services,
it’s important for organizations to
take a closer look at the vendor’s security
policies and built-in security mechanisms.
This should include encrypted communications,
data protection capabilities, and
strong user authentication and password
protection.
These mechanisms help protect organizations
against hackers and other internet-
based attacks. From an internal standpoint,
they also ensure only those with
defined privileges will be able to access or
use resources, data and applications.
Organizations should also look at the
back-end cloud platform on which the
services are built. Tier-one cloud providers
such as Microsoft have a global incident
response team that works around the
clock to mitigate attacks. The company
also builds security into its cloud platform
from the ground up, embedding mandatory
security requirements into every phase
of the development process. Top cloud
providers also go out of their way to comply
with international and industry-specific
compliance standards, and participate
in rigorous third-party audits which test
and verify security controls.
Opening Up to Greater
Connectivity and Security
Connecting an on-premises system to external
applications does not invite threats.
Instead, with the right vendor, organizations
can use cloud services to strengthen
and enhance the security of their onpremises
systems.
These services provide the necessary
updates, notifications and security mechanisms
that keep on-premises systems
free from common vulnerabilities that
lead to more serious threats. They also
help IT and security teams remain efficient
and proactive in ensuring their systems
are secure, and functioning at peak
performance.
Here’s the truth—as adoption for the
cloud increases, these cloud services will
help organizations keep their on-premises
system more secure than ever before.
This article originally appeared in the August 2017 issue of Security Today.