Transforming Security
Are you ready for the next big thing?
- By Don Campbell
- Jan 04, 2016
By now, we’ve all heard some variation of this question and wondered
what it really means for our work, our organizations and
the security market in general. Some people feel confident that
they are ready, and they see great opportunities ahead. Others are
not so confident, and while they feel somewhat familiar with the
concept of what the Internet of Things is, they find it much harder to put their
finger on exactly how the specifics will impact the security profession. That is the
big question, and the answer will vary from organization to organization and even
person to person.
THE INTERNET OF THINGS (IOT)
What exactly is the Internet of Things? The truth is, defining the exact nature and
potential of the Internet of Things is difficult. The use of the phrase itself has
already grown faster than the agreement on a definition. So, like some other technical
topics of high interest, such as “cybersecurity” and “the cloud,” not everyone
who is using these phrases is talking about the same thing. For the purposes of this
article, here is a definition that will be sufficient:
The Internet of Things is a networked computing concept that describes the situation
where sensors and devices in the real world have the capability to communicate
with each other and with connected processors and humans, thereby reconnecting the
virtual networked world, and all the information and capabilities therein, with the
real world.
With this definition in hand, the implications to the security market are much
easier to recognize, understand and plan for.
THE IOT AND SECURITY
What does the IoT mean for security? The short answer is that as more and more
devices of all types, security and non-security, are connected to networks. The potential
impact of the Internet of Things on security grows. The same connectivity
that enables homeowners to check on their thermostats remotely also provides a
pathway for hackers, thieves, and pranksters to reach the same devices. In business
and professional settings, management clearly sees the upside of interconnected
networks, making resources and collaboration available to their increasingly distributed
businesses.
They see the downside, in that the same networks expose digital doorways to
hackers of all types, and they rely on the IT and security departments to protect
the firm from these threats. In many ways, this coincidence of upsides and downsides
applies directly to professional security matters as well.
For security professionals, the focus has been on the potential problems and
how to prevent them from damaging the firm. But there are also advantages.
First, there is the ability to connect multiple disparate systems together via an
IP network, which can provide security with valuable data that can be used to assess
an organization’s risk and even offer the potential to avert incidents before
they can occur. In addition, IoT connectivity can enable technology which helps
an organization with compliance regulations.
A GROWING CHALLENGE
There are growing challenges for security professionals. In particular, the number
of potential network access points is growing rapidly as more security and nonsecurity
devices are equipped with an IP address and connected to the network.
This growing list of devices literally expands the entire ecosystem in which security
plays a role. Therefore, security practitioners can either wait for this to happen or
stay ahead of potential problems by creating and implementing proactive policies
around networked devices.
SMARTER TECHNOLOGIES
In the age of the Internet of Things, the greater integration and interoperability
between systems streamlines control and management of devices that are connected
to the network. One of the more interesting and perhaps less obvious capabilities
the IoT has enabled is the ability to bring technologies that have until
now been thought of as “low-tech,” into the overall security network. This creates
a number of opportunities and challenges for security professionals, making it essential
that devices and systems are deployed and managed correctly.
Traditionally, video surveillance has served as security’s entry point into the network.
The adoption rate of IP cameras and devices has been steadily growing for a
number of years, to the point where networked video is widely used and accepted.
However, this is not the only piece of the equation. There are a number of technologies,
such as predictive analysis solutions, designed to allow access control, building
management and numerous other systems to be networked and integrated.
TRANSFORMING LOCKS
One of the best solutions to come out of the Internet of Things has been the
development of standalone smart electronic locks that are easy to use and can be
unlocked using a smartphone. Thanks to new innovations, a new wave of networkable
and manageable solutions have transformed locks from simple hardware into
intelligent sensors that can gather and share data with a wide variety of systems.
When incorporated into an overall security environment, they can be centrally
managed and monitored to ensure the right individuals have access only to the information
and assets they need to perform their job. Similar to how access control
systems are managed today.
An ideal use for these manageable locks is for securing areas or assets that may
fall outside of traditional access control, such as file cabinets containing financial
information or lab test results. For these applications, installing a full access control
solution would likely be cost-prohibitive. Keyed locks are a much more costeffective
solution, but the time and effort required to manage keys can be extensive.
Another main feature of manageable locks is ease of installation, which again,
is both good and bad. Solutions that can be deployed efficiently are certainly beneficial
for an organization, but at the same time, individuals are also quite capable
of installing smart locks themselves.
The potential for individuals to install their own smart devices on company
networks underscores the need for security departments to recognize the reality of
the Internet of Things and to proactively create and implement policies and standards
covering their use distributed to all employees. Standards are designed to ensure that only certain technologies are introduced into the workplace so multiple mdisparate systems can be connected, integrated and managed organization-wide.
MOBILE CREDENTIALS
Integrating mobile technology is another key component of security the IoT enables.
The truth is that the number of credentials individuals are issued and must
carry is increasing, as is the potential for temporary, lost or stolen badges to be
missed and potentially misused.
If someone loses a phone, they are likely to quickly notice and tell someone
right away. With a badge, it may take longer, and until they either locate or replace
it, they can always use a temporary or visitor badge. Having credentials on smartphones
encourages people to take better care of them, and the ability to connect
phones to a network to control and manage identities in a single location provides
security with stronger reporting, easier management and greater clarity into how
credentials are being used.
PREDICTIVE ANALYSIS
Expanding policies to include manageable smart locks opens up whole new areas
to predictive analytics that are now starting to give us new insights into our access
control systems. While access control locks tend to be limited to the perimeter of
our buildings and high value areas, smart locks cost significantly less and can be
used more extensively. Combining manageable smart locks with predictive analysis
serves two main purposes. First, it provides an audit trail containing the who,
what, when, where and why of each access attempt, both successful and unsuccessful.
In other words, an organization can have “eyes” in locations where they didn’t
have them before and can detect when someone is trying to abuse the lock system.
At the same time, by adding more locks, organizations are able to collect more
data, which makes the predictive analysis system more accurate and by extension
increases overall security.
IDENTITY MANAGEMENT AND THE IOT
Physical Identity and Access Management (PIAM) solutions with predictive
analysis capabilities can serve as the glue that holds an organization’s networked
security and non-security devices and systems together by tying them in to a single
platform for tracking and management.
With regard to access control and locks, nearly every organization faces two
main challenges. The first is controlling who has access such as ensuring the offboarding
of an identity if an individual’s role changes or if they leave the organization.
The second is compliance, which tends to be the more difficult of the two,
because it means an organization must keep a single detailed record that clearly
shows that everything related to identities and access complies with a variety of
requirements.
THE IOT: ENABLING IMPROVED SECURITY
The Internet of Things offers great potential to security professionals who recognize
and understand the concept. The IoT will help build efficiency and generate
cost savings, which is often the main driver behind organizations’ adoption of new
technologies. For security professionals, however, the deployment of new technologies
and networked sensors and devices has the potential to bring a new higher
level of operational awareness that can be used to improve security and operations.
One key to capturing this potential is to avoid ‘playing catch-up’ by proactively
creating and implementing policies and standards. Another is to make use of the
wealth of new data that the connected devices will deliver, and
recognize its security-related value. The thieves and hackers are
looking forward to the future of the IoT with the right actions in
place, security professionals will embrace the IoT too.
This article originally appeared in the January 2016 issue of Security Today.