Make Your Metadata Cybersecure

  • By Wayne Dorris
  • May 14, 2025

We all know that physical security devices capture a massive amount of information about the environment in which they’re deployed. When categorized and searched efficiently, that data transforms into actionable intelligence to better protect the organization. That is where metadata comes into play.

Metadata is often generated in conjunction with a digital file – be it a video image, a sensor reading, or a sound wave – to describe the file and its contents.

For example, a digital image file may include metadata like the date and time the image was captured, its location, as well as the camera ID and settings used. The metadata can also include details such as the type of object (vehicle, person, animal, etc.), its size, how fast it is moving, even the direction of its movement. In essence, the metadata provides a table of contents for the data to simplify the process of understanding, sorting, and locating the data it represents.

Business Intelligence
With metadata multiple stakeholders can extract different business intelligence from the same data source. For example, a security camera can read license plates to bar unauthorized vehicles from entering a restricted parking facility. It can also count cars, compare that number to garage capacity, and automatically trigger electric signage directing vehicles to an overflow parking lot.

It might be a security camera that watches a fire exit to prevent illegal usage can also alert on detecting a blocked exit, enabling the organization to avoid fire code violations and costly fines. Or security cameras observing for theft at a construction site can also be used to detect whether construction workers are wearing their personal protection equipment as OSHA requires.

It is the metadata that makes it possible for security camera data to contribute to operational efficiency and inform pivotal business decisions. For instance, cameras could confirm QA/QC activity on a production line to help reduce costly waste or frequent remakes. Or the data they collect could help the company find events affecting workflow and operation uptime, which in an industry like automotive or circuit board manufacturing could save millions of dollars in lost production time and help management figure out ways to increase output.

While this might seem like an ideal synergy – using the same device to channel critical insights to multiple stakeholders – it raises significant concerns about the safety and integrity of data flowing between systems.

Becoming a Target for Infiltrating Critical Systems
Once security cameras primarily designed for physical security tasks start streaming data and metadata to enterprise operational and business systems, it increases their visibility. Instead of being largely ignored by hackers, they suddenly become high-value targets that can be used to infiltrate and bring down vital production and business operations.

In the past, physical security solutions operated on their own independent networks. Or IT sequestered the physical security system in a separate zone on the network, isolating it from any critical business and production functions. These decisions were made because IT did not trust that the cybersecurity measures on those devices were up to IT standards.

What IT Expects from Devices on its Network
For many physical security system manufacturers, software developers and users, IT-level cybersecurity is a new ball game. To play in IT’s sandbox, physical security devices will need things like:

  • Multilayer encryption
  • Certificate protocols
  • Zero-trust architecture
  • Automated onboarding and provisioning
  • Active Directory and Single sign-on
  • Lifecycle management

These are not new security protocols. They have been standard requirements in IT systems for more than a decade. But many are new to physical security devices.

Understanding These Security Protocols
IT security protocols serve two purposes: protecting the integrity of systems and data and making it easier to manage the devices on the network.

Multilayer encryption. While most physical security devices can encrypt data, IT security protocols take encryption to the next level. Employing multiple encryption layers and multiple encryption keys makes it more difficult for malicious attackers to gain access to the data stream. For example, MACsec encryption might be used at layer two for services like DHCP, NTP and ARP while HTTPS might be used at layer seven for API calls and WebGUI.

Certificate management. Many security devices employ certificates, digital documents that verify a device’s identity on the network and mechanisms for encryption used to transmit its data. However most physical security devices don’t support certificate management protocols like EST (Enrollment over Secure Transport) or SCEP (Simple Certificate Enrollment Protocol). These protocols automate the process of installing and replacing device certificates. Since certificates are crucial for encryption and authentication, it is unlikely that IT would approve devices that require manual certificate management.

Zero-trust architecture. IT relies on zero-trust architecture to minimize the radius of damage should a breach occur. This entails micro-segmenting sensitive resources, using end-to-end encryption, continuously monitoring user and device behavior for anomalies, and implementing robust incident response and recovery mechanisms. To support that goal, IT needs to be able to verify the authenticity of physical security devices before authorizing their access to the network.

In addition to protecting network access, zero-trust architecture enables IT to automate device enrollment, which, depending on the number of security devices being introduced to the network, can be a critical time saver.

That is why IT wants security devices that can be onboarded and provisioned automatically through secure network protocols. For instance, devices that use device IDs or 802.1 AR can be loaded onto the network automatically, right out of the box. Once installed, the policy engine server on the network checks the device’s ID and associated policies like which ports to open, and so forth.

So, the IT administrator doesn’t have to touch the device or assign it an IP address or a VLAN. To simplify things further while on a provisional VLAN device, IT can harden the security device with management software.

Active directory and single sign-on. In physical security systems, administrators tend to manage user privileges in local accounts. But in an enterprise environment, IT security protocols require that network devices be managed more securely through a centralized user rights management service like Active Directory.

To operate in this global enterprise domain, physical security devices would need to support protocols like Oauth 2.0, an IT industry standard for authorization. This would allow the physical security device to be managed more efficiently, like how servers and other IoT devices are managed on the IT network.

For instance, with Active Directory, HR could delete a resigning security officer from the Active Directory, which would automatically revoke their access privileges for all devices across the entire network at once.

Working with Active Directory also allows security devices to support Single sign-on, an authentication service that allows users to log in once to access multiple services without re-entering their user ID and password. This also allows IT to activate more secure authentication features like 2FA, or MFA on these devices, adding another layer of network protection.

Lifecycle management. Because cybersecurity risks exist at every stage of a device’s lifecycle, IT needs to be able to manage the security of every device on the network from the time it is onboarded until it is decommissioned and removed. IT will be looking for security devices that support features like secure boot, which ensures that the device is free of unauthorized software modifications prior to connecting to the network.

They will also want to be able to batch process security tasks like security patches, bug fixes, and upgrades to device operating systems. In addition, IT will want devices that allow them to easily manage device credentials, deploy certificates, disable unused services, and verify removal of outdated devices no longer supported by their manufacturers, which, unless detached, could become potential attack vectors.

Can these security protocols be retrofitted to legacy physical security devices? In most cases, the answer is no. One might be able to retrofit certificate management like EST or SCAP, but not zero-trust features. Things like a device’s digital identities need to be baked into the product at the start for it to be trusted. If security device manufacturers plan to follow these more stringent requirements, they’ll need to revamp their production process.

Investing in Cross-breach Prevention
As more stakeholders avail themselves of physical security metadata for business intelligence and operational efficiency, opportunities increase for organizations to identify ways to improve their bottom line. But using that data stream also increases the visibility of physical security devices, making them tempting targets for attackers to exploit.

Without IT-level security protocols on these devices, the potential for a breach into critical IT systems can escalate. On the other hand, having these protocols in place not only helps prevent system corruption and operation disruption, but it also assures the integrity and authenticity of the data being shared.

This article originally appeared in the May / June 2025 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.