The August issue of SSI includes a two-part special focus on cloud-based access control and video surveillance. While the capabilities of such solutions and the recurring revenue opportunities they offer installing and monitoring security systems providers is alluring, questions remain regarding the security of the cloud itself. To further address that critical issue, Ron Woerner, director of the M.S. Cybersecurity program at Bellevue University, has contributed the following article.
The cloud offers many advantages to security system integrators over traditional services. Information is available anytime, anyplace, using almost any type of device. Wouldn’t your clients love to check their security from the convenience of their smartphone or tablet? But with this convenience comes some risks. These risks are easily mitigated if you take the right steps. Additionally, your proactive security professionals must work alongside IT staff to help identify and solve potential problems prior to them becoming larger issues.
It starts with asking the right questions of potential cloud service providers (CSPs). You are creating a partnership to ensure your systems are available, your client’s data stays confidential, and its integrity is valid. When starting your cloud integration project, ask the following questions:
• How will current security systems fit on the cloud?
• What information should and shouldn’t be stored on the cloud?
• What practices are in place to transition from legacy hard drives to the cloud?
Having proper security measures in place for the cloud is as important as locking a physical vault holding personal information. You need to ensure your cloud provider has security protections in place to reduce your client’s risks. Consider the following when storing security surveillance and other data in the cloud:
• How do they control access to the systems and the data?
• Do they follow standard security baselines for their servers and virtual environments?
• Are the systems and data replicated in cases of disaster?
• Is encryption used to protect the data’s confidentiality?
To find the system that works best for any individual company, investigate companies, ask questions and put together effective policies to grow a company as the system integrator and cloud computer grow together. In the end, it will be most important to ensure that the cloud is secure for an individual corporation. Understanding what risks lie in each cloud system, what can happen if a security breach or loss of data occurs, and knowing if there is a backup for your information other than in the cloud are all questions and information you will want to understand.