Who ‘Owns’ a Client’s IP Security Devices?
If connected security devices are not secure, it creates a vulnerable spot for hackers to gain access. Here’s how to figure out who takes responsibility for what.
As our world becomes more connected, the ability to utilize connected devices to not only run a business but to gain valuable insights is more possible than ever before.
IP cameras can provide immediate, visual knowledge of what is happening in a business, while IP access control points can add and remove users almost instantly.
However, with all of these devices connected to a business’ network, a significant question arises that security integrators must address with their customers: who owns responsibilities for IP security devices connected to a company’s network?
This question is so relevant today, because any device that is connected to a company’s network provides an entry point to that network by both authorized and unauthorized users. If those connected security devices are not secure, it creates a vulnerable spot for hackers to gain access.
While many organizations spend millions of dollars ensuring their IT infrastructure is secure against future potential threats, it’s the immediate threat that exists from connected devices that must be considered, as well.
Security, IT, Facilities Teams May Be in Loop
It is common for device manufacturers to regularly update their products to make them more secure, less vulnerable, remove bugs or add functionality. One advantage of connected devices is the ability to remotely update with software or firmware patches, allowing the device to remain less vulnerable.
A common practice with IP cameras, for example, is for manufacturers to release new versions of firmware that can update the camera to work more effectively, eliminate bugs, or reduce vulnerabilities that hackers exploit.
To effectively manage these updates, there needs to be an understanding between the security dealer and end user of what is connected to the network, whether there is an updated version of the firmware and how to update the device.
Traditionally, a company’s security team handles security — with the IT team overseeing all things IT, and the facilities team handling the physical environment. But now, with IP addresses and Internet connectivity, cameras used for security purposes are often connected to an organization’s network.
So is the security team responsible for the camera firmware updates and password verifications, or does this fall under IT’s responsibility, similar to mobile devices and laptops?
This now becomes a conversation that systems integrators should have with all customers and, thus, create best practices for how to manage connected devices — and make them part of the overall IT security of an organization.
Best Practices Start With Open Communication
The best way for an organization to answer the question of who owns IP security products connected to a network is to start with open communication and dialog.
To begin, here are some best practices that security pros can suggest their end users employ to minimize the confusion:
- Clearly define who is responsible for connected security devices as well as the expectations regarding the responsibility. For IP cameras, this means defining the physical upkeep and functionality of the camera, as well as the cybersecurity side of protecting the device via firmware updates and password checks.
- Establish teamwork between the groups within an organization that have responsibilities for the functionality, security and operations of equipment. In most organizations, as mentioned previously, this would include the security team, the IT department and potentially facilities maintenance.
- Agree on frequency of verifying checks and audits to be completed and add connected security equipment as part of the normal IT audit of devices.
- Utilize the security provider or integrator. Many organizations have maintenance plans for physical security equipment. Check to see what the plan covers. Does it only cover the physical upkeep of the equipment? Determine if there is an option to have a maintenance plan that includes regular firmware updates and password checks.
Value Is Clear, but Risks Remain
Connected devices give companies the opportunity to gather valuable data — now more than ever before. The devices can provide real-time insight into customer behavior, building efficiency and up-to-the minute performance status of critical equipment.
These are just a few of the use cases, and it is evident that the benefit of connected devices is significant.
But end users also need to realize that the risks of these connected devices are real and need to be planned for accordingly and comprehensively.
It’s never a good situation when there is a breach of a device and it turns out that everyone thought “the other department” was handling it.
As long as there is clear ownership within an organization, an action plan on how to keep the devices secure and communication between the stakeholders, the benefits of connected devices can certainly outweigh and effectively mitigate the risks.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!