Networked Access Control: Challenges, Best Practices & Outlook
Security integrators can properly guide access control solutions through enterprise networks by utilizing vulnerability testing, data management and cybersecurity. Here’s how.
Photos and VideosView Slideshow
The digital transformation and shift to networked everything is greatly impacting the physical security industry in both ways that were anticipated and those that we did not see coming. No longer are the Cloud, Internet of Things (IoT) and the rise of smart, interconnected technologies foreign and distant concepts full of intrigue and promise.
Instead, these elements are increasingly incorporated into security solutions today, allowing organizations to experience countless benefits when it comes to both safety and business operations.
But with interconnectivity and networking come the concerns for data management and safety in a world full of cyber threats. Both security integrators and manufacturers are tasked with the critical job of designing and implementing solutions that take cybersecurity into account from Day 1, providing end users with the training they need to ensure compliance and engaging in consistent testing and updates in an effort to safeguard the data being collected.
At the center of this new imperative are networked access control systems, which are increasingly being deployed across a broad range of end-user markets locally, throughout campuses, across the country and worldwide.
In some cases they run separately on dedicated networks, but more commonly they ride on shared networks with other enterprise systems such as human resources management and additional security systems like video surveillance, often being integrated among them as well. Let’s take a closer look at the challenges, best practices (see slideshow too) and outlook.
Connected Device Risks
Thanks to technology, the world we live in today can be a simple one. For instance, home appliances such as TVs, heating systems, air conditioners and lighting systems can now be controlled remotely using smart devices. We can also grocery shop, buy concert tickets, rent a movie or order pizza via smartphones without having to leave the house.
The flipside of the coin in this fast-growing, technology-driven world, however, is the threat of cyber attacks. Every day, we’re hearing about a new breach of personal data at consumer sites, healthcare facilities and even hospitality providers, leaving consumers to wonder, “Is my information safe?”
It’s a fact: with increased connectivity between physical devices and systems, security solutions can be vulnerable to attacks. Hacking an IP security system can take place through a variety of ways.
For example, in a brute-force attack, a hacker just “guesses” passwords. Given that most people choose easy-to-remember passwords, many can be discovered using simple algorithms.
Another standard method of attack is a Denial-of-Service (DoS), where the offender attempts to overload the system by flooding the target with excessive demands and preventing legitimate requests from being carried out.
It’s no secret that a cyber breach or attack can create irreparable damage when it comes to both the inability to use a system and the exploitation of a user’s personal data. Integrators must therefore take the safety of the data collected about users by security systems seriously to ensure it’s protected at all times.
Safely Managing Data
One thing that embracing intelligent and integrated technologies has taught us is the fact that data is invaluable — and there’s copious amounts available to be analyzed. As the use of Big Data continues to increase, along with the elevated level of insight and awareness organizations demand, businesses can expect to see the conversations regarding data privacy and security increase as well.
The key takeaway is to ensure that the data that organizations use for enhancement and improvements is comprehensively protected from unauthorized access. In the physical security industry, manufacturers and integrators must be mindful of their products’ capabilities and make it easy for end users to adhere to data sharing and privacy regulations.
These regulations, which greatly affect physical security systems and the way they’re managed, are being implemented worldwide, such as the European Union’s General Data Protection Regulation (GDPR).
In the United States, California, Vermont and South Carolina have followed suit, and it can be expected that more countries and U.S. states will develop similar guidelines.
Rise of Vulnerability Testing
With the concern about data breaches and the need for data management at the forefront of many security installations, integrators must demand more safeguards from the manufacturers they work with, including the consistent practice of vulnerability testing.
A security vulnerability in a product is a pattern of conditions in the design of the system that is unable to prevent an attack. This will result in perversions of the system such as mishandling, deleting, altering or extracting data.
Consistently testing a system to identify potential vulnerabilities should be seen as standard as manufacturers work to deliver more secure solutions for integrators and end users. The best way to engage in this is to incorporate vulnerability testing from Day 1, in the design and development of a networked access control product.
This thought process includes analysis of the type of cyber attacks that can potentially breach and disable a system. The testing can be done internally by trying to “hack” your own product or hiring a third party to do so.
Essentially, this form of testing puts the product through its paces, and once weaknesses are exposed, they can be patched up and the cycle of attack and defense can take place again until eventually, a water-tight ship is in place and ready for market.
Vulnerability testing is standard practice for a number of high-tech manufacturers, and it’s on the rise for those who create networked access control products, as well. Testing is the critical discipline that helps identify where corrective measures need to be taken to rectify gaps in security.
The more extensive an organization’s security testing approaches are, the better are its chances of succeeding in an increasingly volatile technology landscape. Unfortunately, vulnerability testing isn’t something that can just be tried and tested for in the development phase and then forgotten about. Cyber attacks must also be prepared for long after the product is released to market.
Integrators have a vested interest in ensuring the products they sell and install are as secure as possible, especially when you consider how much people depend on online channels in today’s interconnected world. Because of this, any security breach could lead to a devastating loss in customer confidence and therefore revenue.
Encryption and Cybersecurity
More and more integrators are expanding their product offerings to include more Cloud-based services, such as video surveillance-as-a-service (VSaaS) and access control-as-a-service (ACaaS), which have the advantages of removing costly hardware investments for customers and shifting the expense to monthly service-based fees that are recurring and bring in more consistent revenue for integrators.
Cloud encryption delivers additional levels of defense, providing a useful antidote to the worries that organizations are ceding control of their data and depending on Cloud service providers to preserve it for them.
Added encryption protocol put in place by manufacturers in the design of a system ensures everything is safeguarded, all communications are monitored, and multiple types of attack are considered for defensive purposes to provide the best security possible.
Building encryption into products creates a multilayered approach to cybersecurity that integrators can tout to customers as they seek to deliver safer solutions. Networked access control also adds the ability for integrators and their manufacturer counterparts to automatically update systems with the latest firmware and security patches that help protect data and boost the cybersecurity of devices on the network.
Leading the Charge
To be truly cyber secure, both manufacturers and integrators have the responsibility to act every week. It is not something where we can say, “We’re safe, we’re secure, let’s forget about it.”
Every time a manufacturer releases a product or an update, it must centralize a mindset on cybersecurity. Integrators must also constantly educate end users on proper protocols and recommend products that are in line with the expectation of secure data management, a layered approach to security and ultimately, a renewed focus on the cybersecurity of networked devices.
Eric Widlitz is Vice President, North American Sales, for Vanderbilt Industries.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!