The Risk of Breach in Cloud Managed Security

 

Everywhere you look -- online, in magazines, on TV – you will hear stories of companies and governments scrambling to protect themselves from today’s continuously evolving threats, which can now include both physical and cyber attacks. It wasn’t long ago when security was comprised simply of locks and keys and the occasional fence or guard dog as a deterrent. Those days are gone forever.

Security professionals across the world face an unending wave of cyber attacks – people looking to exploit any and every loophole or gap in protection. It is no longer safe to assume that internal personnel are exempt from suspicion, and diligence is the key to prevention.

Some  of these attacks take a high-tech approach while others go to the source,  which means that the number of potential threats is infinite and methods of attack always changing. As we enter a brave new world that increasingly relies upon technology and the cloud, it is clear that a fully integrated plan involving both physical and IT security is critical, but, alarmingly, is often given minimal attention and puts everyone involved at more risk.



Into The Cloud

Cloud computing while still in a growth stage, is growing exponentially and is quickly becoming the most  significant tool for almost every industry. In short, cloud computing lets you use files and applications over the Internet – not exactly a new concept. But use of the cloud has increased tremendously over the past few years as service providers looked for a way to increase capacity or add capabilities on the fly for clients without having to invest in new infrastructure. The security industry, often one to experiment with new trends first, jumped right in. Now, handheld devices and cloud-based applications have become the new standard for managing and viewing all aspects of physical security including video monitoring and access control. 


With this move to online access of applications, physical security professionals must incorporate concerns about cyber security into their repertoire. It is critical for security professionals to understand how physical and cyber security teams must work together to protect all assets, including data management and physical devices. 



While current trends and usage of both public and private cloud environments bring seemingly unlimited mobile access to security systems, we must fully understand both the risks and benefits of cloud computing for physical security, and develop a cohesive plan before implementing it across the enterprise.

Convergence -- a holistic approach to security -- is a hot topic. It is no secret that when we augment security personnel with automation, overall coverage can be vastly improved, costs reduced and the ability to prevent crime before occurring substantially increased.

While the ultimate goal of any security system is to lower response times and increase overall situational awareness, security personnel and emergency responders must be both capable and knowledgeable in how technology is used to augment those real-time events. That’s why both the IT organization and the security team must develop an easy to implement, organized plan that incorporates all aspects of security. The benefits of such a plan can reduce criminal activity, service disruptions and other risk factors that could impede business continuity.

How Modern Security Is Evolving

The days of using only padlocks and fences for security are definitely long gone. Now, it takes critical thinking to guard against not only the usual types of threats, but also the unimaginable -- as impossible as that may seem. Through the integration of advanced security technology, such as IP video surveillance and electronic track and trace, with professionally trained guard services, security directors now can implement comprehensive asset protection plans that go far beyond the traditional. This combination improves security practices, reduces overall costs and enhances efficiency to track, monitor, and protect personnel, corporate information, and assets.



A security system needs to be approached holistically to help ensure the prevention of breaches and reduction of threats. In today’s environment, it seems we are more focused on resolving threats and crimes after they occur, which almost defeats the true purpose of having security. Too often security systems are installed using the least expensive option, with no thought truly given to training personnel on its usage or giving them an easy way to share data and knowledge.

For instance, one typically under-utilized opportunity for integration is surveillance systems. While video is ubiquitous today, there are still many systems that utilize antiquated analog equipment when digital and IP technology
is readily available and can be less expensive in the overall cost of ownership. Moving to digital IP video systems enables roaming guards to receive real-time alerts through the use of handheld devices, which allows for rapid response to potential threats.

Video analytics have traditionally been rules-based systems, meaning software that allows you to write a rule using Boolean logic to anticipate suspicious
behavior. The problem in that scenario is rules must be written for every camera since they will all have different views and encounter different potential threats. In addition, the operator needs to anticipate every potential threat, which is not really feasible. This setup makes rules based analytics software difficult to manage, requires enormous upkeep and still may not “catch the bad guy.”

On the other hand, next-generation behavioral analytics packages operate by “learning” behavior through observation, completely eliminating the need to write rules. Within a few hours, the software can identify ongoing “normal” behavior and only send alerts or alarms on “out of the ordinary” behavior, which can be sent to a guard’s handheld unit to facilitate rapid response and stop potential breaches. This kind of system essentially allows the user to “set it and forget it,” making it one of the easiest, most effective systems to install and use.

The advent of IP video enables the monitoring of locations remotely via online IP networks.  The beauty of this monitoring option is that it keeps a watchful eye and enables rapid, on-site response while continuing to monitor the situation.

Implementing security solutions that are both cost effective and friendly to the environment is now paramount to safeguarding our nation’s future, a future that depends on us developing a long-term strategy that anticipates threats and adapts to trends in both physical and IT security.

The Future of Physical and IT Security

In a peek at the future of convergence security, Louisiana’s Port Fourchon, which services over 90% of the Gulf of Mexico's deepwater oil production, recently partnered with Crescent Guardian security and BRS Labs to integrate next generation behavioral analytics software to accompany its new advanced video surveillance system. This award-winning, state-of-the-art system began to operate immediately -- generating alerts, alarms and learning behavior from the moment it was turned on.

This kind of software instantly recognizes anything out of the ordinary and automatically sends alerts to officials, without needing to be programmed to do so. This breakthrough ensures that first responders in Port Fourchon are receiving “as they happen” alerts, ultimately improving response times and increasing situational awareness.

The US Department of Defense supported Port Fourchon's efforts by sharing the DoD-developed capabilities of the Knowledge Display and Aggregation System (KDAS) to serve as the basis for the Port's incident command and control system. The use of KDAS provides Port Fourchon with the unique ability to network its system with the DoD in the event of an incident requiring information sharing.

The Greater Lafourche Port Commission’s new system, developed through a collaboration of several companies, is comprised of Disparate Data Sets, Incident Management, What If? Analysis, CCTV integration, Video Analytics, and Alerting integration. Soon, the Harbor Intrusion Detection System (Waterside Radar) will be integrated as well.

What's Next?

As criminals become more tech-savvy, it is up to security professionals to stay several steps ahead. While completely eliminating all threats is impossible, a comprehensive, integrated security plan that converges both physical and IT security can put companies in a position of power instead of fear, action instead of reaction.

Securing both public and private cloud environments, along with understanding both the risks and benefits of cloud computing for physical security, presents a sizable challenge for security professions -- but nothing the continuously evolving security industry can’t handle. In short, physical and cyber security teams simply must work together now to better anticipate, thwart and reduce threats, not just after an incident occurs.

When considering your overall security system, it is important to ensure it is fully integrated and working as one cohesive unit. If your system grew by adding components piecemeal or you don’t know for sure if your various security personnel are talking, you should consider having a professional, full service security firm perform an assessment.

The greatest challenge for security in the 21st century won’t be figuring out how to stop outside threats -- been there, done that -- but instead making sure the many components of a security system are all working as one. In reality, the greatest threat often comes from within.


ASIS Session - September 25th

Want to learn more about the convergence of physical and IT security? Join our vice president, Ray Cavanagh, who will be hosting an information session at ASIS Chicago on September 25, 2013 to discuss Physical Security in The Cloud. For more information on the ASIS session or for other security solutions:

Email - rcavanagh@cgiprotects.com

Call - 504.483.7811