Cloud services can deliver scalable capabilities quickly without the need to purchase, install, or configure any new on-site physical assets
Cloud connectivity can provide a linkage between the mobile users
and the facilities and systems they want to interact with

From enterprise applications to small businesses, schools, health care facilities and beyond, investments in physical security systems provide valuable resources to help protect people, property and assets – and ultimately the financial security and well-being of the organization. As need and demand for better security has dramatically increased over the years, today’s technology is more software and computer driven, enabling systems to be networked internally or managed externally through cloud computing platforms.

Increased Connectivity

 In today’s mobile, connected world, end users expect the ability to view and manage their systems from anywhere at any time, making hosted access control an attractive and economical proposition. Cloud connectivity can provide a linkage between the mobile users and the facilities and systems they want to interact with, whether those systems are in one place or distributed over several locations. And, cloud services can deliver scalable capabilities quickly – often on demand – without the need to purchase, install, or configure any new on-site physical assets, such as servers or work stations.

However, these benefits are not without their drawbacks and potential risks, most notably cybersecurity and the availability of the system and its data. Any system outage, whether the result of a network breach, server failure or other factor, compromises security and could leave an organization vulnerable. The resulting risks could be catastrophic, making it vital that organizations ensure that their access control, video surveillance and other security systems are always up and running. Management concerns over the cybersecurity risks of cloud-based solutions grow with each high-profile data breach that is reported, and with good reason.

Incorporating the cloud services into your operation will continue to take time and resources that will need to be included in your plans
Risks could be catastrophic, making it vital that organizations
ensure that their security systems are always up and running

Maintaining Critical Functions

As companies move forward with IT and physical security planning, here are some factors to consider and incorporate appropriately into the process.

Step 1: Consider the benefits and risks of cloud-based services objectively

Be honest about how your company functions today, how you want it to function in the future, and how cloud-based services might help get you from here to there. But don’t think that cloud services will solve problems magically – when it comes down to it, cloud services are really just renting hardware and software in somebody else’s facility. There are definitely benefits to renting versus owning, but there are also significant risks. And, incorporating the cloud services into your operation, and/or maintaining them, will continue to take time and resources that will need to be included in your plans.

Step 2: Determine which functions must continue, even in the event of cloud system failure.

This should be an extension of your current business strategy, which already evaluated your essential functions, personnel, etc. Remember that the risks are compounded if the cloud is used to store or process important business data – in the event of a failure, that data may not be accessible or under your control. Be very clear about the procedures and steps you will take if your cloud services go down so you can keep your operations up and running.

Step 3: Implement backup processes to ensure critical business continuity.

Once the intended benefits of cloud services are evaluated in the light of foreseeable risks and critical functions are clearly identified, it is time to put the changes into effect, along with backup and contingency plans that will be triggered in the event of service disruptions. For access control, it is essential to quickly be able to re-load your list of authorized users and permissions so that normal operations can resume as soon as possible after an outage or failure.

Both hardware and software technical advancements continue to provide new options for security management across every vertical market application
Data backup and contingency plans are crucial in the event of service disruptions

Security Applications Of Cloud-Based Services

Most firms are realising that physical security systems, including access control and video surveillance, are critical facility functions that need to be maintained 24/7 under any circumstances. Even so, both of these security applications are current offerings from cloud-based service providers that companies can consider to supplement or outsource their internal functions.

Choosing An Approach

As an example, let’s see how the suggestions in the steps above might affect a firm’s planning for access control. Before we start, we should note that different organizations will have varying risk tolerances which will contribute to what type of access control solution they choose, on premise or cloud. There is no single “right” or “wrong” answer for the general question of how to choose the right approach or services; the right answer depends on the specifics of the situation for each firm.

1. Considering Cloud Service Benefits

We would consider the potential benefits of a cloud service for access control, sometimes called ACaaS, for Access Control as a Service. Offerings vary, but might include the provision of a server and software to process access requests, which would interact with the local access controllers via IP connectivity. Thus, it would generally be required for the controllers to support not only IP communications, but also encryption and digital certifications. Older controllers would have to be upgraded if they could not support these functions. Managed access control is a service where the firm pays a third party to administer the access control platform, including such tasks as adding and deleting access rights, printing badges and other credentials, monitoring for doors that are propped open or forced open.

On the upside, up-front capital costs could be reduced by limiting the amount of purchased hardware, and the ongoing management and maintenance of that hardware is done by the supplier. Depending on the supplier, the ongoing service costs might be based on the number of controlled doors, the number of users or credentials, the number of transactions, or some combination thereof.

On the downside, the list of credentialed users will now reside at the supplier’s location, where it could be subject to tampering, loss and/or theft. And, if the host server must be contacted in order to process a transaction (that is, open a door), then the operation of the system now depends on active and successful communication with the supplier’s off-site server at all times. A complete tradeoff can now be evaluated that compares the cost of owning hardware and software, along with necessary maintenance, and expected usage patterns, to the proposed cost from the cloud supplier and various related contract terms.

 2. Potential Risks

It goes without saying that in the event of a cloud-based or premises based access control failure, people within your facility will still need to be able to exit without the risk of being trapped inside. The question is, how important will it be for people to be granted or denied access based upon the configuration in the database prior to the failure? And, how urgent is adding/deleting authorized users, permissions and the other functions that require access to the host access control software? How much impact would there be on the company if the list of authorized users was altered or stolen by hackers?

3. Contingency Plan

An implementation and backup plan is developed and put into action. For the purpose of this example, let’s assume that ACaaS was approved and put into place. One part of the plan might be to capture complete back-ups of the user database periodically and to store them both on-site and off-site. Another part of the solution might be to select access controllers that have the ability to be battery backed up and hold a copy of the user database and device configuration locally so they can continue to function even in the event of a communication breakdown with the cloud supplier’s server or power outage. By taking this approach, the affected facility would be able to continue operating normally in the event of a communication breakdown or power outage, and update authorized changes after network communications were restored.

Implementing The Best Cloud-Based Plan

Both hardware and software technical advancements continue to provide new options for security management across every vertical market application. When changes are being considered that affect organizational physical and IT security, it is important to evaluate the options carefully.

Choosing an equipment supplier that has designed their products for maximum uptime is critical. This criteria will enable more effective and cost-efficient contingency planning, so you can implement the best plans possible for all your operations.

Want to learn more? Read SourceSecurity.com's Cybersecurity White Paper here

Download PDF version

Author profile

Karen Evans President & Chief Executive Officer, Sielox LLC

In case you missed it

What Are The Security Challenges Of The Hospitality Market?
What Are The Security Challenges Of The Hospitality Market?

Hospitality businesses work to provide a safe and pleasant customer experience for their guests. Hotels offer a “home away from home” for millions of guests every day around the world. These are businesses of many sizes and types, providing services ranging from luxury accommodations to simple lodging for business travelers to family vacation experiences. Hospitality businesses also include restaurants, bars, movie theaters and other venues. Security needs are varied and require technologies that span a wide spectrum. We asked this week’s Expert Panel Roundtable: What are the security challenges of the hospitality market?

How SecuriThings Boosts Cybersecurity Across Multiple IoT Devices
How SecuriThings Boosts Cybersecurity Across Multiple IoT Devices

As Internet of Things (IoT) devices go, networked video cameras are particularly significant. Connected to the internet and using on-board processing, cameras are subject to infection by malware and can be targeted by Distributed Denial of Service (DDoS) attacks. Hacking of cameras also threatens privacy by allowing unauthorized access to video footage. The performance of hacked cameras can be degraded, and they may become unable to communicate properly when needed. Ensuring cybersecurity is a challenge, and the fragmented structure of the video surveillance market contributes to that challenge. A variety of companies are involved in manufacturing, integrating, installing and operating video systems, and cybersecurity threats can enter the picture at any stage. “It’s not always clear who is responsible,” says Yotam Gutman, vice president of marketing for SecuriThings, a cybersecurity company. “However, the only entities who can ensure cybersecurity are the security integrator and the service provider. They will bear the financial pain and are willing to pay for cybersecurity. An extra $1 or $2 per camera per month is not expensive.” SecuriThings’ “lightweight software agent” runs in the background of video cameras, sending information to an analytics system in the cloud IoT Device Security Management At the recent IFSEC trade show in London, SecuriThings unveiled its IoT Device Security Management (IDSM) approach to enable integrators to ensure cybersecurity. Founded in 2015, the company has around 20 employees in Tel Aviv, Israel, and operates a sales office in New York City. SecuriThings’ “lightweight software agent” runs in the background of video cameras, collecting metadata on camera processes and connections and sending information back to an analytics system in the cloud. Drag-and-drop deployment enables a camera to begin generating data within seconds and requiring only two mouse clicks. The cloud system analyzes data, pinpoints abnormalities, identifies new users, detects multiple entry attempts and tracks other camera processes to identify any cyberattacks. It monitors all devices, gateways, users and APIs to detect threats in real-time and mitigate the threats based on a pre-determined security policy. Machine learning tools also analyze more subtle activities that can indicate insider abuse. For example, a user support center can identify if cameras are being accessed improperly by employees, thus preventing insider abuse. Certified Vendor Agnostic Software SecuriThings is working with camera manufacturers and video management system (VMS) manufacturers to certify operation of its software agents with various camera models and systems. Working through integrators, such as Johnson Controls, is the fastest route to market, SecuriThings has determined. The system can be added after the fact to existing installations for immediate monitoring and remediation, or it can easily be incorporated into new systems as they are launched. “We have a strong sales team in the United States focusing on bringing the technology to more local and national integrators,” says Gutman. Certification ensures SecuriThings’ software agent can be installed in most modern camera models without negatively impacting operation; the software is vendor agnostic. Another eventual route to market is to work with camera manufacturers to install the SecuriThings software agent in cameras at the factory. In this scenario, the system can easily be “clicked on” when cameras are installed. The SecuriThings cloud system generates a dashboard that tracks system activities to identify any cybersecurity threats IoT Security Operations Center SecuriThings operation is transparent to the VMS, and the company works with VMS manufacturers to ensure the code operates seamlessly with their systems. Cloud analytics generate a dashboard that tracks system activities, and/or a managed service monitors the system and notifies customers if there is a problem. “We monitor it from our IoT Security Operations Center, a fully managed service that ensures the real-time detection and mitigation of IoT cyber-threats,” says Gutman. “We found that end-customers don’t have the manpower to monitor the system, so our experts can guide them.”Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable" A benefit for camera manufacturers is the ability of a system like SecuriThings to “level the playing field” on issues of cybersecurity, says Gutman. The approach provides a higher level of cybersecurity confidence for integrators and users, including those using cameras that have previously had cybersecurity problems such as “back door” access. SecuriThings has certified its software for use with Hikvision cameras and is in the process of certifying with Dahua, says Gutman. “Western manufacturers say their products are more secure, but we can help all camera manufacturers prove that they are just as secure,” says Gutman. “Integrators and users can log into a device and see all the activity.” Securing Connected Devices From Cyber Threats Beyond video, SecuriThings’ products target the full range of connected devices in the Internet of Things (IoT). The SecuriThings security solution enables real-time visibility and control of IoT devices deployed in massive numbers in smart cities, physical security, building automation, home entertainment and more. Video surveillance is an early focus because of market need, an opportunity to gain traction, and the critical nature of security applications. But the challenges are much broader than video surveillance. “We are seeing similar risks to other devices,” says Gutman. “Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable. If you can disable the access control system, you can cause a lot of problems.” Other connected devices that could be at risk include building automation and heating and cooling (HVAC) systems.

Development Of Integrated Thermal Imaging Technology Into Evolving Market Verticals
Development Of Integrated Thermal Imaging Technology Into Evolving Market Verticals

Global and domestic threats have highlighted the need for tighter security across all verticals. One of the technologies that has redefined situational awareness and intrusion detection is thermal imaging. Once a technology exclusively manufactured for the military operations, thermal cameras today are deployed across hundreds of security applications and continue to see strong demand in existing and emerging commercial markets. With thermal technology, security personnel can see in complete darkness as well as in light fog, smoke and rain Technology Overview And Early Adoption What distinguishes thermal cameras from optical sensors is their ability to produce images based on infrared energy, or heat, rather than light. By measuring the heat signatures of all objects and capturing minute differences between them, thermal cameras produce clear, sharp video despite unfavorable environmental conditions. With thermal technology, security personnel can see in complete darkness as well as in light fog, smoke and rain. Originally a military developed, commercially qualified technology, the first thermal cameras for military and aircraft use appeared in the 1950s. By the 1960s, the technology had been declassified and the first thermal camera for commercial use was introduced. However, it wasn’t until the late 1990s - when FLIR Systems introduced a camera with an uncooled thermal detector - when the technology began to see substantial adoption beyond government defense deployments. Installations At Critical Infrastructure Sites In the 2000s, industrial companies were some of the first adopters of thermal, using the technology for predictive maintenance to monitor overheating and machine malfunctions. In the years following the September 11 terrorist attacks in 2001, there was an increase in thermal camera installations across critical infrastructure sites. Stricter security requirements drove the deployment of thermal cameras for perimeter protection, especially in the nuclear power sector. Thermal cameras produce clear video in daylight, low light or no light scenarios and their sharp images result in higher performing analytics In 2010, the U.S. Nuclear Regulatory Committee released its 73.55 policy, which states nuclear facilities must “provide continuous surveillance, observation and monitoring” as a means to enhance threat detection and deterrence efforts onsite. Because thermal cameras produce clear video in daylight, low light or no light scenarios and because their sharp images result in higher performing analytics, thermal cameras quickly became the preferred option for nuclear facilities. Likewise, following the 2013 sniper attack on PG&E Corporation’s Metcalf transmission substation, the Federal Energy Regulation Commission introduced the Critical Infrastructure Protection Standard 014 (CIP-014). The policy requires utilities to identify threats to mission critical assets and implement a security system to mitigate those risks. This statute also led to more thermal installations in the utility sector as thermal cameras’ long-range capabilities are ideal for detection of approaching targets beyond the fence line. The demand from both industrial and critical infrastructure entities, as well as other factors, helped drive volume production and price reduction for thermal, making the technology more accessible to the commercial security marketplace. Commercial Applications In recent years, the increasing affordability of thermal cameras along with the introduction of new thermal offerings has opened the door to new commercial applications for the technology. In the past, thermal cameras were designed for applications with enormous perimeters, where the camera needed to detect a human from 700 meters away. Locations like car dealerships, marinas and construction supply facilities can be protected by precise target detection, thermal analytic cameras providing an early warning to security personnel Today, there are thermal cameras specifically designed for short- to mid-range applications. Developed for small to medium enterprises, these thermal cameras ensure property size and security funds are no longer barriers to adoption. Lumber yards, recreation fields and sports arenas are some of the commercial applications now able to implement thermal cameras for 24-hour monitoring and intrusion detection. Affordable thermal cameras with onboard analytics have become attractive options for commercial businesses Innovation And Advancements Innovation and advancements in the core technology have also spurred growth in thermal camera deployment, providing faster image processing, higher resolution, greater video analytic capabilities and better camera performance. In particular, affordable thermal cameras with onboard analytics have become attractive options for commercial businesses that need outdoor, wide area protection. Car dealerships, marinas and construction supply locations all store valuable merchandise and materials outside. Without protection, these assets are vulnerable to vandalism and theft. However, by providing precise target detection, thermal analytic cameras provide an early warning to security personnel so that they can intervene before a crime is committed. By helping to deter just one incident, the thermal solution delivers a clear ROI. New Market Opportunities Not only are there more thermal cameras in use today than ever before, but there are also more thermal sensors being integrated with other multi-sensor systems, driving the adoption of thermal in new markets. For large perimeter surveillance applications, thermal is repeatedly being integrated with radar and drones to expand situational awareness beyond the point of fixed cameras. Users get immediate, accurate alerts of approaching targets and evidentiary class video for target assessment In the commercial market, thermal imagers are combined with optical sensors, analytics and LED illuminators into one solution that integrates with central monitoring station platforms. By bringing these technologies together, users get immediate, accurate alerts of approaching targets and evidentiary class video for target assessment. The result is a lower number of false positives, reducing the total cost of ownership for the solution. These multi-sensor solutions also feature two-way audio capabilities, which enable remote security officers to act as “virtual guards” and speak to intruders in real-time to dissuade them from illegal activity. The introduction of solutions that integrate all these state-of-the-art technologies under one unit reduces the amount of capital and infrastructure needed for deployment. Consequently, more small businesses and alarm monitoring companies can implement advanced perimeter security technologies like thermal sensors, some for the very first time. Thermal cameras have gone from military defense devices to widespread commercial security cameras Multi-Sensor Thermal Solutions Multi-sensor solutions featuring thermal are quickly gaining traction and opening the door to new business opportunities for the security channel. One of the primary reasons for the strong market interest in these systems is they enable integrators to increase their recurring monthly revenue (RMR). With intense price competition and eroding margins on CCTV equipment, integrators have to rely on RMR to grow their businesses. Offering remote video monitoring services and virtual guarding technologies is one of the best ways to do so.  Additionally, there is a clear demand for it. Central stations are continually looking for new technologies to offer their customers and businesses are interested in economical alternatives to physical guards. In conclusion, thermal cameras have gone from military defense devices to widespread commercial security cameras that are a substantial segment of the outdoor security protection market. From nuclear power plants to construction locations, thermal technology is being implemented to secure sites around the globe.