Security Moves Further into the Cloud

It is certainly no secret that cybersecurity is ever increasingly a focal point for security professionals. It is now no longer on the periphery and is of serious concern in the video surveillance market. Because of this blurring of the lines between hardware and the digital realm (cloud), a competent security integrator needs to have a team that understands the interplay between the two and can make the best design decisions possible.

Hackers have known for quite some time that video surveillance cameras are some of the easiest to breach pieces of internet connected tech out there. Indeed, there are entire websites devoted to indexing the IPs of unsecured cameras and access control systems around the world. People are going online, without any technical skill, and doing things like turning the lights on and off in stadiums and spying on people though the camera they have placed in their living room.

But many security integrators and dealers lag behind in this area. Although manufactures can be relied on to a point, having at least one member of the team with the know-how to encrypt drives and understand authentication applications is a must. For example, two-factor authentication, now coming standard on some servers, uses “two PIN codes added to [a] Windows Server login — one as a primary password, the other a randomized PIN generated by [a] paired smartphone app, giving integrators an added layer of security”. ( www.sdmmag.com )

Being able to link a system to a two-step authentication through a specific cell number is a pretty strong defense against hackers, who traditionally access these systems through manufacturer back doors, “zero-day” exploits, or simply by using “packet sniffing” programs to watch your traffic and pull the IP and MAC address on your devices.

Over the last decade, cloud computing and storage has rapidly changed the way businesses of all kinds operate. Modern enterprises that wish to stay competitive turn increasingly to a hybrid IT environment which allows them to leverage advantages of cloud based solutions alongside having whatever physical hardware that they maintain on-site. Cloud infrastructure is highly scalable, but on-site systems may be more directly controllable or may feature proprietary/in-house software. The promise of reducing operating costs and gaining a competitive advantage is attractive to any company, but in order to pull it off, specific security challenges must be overcome or accounted for.

Hybridizing an already complicated IT environment can have the effect of rapidly increasingly the complexity of systems. Depending upon which services are owned and managed by that business and which are provided via “Cloud Service Providers” or CSP, the enterprise must regulate and integrate multiple applications and systems, a process which may require multiple different skill sets. This all creates a lot of moving pieces which can make it difficult to maintain visibility for all the existing data.

Data breaches at the highest levels make headlines on the daily and have done so for the last several years. Major compromises include Sony with a possible hack coming from North Korea, Verizon, where as many as 14 million customers records were exposed due to server mismanagement, as well as Equifax and many others losing critical information such as customer’s bank information and social security numbers.

Securing all this data is a complicated task, but probably the most common mistake requires no special skills to address. Overlooking the basic integrated security controls is surprisingly common and a simple misconfiguration at this level can compromise an entire operation and leave its data completely exposed and liable to experience theft and/or unwanted modification or hacking. As we all know, something as small as this can expose customers, employees, and the critically important private data of companies to calamitous outcomes. Following are some key considerations in avoiding cloud misconfigurations and steps to keep safe a typical hybridized IT environment.

Studies (Redlock) have shown over half, in this case 53% of companies using cloud storage will admit to accidentally exposing customer data due to mismanagement or deliberately circumventing certain built in security features. Hackers know this, and as more and more organizations make the move to the cloud, attackers will increasingly pursue this “low hanging fruit” of security risks. Security misconfigurations are among the most common ways attackers gain control and leverage withing a network. Because those creating services such as Amazon S3 cloud storage seek to make their interfaces as flexible as possible, this sometimes has the inadvertent effect of exposing cloud environments and contained data (aka “buckets”). These buckets can be accessed simply through a URL so long as the user has the appropriate permissions.

Misconfigurations can occur at any level of your applications stack- “the platform, web server, database, framework” (Security Today Magazine) or in the custom code itself. Also common is for attackers to target and take advantage of any poorly configured devices that may be connected to the network. Use of default passwords and/or otherwise not configuring devices accessing the Wi-Fi can lead to an attacker exploiting a system which will allow them to immediately begin making changes and exfiltrating data.

The reality is that most of these problems come down to human error and ignorance. A common misconception is that the providers of these cloud solutions provide security themselves. This is simply not true. It is always up to you to check what security they do provide and to account for that when you implement your own security. Very rarely or never will the defaults of the cloud service be sufficient. And so regardless of however network environments evolve, the “foundational tenets” will remain. “Maintain visibility of your attack surface and continue to monitor it” at all levels. (Security Today Magazine) Apply security protocols to the cloud environment in the same manner you would do for your traditional environment. And of course, make sure to secure all the loose ends and back-doors, ensuring proper configuration throughout your network.

The prevailing opinion online seems to be that those dealers/integrators who do not keep up with this virtual counterpart to the physical systems they install will risk putting in systems that could be compromised and even lost to hackers. As the IoT expands and proliferates there will be many more individual possible weak points to conduct a security breach against in a network. STST makes use of a wide array of IoT-like devices already, as do many other companies and industries. Mobile connections can be used as backups for hard-wired connections in security solutions but are more critical when a system needs to include 24/7 personal video and control access to a user or users wherever they are. The security industry in general is likely to become increasingly centered around the usefulness and convenience of mobile communication tech, as many of us certainly seem to be already with our personal and social lives.

Security Technology of South Texas is happy to offer custom access control and surveillance solutions with video analytics to the greater South Texas area, designed either turn-key and from the ground up, or integrated into an already existing series of cameras.

Please contact us through email at admin@gostst.com on our website or via phone at

210-446-4863 24/7 to schedule a consultation.

Access Management: Layer 1

Security industry professionals seem to hold differing opinions on whether video surveillance or access control is the predominant platform when implementing an integrated security solution. The truth is that access control systems are more prevalent in terms of the sheer number of systems deployed, the size and scale of deployments and actual daily engagement by users. The reason being that when a potentially threatening event unfolds, an access control system can instantly shut down a facility, or specific areas within it, potentially saving lives.

There is no doubt that access control technology is progressing and evolving at the fastest pace ever in the security industry.  And the need for enhanced security due to new sources of threats, increased liability and even mandated compliance has made more funds available to public and private entities to enhance security. As a result, more and more money has been allocated in recent years to help keep unwanted people from entering facilities.

 

Access Control: The Foundation of Security

Access control solutions provide the basis for layered security solutions that do far more than simply allow electronic access using credentials.  They provide complete record of who has entered a facility, which areas within the facility they accessed (or attempted to access) and how long they stayed. In most systems, electronic door locks are connected to a centralized access control system allowing them to be remotely monitored and locked in the event of an emergency or incident. Assigning different access permissions for employees, visitors and first responders provides even greater levels of protection and tracking. Entry control points can be easily established to only allow authorized individuals initial access to a facility or specific areas within the facility.

Access control solutions allow authorized individuals to manage doors and alarm points, and can easily be integrated with visitor management solutions to check the background of each visitor, automatically post watch lists and provide specific access privileges based on time, date and location.

Even more, new input/output (I/O) boards for access control systems can expand functionality and provide real-time operations for speed, performance and reliability.  Using the same footprint, I/O expansion boards will work with alarm monitoring, alarm annunciation, building management, interfacing to burglar and fire panels and numerous other applications to ensure security. Additional safeguards to control entry points may include the integration of turnstiles or security entrances, mantraps, video surveillance with analytics, wireless locks, intercoms and intrusion detection devices, among others.

 

Integrating Emergency Notification and Communications with Access Control

When an emergency situation arises due to a tripped alarm, a watch list match or severe weather alert, system-wide communication is essential in facilities with large numbers of occupants. Additional information such as room condition and the status of its occupants helps quickly evaluate a situation and determine the most appropriate response to initiate including the need to lockdown all entry points, seek shelter-in-place or evacuate. The real-time situational awareness provided through an integrated emergency notification and communications solution is proven to provide better levels of protection and improve overall physical security.

For example, a layered security system comprised of integrated access control and emergency notification and communication solutions allows occupants to report on immediate conditions to identify the threat level in their specific locations, and trigger a physical lockdown in the affected areas or throughout the facility.  Security management can then issue an alert to notify responders of conditions in real time while communicating status based on the level of the alert.

Conversely, occupants within the facility can report status at their specific location enabling security management and first responders to gain an accurate assessment of the threat. Employing a chat feature also enables two-way communications between facility occupants and security management and first responders to exchange detailed information. This enables potentially lifesaving instructions to be sent to specific locations within the facility to evacuate or seek shelter in place depending on the immediate status and proximity of the potential threat.

In emergency situations, integrated access control and emergency notification and communication solutions deliver the ability to quickly secure a facility and implement the appropriate responses – with or without the added data provided from video surveillance. That said, the best approach to implementing a layered security solution should always start with access control at the foundation.

Call at 210-446-6306  or send an email through our website at

Access Control: Prevention Over Reaction

In any enterprise setting, access control is a necessary measure to allow different levels of privilege based on identity. Both in the physical and digital spaces, access control measures must be set in place, ranging from simple passwords and 2-step authentication measures, to biometric and RFID triggered entryways. This area of security is often overlooked and under-budgeted for in place of surveillance and alarm equipment, even though access control is more effective in preventing losses as it addresses the issue before it happens instead of trying to catch actors after the fact. There is certainly no question that it makes more sense to stop an issue before it starts, and properly implemented access control measures are the first step in this direction when planning and installing an all inclusive security system.

Auto dealerships and construction areas tend to be very attractive to criminals. With the merchandise kept outside and typically valued well into the hundreds of thousands of dollars, theft and vandalism are some major, though not the only problems that auto dealers site managers have which can be addressed in the best way through a high quality video surveillance and access management security system. In the case of construction or building renovation, both tools and hardware can attract theft, as surveillance is less expected in incomplete buildings and structures. Still, those in control of these sites often fail to properly secure them, under the impression that construction zones are less attractive to thieves than completed buildings.

In addition to the previously mentioned access control technologies such as biometrics and RFID locking systems, having an always on feed or system of video feeds allows the entire facility to be checked up on through virtually any device. Systems can be designed which let any intruders know they are being observed and which advise them to leave before the police are called. This is known as a “talk-down” response, and in many cases can prevent a theft in the act and mitigate any further damage or losses. Some customers have also found it useful to be able to check up on live developments remotely during times at which they could not have a physical presence.

By installing or adapting such a system to your business, 24/7 reassurance can be had. What are known as “remote security guards” are able to not only record the goings on of the dealership or other areas of interest, but also to participate directly in the protection of your property, and give direct line of sight to what is happening at any given time. Facial and body language recognition software can watch for the presence or absence of everything from people and faces to the cars or items of concern themselves. This allows a quicker response to potential threats than has been available conventionally.

When working in concert with access control systems, IP enabled cameras are capable of not just loss prevention and denial of access to non-personnel, but creating a holistic approach to management of an entire property from a distance. Using a system of RFID key or card fobs, it is possible to know who accessed your building and when, creating a deeper system of accountability among your employees, insuring jobs are completed and schedules maintained, and preventing internal theft.

STST is proud to offer systems like this as well as the design professionalism necessary to integrate it into existing security platforms and new projects alike. Products such as Avigilon Blue are leading the way for quick and comprehensive deployment of modern access control and video surveillance on top of existing infrastructure.

Call at 210-446-6306  or send an email through our website at

Avigilon Blue and the Case for Upgrading Existing Systems

Many organizations keep regular schedules of refresh for  their security technologies where they replace old equipment on a set schedule, often somewhere in the 3 to 5 year range. Some choose to keep their tech through its full  usable life. In these cases, this life cycle may extend beyond warranty for the involved hardware products and past the support timeline for related software. Maintaining a balance for hardware and software upgrades is critical for keeping security threats in check and ensuring utility of security solutions. One of the most robust, nearly plug-and-play options for bringing existing infrastructure into the modern day is Avigilon’s Blue cloud-based analytics platform, which offers incredible value relative to its cost.

Avigilon Blue centers around a small piece of hardware that integrates with existing cameras while also enabling the customer to add new services and expand the platform in the future. The device is powered by Microsoft Azure to leverage cloud services deployed through a global network of trusted datacenters. The on-premise Avigilon Blue Connect device can be deployed within a day to store all video locally while also sending the data to the cloud for analytics processing. The solution offers access to Avigilon’s Subscription Center for real-time account and subscriber information and features an effortless dashboard for quick identification of trends and system behaviors. This allows isolation of issues without the need to dispatch personnel to affected sites.

Alarm notifications are analytics-based and the platform supports both Avigilon and ONVIF compliant cameras to generate real-time alarms pushed to desktops and mobile devices. The central appeal of Blue is how quickly it allows you to scale up security operations across multiple sites, in addition to the ease with which it allows takeover of existing cameras all with fewer resources and at a lower cost than the competition. Camera and system settings are adjusted remotely, with upgrades and system health checks all performed without deploying a technician.

Blue offers up to 12 TB of on-site storage which allows it to record around 30 days of HD video in addition to pushing  data to the cloud to perform analytics operations. All connected cameras stream to the cloud service platform for self-learning video analytics, but use only minimal bandwidth for this task with just 10-second analytics clips pushed to the cloud. These values are based on a standard 2MP/30 fps video stream, with Blue coming in two models; a 16-channel device ( recording at 196 Mbps) to 12TB onboard storage and an 8-port device (recording at 120 Mbps) to 8TB onboard storage.

Avigilon has also given much consideration to data security, as communication is protected by 256-bit AES encryption (typical of industry leading VPN services) with controlled key management. Various encryption models are used during data in transport and at rest, and no ports are left insecure. Data storage is also redundant locally and across data centers to eliminate the risk of data loss.

The platform is scalable from just a single camera all the way up to 33+ devices and allows for unlimited user accounts. Multiple subscription plans are available for the service, with upgrades easily performed alongside growth of the business the system is protecting. All built-in ports are PoE+ and support third-party devices (ONVIF-compliant).

 

 

Contact us at     admin@gostst.com

  

 or call 24/7        (210)-446-4863