Security Systems News

AUG 2017

Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se

Issue link: http://ssn.epubxp.com/i/853381

Contents of this Issue

Navigation

Page 16 of 38

ransomware spread. Britain's National Health Service was hit by the cyber-attack and the same perpetrator froze computers at Russia's Interior Ministry while further affecting tens of thousands of computers elsewhere. Across Asia, several universities and organizations reportedly fell prey, including Renault, the European automaker. The attacks spread swiftly to more than 74 countries, with Russia worst hit and includ- ed Ukraine, India, Taiwan, Latin America and Africa. The fact of the matter is that any- thing riding on the network is at risk. Physical security systems are vitally important to daily operations of every organization today. At many facilities any downtime of these systems may significantly affect the safety of people, property and assets. Tackling data security risks Cloud computing creates a solid path for customers to lower their total cost of owner- ship (TCO) with open architecture and other installation efficiencies that provide ready scalability. But, it also provides healthy TCO in providing inherent safeguards that protect data regularly and automatically. Cloud computing Access Control as a Ser- vice (ACaaS) Security Management Systems (SMS) offers respite to the practice of hous- ing access control systems on premises, with inherently higher security. Many of the cloud- based solutions today redundantly store system data and video automatically or on schedule. In addition, most cloud providers are held to an extremely high level of cyber- security with various levels of encryption and automatic disaster recovery. Acceptance of cloud solutions by organizations is at an all-time high and manufacturers are releas- ing cloud solutions for numerous technolo- gies. Integrators need to take advantage of the opportunity to offer cloud solutions to customers for enhanced security and reliable network authentication. What end users and security integrators are beginning to understand is that the cloud is much safer than a non-hosted environment. In the example of ACaaS SMS, there are multiple layers of safeguards and security in the technology available as opposed to on- premise software-based platforms using local servers. Cloud-hosted security management systems are purpose-built and designed with software security as a leading backbone. Host- ed systems can follow what Microsoft refers to as SD3+C: Secure by Design, Secure by Default and Secure in Deployment in Com- munications. Two-Factor authentication and pass- word policies For those who have had their Facebook account hacked, the reality of the insecu- rity of passwords hits home. Secure cloud- hosted systems don't use default user names and passwords. Each hosted system is issued a unique password, providing the first step to an ultra-secure solution. In addition, the ability to create password policies for users that can be set for low, medium and high adds another layer of protection. Lastly, two-factor authentication, which is being used much more frequently with consumers, can be attached to the log-in credentials of any user. With two-factor authentication, user accounts are linked with a second source of verification, such as a code generated for fur- ther authentication. Users must provide this code when entering their user name and pass- word, while a potential hacker would need three things in order to access the system: user name, password and access to open the device which generates the two-factor authentication code. Two-factor authentication at the login for cloud-hosted access control reduces the risks of weak passwords while also simplify- ing password policy management for the IT staff. Standards-based TLS 1.2 encryption In addition to the SD3+C design concept, encryption further protects the transmission of data between the client and the cloud- based server using Secure Sockets Layer (SSL), a standards-based security technology for establishing an encrypted link between a server and a client. The SSL Transport Layer Security (TLS) 1.2 encryption secures the data connection to connected field hardware as opposed to using easily hacked Open SSL protocols. Further, TLS 1.2 encryption allows the server and client to authenticate each other and to negotiate an encryption algo- rithm and cryptographic keys before data is exchanged. Cloud computing takes this a step further: manufacturers auto-negotiate the TLS encryption with the access control controller boards as they initiate contact with the server. Once logged in, SSL certifications further safeguard the communications between applications while TLS certificates protect the communications between field devices and the ACaaS SMS platform. Proactive and consistent vulnerability scanning also pro- vides additional protection against emerging threats. IP Client, versus IP Server, is also charac- teristic of cloud-computing, which greatly reduces risk from outside threats. IP Client uses outbound ports at the user's site instead of inbound ports, circumventing the possi- bility of security breaches and data compro- mise. With IP Client, IT staff does not have to open inbound network ports or set up port forwarding, keeping the network secure and lowering management workload on manual configurations and set up. Advanced security safeguards All software manufacturers have Qual- ity Assurance (QA) departments inspect- ing their own software for bugs and issues. However, what are the risks if QA misses a critical issue with the code? Third party vul- nerability assessments are not only becoming prevalent in the cloud-based solutions mar- ket, but expected by savvy end users who want support documentation to assure that the manufacturer has taken additional steps to further minimize risks. Veracode is one of those that provides these services in cloud- hosted ACaaS and tests for key application security risks to enterprise solutions. Soft- ware providers of all sizes use the VerAfied security rating to demonstrate their software has undergone stringent independent testing and certification against the latest industry standards. Gartner predicts worldwide public cloud services to grow 18 percent in 2017 to $246 billion, up from $209 billion in 2016. ACaaS that's built for and hosted by the cloud pro- vides the industry's most robust solutions for secure, connected environments in security and the emerging Internet of Things. A major factor to consider for cloud-computing SMS today is the level of security a manufactur- er provides for their application. The most robust solution should incorporate multiple layers of data and privacy protection to safe- guard client information while delivering the highest end-to-end security, from system login to trusted field devices. Paul DiPeso is EVP of Feenics, a company that specializes in cloud-based access control solutions including its Access Control as a Ser- vice (ACaaS) platform built specifically for and hosted in the public cloud. SSN By Paul DiPeso C y BER THREATS and ransomware attacks are no match for cloud com- puting design-built from the ground up for information technology security. In physical security, particularly access control, the history of hacking for- merly focused solely on stopping unauthorized users from duplicat- ing or cloning information housed on cards and other devices. Now, it's all about stopping criminals from gaining access to or attacking a customer's network and its data through vulnerabilities in their physical security systems. The mounting case for cybersecurity is real and escalating. Cyber threats and ran- somware present a formidable threat across all businesses and vertical markets. In the example of ransomware, an attacker manages to successfully place malware on the network with the intent of encrypting critical data or entirely locking systems—to hold the busi- ness ransom for payments, with the promise of releasing the information or unlocking the system. Much of the ransomware is coming from out-of-country hackers who are quite sophisticated in their attacks, often demand- ing bitcoin as payment. Online extortion had a banner year in 2016, according to Trend Micro's annual security assessment report: "2016 Security Roundup: A Record y ear for Enterprise Threats." In 2016 there was a 752 percent increase in new ransomware families, with $1 billion losses to enterprises worldwide. Ransomware attacks are growing in fre- quency, causing devastating consequences to enterprises and organizations across the globe. Numerous, widespread breaches around the world occurred prior to and through Moth- er's Day weekend 2017 as the WannaCry Cloud computing tackles emerging cyber threats Paul DiPeso This 'host' has the 'most' inherent technology safeguards www.securitysystemsnews.com August 2017 s EC u RI t Y s Y st EM s NEW s guest commentary 10

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Systems News - AUG 2017