Security Business

MAR 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1095589

Contents of this Issue

Navigation

Page 55 of 109

54 Security Business / www.SecurityInfoWatch.com / March 2019 and poor offsite redundancy during manmade or natural emergencies. ese are just some of the ways sys- tems integrators unknowingly leave customers' servers vulnerable – poten- tially opening up liability if that cus- tomer's system is attacked. Even with proper installation and protocol, access control systems can also be compromised because of the poor design of their management interfaces. Hackers use automated programs called bots to automat- ically scan networks for vulnerable devices and attempt to log into them using common default credentials. ere may also be vulnerabilities through the implementation of the system's login screen or its remote management tool. e Mirai botnet is a recent exam- ple, in which vulnerabilities and default configuration of internet- connected devices cost businesses hundreds of millions of dollars in a single incident. Cloud access control can offer answers to all these issues and more. The Benefits e benefits brought by genuine cloud-based access control solutions – which have been built from the ground up as a secure cloud service – include connectivity from a client's network using multiple security standards and protocols. In this way, secure access to the system can be provided with no exposure of exter- nally available connection points. Users of a cloud-based system are authenticated against servers that reside in the manufacturer's cloud infrastructure. e best cloud solu- tions use multi-factor authentication – for example, password, phone app and/or fingerprint – to log into the Access Control cloud management interface. ey do not use default user names and pass- words. Non-cloud systems handle all authentication on the customer-prem- ise equipment, making it difficult to use advanced authentication technol- ogy and leaving the login credentials vulnerable to local attack. While frequent feature updates and upgrades are a major selling point of any cloud-connected system, these are arguably even more vital to the overall security of the system. In standalone systems, security updates oen fall by the wayside to other IT or budget concerns; however, with a truly cloud- based system, these are undertaken automatically and do not require the intervention of onsite staff. ey can be pushed out as soon as any vulnera- bility is detected. Additionally, because data is reg- ularly and securely backed-up and stored, compliance and disaster recovery are made seamless with read- ily accessible data that does not need to be retrieved from a server-based system. is makes cloud-hosted sys- tems more capable of offering redun- dancy in an emergency than most on-site solutions. reats from employees, or for- mer employees, are also mitigated. Browser-based and mobile app inter- faces enable a system administrator to remotely grant, modify or delete access rights of an employee or tem- porary contractor. Sales Tactics When it comes to selling the value of cybersecurity, security integrators will generally be speaking to one of three types of customers: those with robust and knowledgeable IT departments, those with smaller, resource-strapped in-house teams or individuals, and companies who outsource their IT needs to a managed services provider. For customers with a sophisticated IT staff, the cyber advan- tages of a cloud solution should be an easy sell; in fact, many such compa- nies are already embrac- ing a cloud strategy in an effort to keep outside vendors and services off of their in-house serv- ers. For these customers, integrators should focus on convincing them that the cloud solution being offered is the right cloud solution for the application. Customers with understaffed in-house IT departments need as much support as possible. For them, a cloud solution removes a lot of the burden related to administering and maintaining the system; however, they may need some education regarding the cloud and cybersecurity as it per- tains to access control. Stories of hacked security cameras and IoT devices are well known, but the similar vulnerabilities of access control systems are less publicized. is is a great chance for an integrator to show off their knowledge and pro- vide valuable guidance. For the oen small business cus- tomers who outsource their IT man- agement, integrators may be speak- ing with a business owner or business manager who has limited IT knowl- edge. ese customers should imme- diately appreciate that your solution bypasses their IT network and that they can easily control and manage it themselves. Its turnkey nature, com- For customers with understaffed in-house IT departments, a cloud solution removes a lot of the burden related to administering and maintaining the system.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Business - MAR 2019