Security Dealer & Integrator

FEB 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: http://sdi.epubxp.com/i/941796

Contents of this Issue

Navigation

Page 32 of 59

February 2018 www.SecurityInfoWatch.com / Security Dealer & Integrator 33 Manufacturers releasing a security update to KRACK is just the first step. Getting each of these devices patched is another challenge . Many customers who own these products are simply unaware that their products are at risk. for the camera password requirement." The FTC and TRENDnet settled the suit, which required TRENDnet to establish a comprehensive information security program to address security risks. Integrators too need to be aware of warranty and liability considerations. Since they are considered to be in the stream of commerce and customers often seek out integrators as their first line of support, integrators become the face of engagement to customers. Integrators must be cognizant of obligations they receive from upstream entities (i.e. manufacturers) and the obligations they offer to downstream entities (i.e. customers). For example, an integrator installing manufacturer devices should not offer any additional representations and/or warranties to its customers than offered on device by the manufacturer itself. When an integrator makes additional representa- tions and/or warranties around manufacturer-provided devices, it may inevitably leave the integrator in the untenable position of being responsible to its custom- ers to whom it has provided such additional warranties, but without the recourse of being able to hold the manufacturer accountable, because the manufacturer may have contractually disclaimed such warranties. Installing companies need to ensure when they engage with consumers to provide manufacturer orig- inating products (e.g. software, hardware, etc.) that are governed by a contract where the integrator does not present any additional warranties to the consumer beyond what the manufacturers themselves are willing to offer. Ideally, integrators should consider operating in the "reseller model" and allow manufacturers to be directly responsible (if at all) to the customers. Integrators do not want to be left holding the bag when manufacturer-originating products become a point of failure. To minimize risk in such cases, inte- grators should seek contractual indemnification from manufacturers. While indemnification will not prevent lawsuits, it may provide another avenue for the integra- tor to seek payment for its liabilities (depending on how the indemnification language is written). ยป Siddharth "Sid" Bose is an attorney with Ice Miller's Data Security and Privacy Group in Indianapolis. He counsels clients on various data security and privacy issues dealing with online privacy, vendor contracts and agreements, IT audit, compliance, data breaches, disaster recovery, internet of Things (IoT) and business continuity planning. The Role of Security Integrators It is a strange concept to think the security devices that systems integra- tors deploy to protect customers may end up posing a significant cyberse- curity risk. e fact is, vulnerability discoveries in internet of ings (loT) devices is not a trend that is going away any time soon. With 20 billion loT devices expected to be installed by 2020, according to Gartner Inc., we are in the middle of explosive growth and vastly uncharted territory for cybersecurity and poten- tial threats. So what is the role of the systems integrator? Organizations today must know what network-enabled devices they have in place, devise methods of col- lecting security updates when they are available, and define procedures in change management and processes for applying updates. Whether this process is done internally or via a third party is up to the organization, but it is an ongoing process that is vital to cybersecurity threat mitigation. Patching and updating may seem basic, but it is oen overlooked, espe- cially with loT devices. Patch manage- ment of devices is an important step in a cybersecurity program. Once vulner- abilities are discovered publicly, it is an informal invitation for attackers. Device firmware and soware updates are not all about just getting new features out of a product, but also being able to apply the latest critical security safeguards available.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - FEB 2018