Security lockdown: cloud and physical worlds converge

It’s the information age of buildings; the smart building world, where wholly connected buildings are springing up in the globe’s move towards entire smart cities.

As the global smart building market gets set to grow exponentially; reaching a predicted USD 61,900 million by 2024, the corporate world is generating a paradigm shift from siloed, to integrated building systems. And security is following suit. Cloud and physical security systems are converging, to deliver maximum protection for people, assets and data.

>See also: Security: The front row of the enterprise

With the advent of the cloud, one of the most disruptive technological shifts since the IP revolution is now happening; integration of physical access control systems with cloud solutions such as visitor management systems (VMS). These converged solutions now play an increasingly essential role in the protection of infrastructure, both physical and virtual while also delivering a seamless customer experience.

Combined forces

Europe holds the dominant position in the smart building market followed by North America and Asia Pacific. Set to triple sales of ‘smart systems’ between 2018 and 2022[1], the UK alone is predicted to spike from 2.9 million to 8.1 million smart systems in just five years. Whilst the focus has predominantly been to drive efficiency, sustainability, customer service and comfort, organisations globally are now looking towards the security market to deliver enhanced protection and cost efficiencies. A greater synergy between the domains of IT and facilities management/security is born.

No more secrets

As the physical security market matures, and the client-side demands a holistic approach to security services as opposed to individual solutions, manufacturers are being forced to move away from closed protocols, towards open design systems.

>See also: Quality over quantity: Women in cyber security

Just one example, the cloud access control market, is experiencing strong growth. According to market research firm IHS Markit, global sales are forecasted to exceed $530 million in 2018 and top $1.8 billion by 2025.

Re-invigorating the market place, new software vendors are now developing services to enhance the capabilities of the technology, utilising open application programming interfaces (APIs) to exchange data between different platforms. From smartphone apps to replace keys, cards, fobs and badges, to remote monitoring.

Smooth systems

Migrating entire security systems to IP-based networks has transformed the delivery of security services and created buildings which now collect and share data to run as efficiently as possible without human intervention. Customers now benefit from high-capacity, low-latency performance efficiencies and operational cost-effectiveness which legacy systems just could not deliver. From access control, lifts, visitor management and fire safety systems, to CCTV, building controls/HVAC and LED lighting, connectedness has created some of the smartest systems in the world.

Authorised access

So why are organisations making the shift towards converged access control / VMS? Whilst huge emphasis is placed on the threat of cyber attack from the hacking world, many organisations are utilising converged security services to protect from insider threat. Outside of employees, organisations are required to manage large volumes of visitors to corporate premises and knowing who and where visitors are is imperative. Whether that’s guests, contractors, vendors and business partners, converged access control / VMS can enable organisations to define the right level of access dependent on need within a building or site.

>See also: What is the best form of cyber defence?

Historically, access control would only be accessible to employees, resulting in the need to escort visitors throughout a premises at all times. As physical security and the cloud converge, a visitor pathway can be programmed and pre-authorised before arrival. Access can be as granular as a room, on a particular floor at a particular time, and any deviations from that route recorded even when access is denied. This can be further extended to the realms of IT security, should an organisation wish to grant contractors/visitors access to IT equipment whilst on site.

Should a threat be detected, IT and physical security can now work seamlessly to lessen risk. For example, if a visitor was to remove a computer, IT safeguards can identify their movement and immediately alert CCTV and access control to monitor the situation and if needs be, even communicate a lock down with the entrance doors.

Biometric beginnings

The next step for VMS is integration with facial recognition technology, matching visitors with official identification at the point of check-in. Not only does this dramatically reduce the administration time of booking visitors in, it enhances security by removing potential ‘human error’ from the ID matching process.

As the IP revolution puts more layers of information on the same platform, CCTV systems can also draw vital data from the VMS. As an IoT device, a surveillance camera can connect with the VMS and draw data such as visitor ID photographs which can then be matched against any unusual activity. For example, if a contractor makes several attempts to gain access to a restricted area, a camera will trigger to record and alert security personnel to the footage. Car park CCTV systems are now also tapping into VMS data to pre-authorise car registration plates to help with a smooth arrival.

Network vulnerabilities

A recent study by BullGuard discovered that over sixty percent of consumers are “very concerned” or “highly concerned” about potential hacking and data theft carried out against their Internet-connected devices, with over thirty percent having already experienced a security incident or privacy problem in the past.

Ultimately, corporates are looking for robust cloud services in the business world too, which demonstrate superior analytic capability and service quality. However, now network-based, physical security solutions are vulnerable to the same cyber-attacks that have plagued the IT world’s data networks for a long time. And, as with any system, hackers will exploit security gaps left by the cloud vendor or end user. From socially engineered malware and password phishing hacks, to social media threats, once migrated to an IP network, multiple cyber-security considerations apply.

Compliance quandaries

Another challenge to be faced is the forthcoming General Data Protection Regulation (GDPR) coming into force this month. Whilst migrating from legacy to networking systems removes the issue of data being held in multiple silos, smart buildings, where data is collected, analysed and acted on in a systematic, interconnected way, takes compliance to new heights.

>See also: Cyber attacks become number 1 business risk

Whilst security provision is naturally at the centre of any business’s GDPR readiness, being digitally resilient against cyber threat is critical. Yes, procuring security as a service outsources the potential headache of compliance, however, senior decision-makers must be vigilant about which suppliers they work with and carry out thorough due diligence on any GDPR-compliance claims. As a starting point, IT and security should carry out a gap analysis on systems to identify any potential shortcomings that can be addressed with consultants, integrators and manufacturers.

Combined forces

Strong partnerships between IT and security teams are integral to achieving maximum building security. There needs to be a deep understanding of technology, people and processes, which can only happen if links between IT and security heads are strengthened. And the result? A robust and shared approach to threat and optimal protection of people, assets and data.

 

Sourced by Gregory Blondeau, founder of Proxyclick.

[1] https://www.ccsinsight.com/blog/smart-building-market-gathers-pace-in-europe

Kayleigh Bateman

Kayleigh Bateman was the Editor of Information Age in 2018. She joined Vitesse Media from WeAreTheCIty where she was the Head of Digital Content and Business Development. During her time at WeAreTheCity...

Related Topics

Cyber Attack