4 minute read
Physical security operations
The costs of not being enterprise-ready by
Roy Dagan, CEO, SecuriThings
At most large organizations today, physical security is expected to comply with the same standards and practices as their IT counterparts. This means they have to ensure devices are fully operational and compliant.
But while physical security departments understand the need to manage and protect their IP-based devices, they often face a number of challenges. For example, physical security departments don’t always have the technical, operational and budgetary resources of their IT counterparts.
Nevertheless, physical security departments can—and often do— remain operational with even limited resources. But they are not always able to meet the latest IT standards.
This creates costs for the business in the way of outages, unnecessary management headaches and rising maintenance costs—all stemming from a lack of visibility into device operations.
Potential costs can also include regulatory penalties for noncompliance and damage or liability from any security incident. And these risks increase as a physical security department scales its fleet of devices, which is inevitable as an organization grows.
The anwer? Enterprise-readiness, which boils down to achieving full device visibility and end-to-end management which, if efficiently executed, keeps fleets secure and operational. The five most important results of enterprise-readiness are:
1. Device Availability. A baseline necessity for physical security, device availability should be as close to 100% as possible. In some cities, though, availability of public-area security cameras is believed to languish below 80%.
2. Robust Cybersecurity. IP-based devices are connected to IT’s networks,so ensuring these devices are hardened against bad actors – for example by regularly rotating passwords and upgrading firmware – is one of the greatest benefits of enterprise-readiness.
3. Compliance. Physical security teams and device manufacturers are increasingly bound by regulatory mandates, company-internal and industry requirements, as well as IT standards for device management.
4. Cost-Efficiency. A prime example is reducing avoidable truck rolls, and more generally the reduction of expensive break-fix cycles.
5. Future Planning. Replacing outdated and unsupported devices at the right point in their life cycle is key to cost efficiency, cybersecurity and compliance.
Physical security professionals are aware of the issues, but readiness as described above requires specific capabilities to achieve. The ecosystem of physical security devices is wide-ranging and complex. There are many different vendors and versions of devices with different software and maintenance requirements. Some support remote diagnostics; others do not.
Even when devices have these key features, physical security still needs the technology to manage and protect the devices at scale.
Whatever the nuance, the big picture is that enterpriseunreadiness can come at a cost. Any small misconfiguration or outage could set off a chain reaction or result in a compromised network, which is not something a large organization can afford.
But what exactly is the cost of enterprise-unreadiness to a business?
Breaking Down Risk and Cost to Business
Costs can manifest themselves in several ways. For instance, monetary costs tied to hours worked are easily quantified. Others, like risk and deficits in organizational communications and collaboration, are not as tangible, but nevertheless they do impose costs.
Specifically, for physical security teams, unreadiness costs can present themselves in the way of:
• Increased device downtime. The longer a camera, sensor, or an access control system remains offline, the higher the security risk to an organization. Without the active monitoring and surveillance capabilities provided by these devices, an organization can become more susceptible to unauthorized access, other breakdowns in protection, and lawsuits.
• Increased vulnerability to cyber threats. Lapses in required updates of device certificates (such as SSL and 802.1x), firmware, and password resets increase the likelihood of a security incident. Keeping ahead of these requirements requires real-time visibility of fleet devices and their status.
• Increased staff hours spent on repetitive procedures. Password rotation (resetting) and firmware updates are large-scale critical procedures that are very timeconsuming and difficult to perform correctly. Without automated, remote management, physical security teams carry out these tasks manually, resulting in higher staff costs. The team’s mandate also includes managing users, defining access and setting permissions.
• Unnecessary maintenance costs. Physical security teams often spend resources and budgets on endless break-fix cycles and other avoidable maintenance tasks. This often results in excess truck rolls, which can easily triple a physical security team’s spend on maintenance. Remote device management capabilities can enable a proactive approach to maintenance that ultimately reduces costs.
• Misalignment with IT. Today’s connected physical security ecosystem is inextricably linked to IT, which makes collaboration between both teams that much more important. Any tension or miscommunication between both organizations can lead to a misalignment of priorities and may impede diagnosis and resolution of technical issues.
• Stuck in “firefighting” mode. Reacting to any device outage or potential risk is part of physical security’s job. But not every incident is created equal and chasing back-to-back fires can result in rising costs and shift teams away from more strategic tasks—such as end-of-life device planning.
• Non-compliance. Penalties for device non-compliance can result from common problems like outdated device software or firmware. But, even if your entire fleet is in order, regulations change and often vary by jurisdiction, country and industry. Regulation of security at major airports is, of course, different than for a standard enterprise. Keeping an entire fleet of devices compliant requires visibility into device compliance status, standardized audits and technical logs.
Enterprise-readiness lowers physical security costs
It’s important to note that achieving enterprise-readiness requires an ongoing, carefully thought-out approach. By becoming enterpriseready, physical security organizations can ensure that their systems are fully prepared for the demands ahead. Their proactivity not only has a positive impact on budgets, availability and maintenance but also enhances compliance, cybersecurity and overall mission-effectiveness for physical security.
For further information please visit https://securithings.com