You can’t pick up any security or IT publication these days without some mention of “the cloud” — now I have guaranteed that this issue will be no different.
Three facts seem very clear from our current vantage point:
• The movement to cloud services is a train that may be slowed, but cannot be stopped;
• Cloud services have the potential to provide additional RMR to dealers and integrators in a variety of ways, including video, access, intrusion, PSIM and more; and
• Cloud services represent a potential security and business threat.
Security is not leading the way to broad-based adoption of cloud services; rather, IT-centric service offerings such as SalesForce.com and DropBox, coupled with widespread IT and consumer acceptance, can claim that distinction. The challenge for the security industry is to figure out how to use this technology from a business and practical standpoint, while provisioning good “secure-ITy”.
At the recent 2013 Securing New Ground (SNG) Conference in New York, there were lots of people talking about the cloud. Among them was Frank De Fina, senior VP of Samsung Techwin, who had just returned from a series of meetings with high-tech corporate leaders in Silicon Valley and found that they had some deep concerns about the impact our industry could have on the cloud infrastructure.
The concerns, De Fina learned, included the effect of potentially massive amounts of video data flowing through data centers, the physical security in those data centers, insider threats, and the incredible cost of data breaches — estimated in excess of $400 billion annually.
I wonder about their video concerns. I do not see near-term movement of massive video feeds to cloud based storage — too much bandwidth is required and it is not really needed. Cloud video services, such as VSaaS (Video Surveillance as a Service), tend to be based on alarms and events, triggering limited-duration video clips to be viewed or stored.
Local storage, including inexpensive SD and SDHC cards on the camera, can be expected to be the main repository for whatever is needed to be saved. Further, you can argue that a video data breach is less likely to be catastrophic than many other types of data breaches, with perhaps the main concern being the loss of privacy.
IT Security Threats
The information security threat is real and requires diligence on the part of the security dealer or integrator.
The Cloud Standards Customer Council has published an excellent white paper, available at www.securityspecifiers.com/ResourcesWhitePaper.asp — search “Cloud”) detailing 10 steps to evaluate and compare cloud offerings.
Among other items, potential users are encouraged to ensure that effective governance, risk and compliance processes exist; to audit operational and business processes; and to assess the security provisions for cloud applications. The white paper says that if you are going to use a cloud service, there are other issues that also must be addressed, but two of the most important are managing all security terms in the cloud SLA (Service Level Agreement); and evaluating security controls on physical infrastructure and facilities.
The steps described in the white paper are also useful for larger-scale enterprises deploying their own private cloud, upon which integrators have the potential to provision cloud services and provide ongoing value. In any event, I was happy to see physical security make the list.