Organisations embracing cloud-based security management systems will see major benefits from doing so but must adapt quickly to ensure they don’t open themselves up to evolving risks. This was the clear message emanating from the Association of Security Consultants’ (ASC) winter Business Group meeting held on 18 November at the London Chamber of Commerce and Industry.
Inderpall Sall, technical director at NG Bailey IT Services, highlighted the rapid progress towards the next phase of cloud evolution when everything will be connected to the Internet. This would maximise the intelligence available, facilitate the convergence of building, ICT and business systems within organisations and routinely mean that powerful analytics were available.
Examples given included access control data triggering whether lights were switched on or off at a particular workstation, an entry card being disabled and desk and parking space released when someone is on holiday and an American company using data from cameras to analyse behaviour on train stations with a view to preventing suicides.
Clients are now demanding cloud-based mobile technology – “You have to put a network in otherwise someone else will do it”. There’s now a move away from organisations requiring every system to have its own separate infrastructure and applications. Indeed, Sall cited the examples of a client that had opted to have just one cabling infrastructure to manage and monitor everything and of a requirement to provide a very simple, single application with security, fire and building management sections available from one screen.
Consideration of risk alongside opportunity
However, there’s a need to consider the risks alongside the opportunities. If all information is on the network, the implications of being hacked would be much more serious. Effectively, it would be possible for someone to gain control of a whole building.
To offset these risks, i’s important to have substantial physical and IT security in place, give very careful consideration to enterprise security architecture and ensure that all functions involved with security provision are co-ordinating their activities effectively.
The intelligent buildings theme was continued with a presentation on security reporting from Brian and Steve Larkins of Verifi FMS. Despite all the technology developments of recent years, security officers have remained largely dependent on paper records. This could make organising and retrieving information (particularly where this is related to events that had occurred some time ago) challenging to say the least. This session demonstrated VeriFi EIDOS, a new cloud-based alternative which requires only a standard browser.
The ASC event also included a presentation by Broadgate Estates’ security and business continuity manager Jonathan Schulten on the scale and nature of dealing with such a large property portfolio, the dynamics of the relationships between landlord, occupiers and property managers and some typical challenges such as public realm management (for example during World Cup coverage in Exchange Square).
Speaking after the event, ASC chairman Allan Hildage commented: “We’ve seen today how cloud technology can help to provide a consistent and quality service and ensure different parts of an organisation work together more effectively to meet overall business objectives. However, we’re also constantly reminded that the speed of technological development is challenging everyone. The impact on systems’ integrity and the ability of the regulatory framework to keep pace are just two of the issues raised in questions from the floor.”
Hildage concluded: “From a security and resilience perspective, it’s vital that we grasp the full implications and act on them if we are to maximise the benefits while minimising the risks.”
*The next ASC Business Group meetings will take place on 3 March and 14 May 2015
**For further information about the ASC visit: http://www.securityconsultants.org.uk