By Guy Arazi, Director, Technical Partnerships, at SecuriThings
If you’re familiar with ONVIF’s pioneering work promoting standardization and interoperability among physical security devices, then chances are you already know how crucial it is to buy and install devices that conform with ONVIF’s standards. Especially given how quickly the field of physical security continues to evolve and new device types continue to emerge, the flexibility and future-proof reliability of ONVIF conformant devices are critical advantages for physical security teams.
Of course, even with the most advanced and versatile physical security devices, the process of device management is a major challenge. And given how high the stakes can be, the goal of managing those devices adequately is one that organizations can’t afford to neglect. Simply put, to get the full benefit of your physical security devices, you need to manage them properly over time.
That makes it particularly important to have consistent standards for managing physical security devices. Just like organizations can help themselves increase their physical security ROI by buying and installing physical security devices that conform to ONVIF’s standards, after installation they can maximize their ROI by managing those devices in line with specific management standards. That understanding of the importance of standards throughout the device life cycle is one of the key reasons that we at SecuriThings are so excited about our new partnership with ONVIF.
With all of that in mind, this post will shed light on the essential standards for managing physical security devices. In addition to explaining the key aspects of physical security device management, we will present eight key standards to improve the management of those devices.
What are the key aspects of physical security device management?
Perhaps the most obvious way in which managing and maintaining physical security devices can help organizations improve their security posture is by maximizing device availability (uptime). There are many reasons devices can have problems resulting in downtime, but there are specific and achievable steps that organizations can take to minimize both the frequency and the duration of that downtime. And given the risk that a serious security incident could take place during that downtime (as happened during 2022’s shooting in a Brooklyn subway station), maximizing device availability can make a powerful difference in helping organizations stay safe.
In addition to boosting uptime, proper device management involves hardening and maintaining devices to prevent them from providing cybercriminals with easy targets. The importance of protecting physical security devices from online threat actors was underscored by an infamous 2021 data breach, in which hackers managed to compromise the feeds of roughly 150,000 security cameras. While the threat is very serious, properly managing physical security devices can go a long way towards helping organizations defend themselves.
There are also other critical goals for organizations to focus on as they improve the management of their physical security devices. Given the trend toward increasing regulation of technology including physical security devices, it is vital to ensure compliance with relevant laws. Reliable legal compliance can help organizations avoid lawsuits, fines, and reputational damage. At the same time, organizations need to ensure that their physical security devices are managed in ways that comply with their own internal (IT) policies and standards, keeping them safe from cyber vulnerabilities, among other things.
It’s also essential to manage physical security devices efficiently and cost-effectively. After all, no matter how reliable an approach to managing physical security devices might be, typical organizations won’t adopt it if it’s unaffordable.
What are the 8 key standards for managing physical security devices?
To meet all of these goals – bolstering both physical security and cybersecurity, while ensuring legal compliance and keeping expenses down – it’s important for organizations to achieve enterprise-ready physical security.
How can organizations make enterprise-ready physical security a reality? While working extensively with both IT and physical security professionals and with leading device manufacturers, SecuriThings has identified eight key requirements that physical security teams must meet in order to reach an enterprise-ready level.
To achieve enterprise-ready physical security, organizations must perform the following eight steps properly and comprehensively:
- Operational asset mapping, creating (preferably automatically) a full breakdown of all of an organization’s physical security devices – including key details such as each device’s model, firmware version, serial number, end of life date, and warranty information.
- Configuration hardening, identifying and addressing any vulnerabilities that are present in devices right out of the box.
- Health and performance monitoring, both to detect downtime and other issues rapidly, and to gather useful information in order to help address any issues that do arise.
- User and password management, addressing the risk that problems with passwords or user permissions could enable cybercriminals to hack into physical security devices.
- Remote firmware upgrade, addressing the risk that unpatched vulnerabilities could be exploited by cybercriminals – while also preventing devices from receiving incompatible firmware updates, which can cause downtime.
- Certificate management, particularly addressing the cybersecurity need for both SSL and 802.1x certificates, while proper management of certificates is often neglected.
- Cybersecurity (detection and protection), going beyond the initial hardening and routine maintenance of physical security devices to defend them against new and emerging cyber threats.
- Detailed log collection, providing physical security teams with essential information on the performance of each device – information that they can both analyze on their own and share with other relevant stakeholders.
In recent years, fleets of physical security devices have continued to grow – both in scale and in the variety of devices they include. As a result, the challenge of managing those devices has become increasingly complex. At the same time, trends in physical security, cybersecurity, and legal regulation have made it increasingly important to manage those devices properly.
One key to overcoming that challenge is bringing universal standards to the world of physical security device management. By meeting the eight essential requirements laid out by SecuriThings, organizations can help themselves to enjoy the full benefit of the physical security devices that they’ve purchased and installed.
This way, organizations can supplement the advantages of buying and installing ONVIF conformant physical security devices by managing and maintaining those devices reliably and efficiently over time – helping them maximize their physical security ROI.