Security Management via the Cloud: ‘Organisations must embrace the risks as well as the opportunities’

Posted On 24 Nov 2014
Comment: Off

N3912Organisations embracing cloud-based security management systems will see major benefits from doing so but must adapt quickly to ensure they don’t open themselves up to evolving risks. This was the clear message emanating from the Association of Security Consultants’ (ASC) winter Business Group meeting held on 18 November at the London Chamber of Commerce and Industry.

Inderpall Sall, technical director at NG Bailey IT Services, highlighted the rapid progress towards the next phase of cloud evolution when everything will be connected to the Internet. This would maximise the intelligence available, facilitate the convergence of building, ICT and business systems within organisations and routinely mean that powerful analytics are available.

Examples given included access control data triggering whether lights are switched on or off at a particular workstation, entry cards being disabled and desk and parking spaces released when given individuals are on holiday and an American company using data from cameras to analyse behaviour on train stations with a view to preventing suicides.

Clients are now demanding cloud-based mobile technology” “You have to put a network in otherwise someone else will do it”.

There’s now a move away from organisations requiring every system to have its own separate infrastructure and applications. Indeed, Sall cited the examples of a client that had opted to have just one cabling infrastructure to manage and monitor everything and of a requirement to provide a very simple, single application with security, fire and building management sections available from one screen.

Consideration of risk alongside opportunity

However, there’s a need to consider the risks alongside the opportunities. If all information is on the network, the implications of being hacked would be much more serious. Effectively, it would be possible for someone to gain control of a whole building.

To offset these risks, it’s important to have substantial physical and IT security in place, give very careful consideration to enterprise security architecture and ensure that all functions involved with security provision are co-ordinating their activities effectively.

The intelligent buildings theme was continued with a presentation on security reporting from Brian and Steve Larkins of Verifi FMS. Despite all the technological developments of recent years, security officers have remained largely dependent on paper records. This could make organising and retrieving information (particularly where this is related to events that had occurred some time ago) challenging to say the very least. This session demonstrated VeriFi EIDOS, a new cloud-based alternative which requires only a standard browser.

The ASC event also included a presentation by Broadgate Estates’ security and business continuity manager Jonathan Schulten on the scale and nature of dealing with such a large property portfolio, the dynamics of the relationships between landlords, occupiers and property managers and some typical challenges such as public realm management (for example during the World Cup coverage in Exchange Square).

Speaking after the event, ASC chairman Allan Hildage commented:” We’ve seen today how cloud technology can help to provide a consistent and quality service and ensure different parts of an organisation work together more effectively to meet overall business objectives. However, we’re also constantly reminded that the speed of technological development is challenging everyone. The impact on systems’ integrity and the ability of the regulatory framework to keep pace are just two of the issues that have been raised.”

Hildage concluded:” From a security and resilience perspective, it’s vital that we grasp the full implications and act on them if we are to maximise the benefits while minimising the risks.”

*The next ASC Business Group meetings will take place on 3 March and 14 May 2015

**For further information on the ASC visit: www.securityconsultants.org.uk

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.