Let's face it, it's the hot topic these days. The cloud; that immense unknown to many, but omnipotent and all-powerful to others.
By Germán Alexis Cortés H.
In this article I intend to begin to demystify the subject, at least as far as the world of electronic security is concerned. Let's start at the beginning: what we call "the cloud", is nothing more than one or several servers (special computers with important characteristics of stability, great performance and security), which we access through a communication channel that can be dedicated or through our Internet connection and service provider (ISP).
Cloud-based electronic security then becomes a service provided by a specialized company and that usually has a monthly cost (although there are free services with some limitations). The service may cover, the use of the entire infrastructure, the use of a specific platform or the development of a software.
Architecture
The work that current security systems do is divided into two groups: Processes on local devices (peripherals) and processes on cloud devices (servers). The basic principle of the whole system is the same, the same functions are performed for normal users.
The difference is that some added values are delivered that bring benefits to all members of the guild (end users, integrators, distributors, factories and consultants). Local devices remain the same: sensors, readers, controllers, cameras, monitors, control keyboards, electromagnets, among many others; depending on the sub-system to be taken into account.
Cloud devices are basically servers that do processes and management of access control signals, video surveillance, video analytics, video storage, event and alarm logging, reporting and statistics, among many others; depending on each sub-system.
And all this for what? Simply to be more efficient in our processes. (Remember that being efficient means doing the same thing with fewer resources, or doing more with the same resources.) In this case, Cloud-based Electronic Security does much more with fewer resources... so it is definitely a good option offered by the current market, with many benefits and strengths. But like everything in life, there are some weaknesses and threats that must be considered to avoid diminishing the quality of services offered by traditional systems.
Benefits and strengths
Security, stability. It is our main objective. That is, we cannot design and sell insecure security systems. Having some processes in the cloud increases the security of the entire system, because the servers where these processes run (for example, the main software of an access control and integration system, or the recorder of a video surveillance system), are in an environment of total security and reliability.
To do this, we must ensure that the servers we access are physically within a high-specification data center, redundant, with physical security, controlled environment, permanent electrical power, 24-hour human attention and multiple high-speed communications networks. In this way we guarantee that the processes that run on the servers are stable and secure.
Note, that remotely, it is difficult to determine whether a server has these features or not. That is, you could run the access control software on any home laptop, connected to the internet and from the remote point you would see exactly the same thing, as if you ran the software on a virtualization blade server, in a Tier-4 Data Center.
At first I couldn't see the difference. Only when performance demands greater speed and processing power or when environmental, electrical and safety conditions affect its stability, could you notice the huge differences. That is why I recommend you precisely, to make sure you know the real conditions of the servers, when you hire a cloud service. Trust in the brand of the person who provides the service, generates an important step.
Economy. Consider the total cost of ownership (TCO) of the entire system. To give reliability, stability and security to your traditional electronic systems, you should then invest in UPS, Data Center, physical security, high-tech infrastructure and trained human resources continuously, throughout the year ... this of course is worth a lot of money and not all companies can do it. When some cloud services are contracted, this cost is divided among all users and for a small part of the final cost we can access all the benefits.
Modularity. It is one of the main advantages. This means that when your security system requires more computing resources (for example more hard disk capacity, or greater data processing capacity), it is as simple as adding more capacity to your service contract. Normally these contracts come in modular packages, therefore you can increase your storage or computing capacity in a very short time, without incurring logistics expenses.
Technical Support and Service. As your servers are in a Data Center that always have supervision and human administration, a Help Desk service is usually offered (telephone or via chat / email), which allows you to instantly and continuously access the expert knowledgeable about your system and in this way solve technical, administrative or even commercial aspects in an agile and secure way.
On the other hand, having continuous supervision by a human, makes the system always updated and its performance is unbeatable. This saves skilled labor.
Update. You can rest easy with this topic. Because almost always the software to work from the cloud, looks updated daily and the cost of licenses and patches is fully included in the monthly service.
Compatibility. As the platforms to work in "the cloud" are massive in nature, many solutions offer full compatibility with recognized brands of remote devices. In the worst case we work with some brands, but the global trend is to be fully compatible with multi-brands or following an open and reliable protocol that many brands can implement. In this sense I must mention that there are brands that offer solutions in the cloud, only for their own devices and therefore there is no compatibility with all remote elements. The trend is to develop software that integrates everything with everything.
Performance and Efficiency. The servers that are used to virtualize parts of the process within a data center are usually of very high specifications, with multiple processors and high-speed data buses. This allows the performance of the software that runs on the computer to be unbeatable. Depending on the number of concurrent users accessing the server and the bandwidths of the communications channels, the final performance is compensated. Therefore, again it is important to ask about the quality of service offered by companies to avoid misunderstandings and achieve low performance.
Ubiquity. It is the ability to have the information and access to the entire security system, from anywhere on the planet. Simply with an internet access. It is perhaps one of the most visible advantages of the entire system in "the cloud". Do not depend on any local software, licenses or special equipment. Access from the office, from home or from the hotel on a trip; with the same possibilities of administration and monitoring.
Different types of query device. Whether from a desktop PC, laptop, tablet or smartphone; regardless of the operating system that each device has, you can do exactly the same procedures and actions in the access software, alarms or video surveillance.
Distributed Collaboration. Several operators of the security system can access (even simultaneously) the same software and do different activities. Operators or system administrators can interact through the same software package and distribute actions, segment resources, and manage large systems with fewer resources, in a synchronized and accurate manner.
Computer Security. Since all information is centralized, high-quality hardware and software elements can be placed to provide broad and sufficient security to all the information that is shared. This again lowers costs, increases security levels, and becomes more affordable to the end user, who would otherwise be impossible to have.
Redundancy. The servers in the Data Centers, normally have mirror equipment of information and data processing, to rule out the possibility of a stop of the service in case of any technical or operational eventuality. In the traditional case, you must double the investment and buy the software packages to automate the process.
Weaknesses and threats
Communications. The main weakness of the entire system in "the cloud" is to depend solely and exclusively on a data communications channel that gives us access to the Internet. This arises at both ends of communication: both in the remote site where the traditional devices are located, and in the site where the end user who wants to monitor and manage the system is located. Although there is a third communications point (the data center), redundant high-speed channels are almost always used to simultaneously service the entire registered customer base.
Distrust. Privacy. Who owns the information? It's the question end users always ask. And I must insist that the information in the electronic security system will always be from the end user; however, appropriate measures must be taken to prevent anyone from misusing the information managed.
Information Security. Then a new fear arises: Access and Authentication. That is to say how are the mechanisms to give access to information, at the right time to those who have the privilege ... And although we have talked about having all the computer security measures, there will always be the possibility of an unauthorized entry or an untimely blockade. It is in these issues where there are great differences between home and professional systems.
Loss of Control. That is, to depend on others. And completing the above fear, the fear of Suspension of Service arises, either accidentally due to technical or operational failures. Or intentionally with a desire to attack the system. Let's remember that we are never exempt from a hacker attack in complicity with the criminal who wants to do damage to the protected site.
Normativity, Laws. The absence of local or international regulations and the due fulfillment of them in each nation. We must recognize that these issues are new and that our justice systems are almost always quite backward. Then comes the issue of Responsibility. For example: in case of loss of information or unauthorized access, who is to blame? Who is responsible for the damages? Sometimes not even insurance companies respond satisfactorily.
Need for Computer Security. Then we realize that although the Data Center has an excellent information security system, we must extend it to the terminals of each user, operator or manager who uses the security system. This must be done through a VPN, Encryption Software, An excellent Firewall, an IDS system, Antivirus, among many other elements that protect us, but not only the server "per se", but the communications channel and the electronic terminal that we use to access the system. This generates an extra cost that was sometimes not visible.
Centralization. The same feature that we consider an advantage, becomes a disadvantage, when a single point of failure (OPF) is created in the Data Center. Hence the importance of knowing how to choose the provider of this virtual solution.
There are many more benefits and considerations, which we will learn in subsequent editions, where we will review some real examples of security systems, based on "the cloud". For now, keep in mind that the trend shown by the market is unequivocal: we are in a vertiginous ascent of the virtualized service and this will surely make us change our way of seeing the industry in the following months.
* Germán Alexis Cortés H. is a Colombian Electronic Engineer, with a postgraduate degree in Engineering Management Systems. Consultant of the National Institute of Standards and Technology – NIST, in Electronic Security and Building Automation. CCP of ASIS, and CISSP of ISC2. He has over 20 years of experience in the electronic security industry. Renowned lecturer and university professor on high-tech issues at the Latino level. He has been a director of several companies in the sector and is currently a partner and directs Insetrón Ltda, an engineering and technical consulting company in electronic network projects for security, communications and automation. He has successfully participated in more than 150 projects at the Latino level. Contact him in the email [email protected]
Leave your comment