Feb 06, 2022Ed. Note: This article was previously posted at Campus Safety.
Security is a top priority for the education sector, particularly physical security that ensures the safety of people and facilities throughout large campuses. In many university environments, safety officers rely on devices, including surveillance cameras for real-time video streaming and incident recording.
Universities often deploy thousands of Internet of Things (IoT) physical security devices across dozens of buildings and outdoor spaces. However, they struggle to keep these devices operational, secure and online 24-7-365. This is because they lack a way to automate the management of these devices under one platform. Without full visibility into a campus' IoT device fleet, it's virtually impossible to handle the operational management of each device, at scale. How can campus security ensure the safety of its people and facilities with a lack of basic information like whether a camera is down or needs maintenance?
Ultimately, campuses need a solution that can shine a spotlight on all operational maintenance and cybersecurity gaps, across the entire device fleet. This campus-wide visibility and control is key to maintaining device operations and ensuring they fulfill their critical security role. In short, educational institutions frequently face a number of challenges that impact their physical security posture. Here are three questions every campus security team can ask themselves to ensure the operational efficiency of IoT devices:
Are all my devices fully operational?
Shockingly, nearly two-thirds of organizations lack visibility into their IoT environment. Without this basic information, how can a security team efficiently maintain, update and secure devices? Spoiler alert: they can't. This means devices could be out of date and not working properly; or worse, they might be completely down and off the network—and campus security wouldn't even know it. It's no stretch to say this greatly weakens a campus' security posture.
Are all my devices compliant and secure?
Campuses often deploy different types of devices—even within a certain category like security cameras. Devices can come from different manufacturers with different software and requirements. Staying on top of the latest compliance standards is a huge administrative burden, but it's a must. With the adequate level of visibility, every device should at least be clear of any known vulnerabilities.
Password rotation is also critical to staying compliant. Password rotation is either not performed at all, or in the best case is done manually—but not at scale given obvious resource constraints. It's quite common to find that past breaches were caused by poor password rotation. Last, but not least, the ongoing maintenance of firmware upgrades is a challenge for organizations. Same as password rotation, firmware upgrades are largely done manually, which is costly, time-consuming and error-prone. The result is organizations rarely upgrade firmware—even those with vulnerabilities—leaving their devices exposed to potential cyber-attacks and operational failures.
Do you have an automated way to handle the operations of your IoT devices?
A lack of visibility into devices throughout a campus drastically inhibits control over device quality, status and security. If a camera fails or an access control system goes offline, the security team must investigate manually. This is very time-consuming and a poor use of resources. The key to addressing an incident in a timely manner is to have an automated way of managing the operations of your devices.
With a comprehensive IoT operations platform deployed, all devices become visible and can be managed from a single console. This infrastructure should also give the safety/security team access to detailed, actionable real-time analytics representing all on-campus sites and cameras. As a result, the team can respond rapidly when alerted, and continuously monitor the health status of all devices. They can see which devices are nearing their end of life or pose a compliance risk or a vulnerability. It's possible to plan more efficiently for replacement and remediation. Automated alerts from the system identify device malfunctions, so the team can respond without delay.
Roy Dagan is CEO at SecuriThings, a company that provides software to help campuses monitor and manage their IoT devices.
