Physical Security in the Cloud is it Secure?

Steve Van Till writing in SDM magazine (registration required) tackles the question: If physical security is moving to the cloud where it can be accessed on demand by anyone anywhere (even with restrictions), how do we keep it secure?

Van Till considers the question in three stages:

• Define the varieties of cloud computing in use today
• Explain which models offer the best fit for physical security
• Suggest some ways to keep the cloud secure for these applications

Assuming that the number of physical security solutions using public clouds will continue to grow, what are some of the approaches the industry (or customers) can do to make sure these applications are as secure as possible?

First, there’s an old rule of thumb that says your security is only as good as your last security audit. Vendors need to perform standardized audits, and customers need to insist on them. Within the federal market, this audit requirement has been institutionalized in FISMA (Federal Information Security Management Act) and more recently with FEDRAMP, which has a specific cloud focus.

Second, there are many best practices that the cloud industry has already started advocating. Physical security service providers should incorporate these best practices into their own offerings. One of the best sources for this type of information is the Cloud Security Alliance.

Finally, buyers always need to take at least some responsibility for the security of their purchases. Ask questions. Ask about audits. Ask where the data is hosted. Ask whether the service has undergone penetration testing. There are many “top 10 cloud security” lists on the Web — download a few and learn the hallmarks for recognizing good, secure cloud offerings for your physical security solution.   read it all here

PSIM Buzz at ISC West 2011

The buzz at the ISC West trade-show this year was (PSIM) physical security information management. PSIM stole the spotlight at the event with IPVideo Corporation officially launching it’s PSIM offering, C3 Fusion, ADT acquiring Proximex, and then Verint announcing that it had acquired Rontal’s PSIM solution.

This article inSecurityInfoWatch.com discusses how PSIM will affect integrators and vendors.  There is no doubt that PSIM affords a lucrative opportunity for  savvy integrators who build a name as experts in this emerging market.

It’s All About the Connectors

Sharon Watson writing at Security Squared outlines the criteria integrators and their clients use when picking a PSIM platform.

“The first thing we look for is what integrations already exist; that’s the big one,” said Steve Rogers, vice president, LANAIR Group, Los Angeles, Calif., which implemented a PSIM solution from Proximex at Port of Long Beach.

“Getting all those systems to plug in and relate events is a major, major piece of work,” said Greg Thornbury, vice president, SecureNet, a Carollton, Texas-based integrator researching PSIM solutions. His clients in oil/gas, petrochemical and finance sectors tend to have old versions of major systems as well as homegrown applications. His question for PSIM vendors is who they connect with and how.

“The value of the product is in the hooks,” said Ayal Vogel, vice president, sales and marketing for Safeguards Technology, Hackensack, N.J., which has worked with Mer Inc., Fair Lawn, N.J., to date. “The value increases by the number of connectors that are preexisting,” he said.

C3 Fusion uses it’s Unified System Connection Protocol (USCP™) to connect to security subsystems.  USCP is a unique bi-directional messaging system that allows for interface with fusion snap-on connector services completely outside of C3 Fusion’s core software. The connectors provide continuous network integrity testing, and buffering for lossless network fault recovery. Connector Development Kits (CDKs) make USCP available to third party developers.

A successful PSIM application must be able to support a variety of connections including legacy and industry specific custom subsystems to the latest in physical security devices.