printer friendly version

Necessary evil or critical ingredient?

You can say it a million times and a billion people will agree with you, but we all do it anyway. Security is still not seen as a necessary component of business, not even IT, and is therefore still a necessary evil in the eyes of most people – or a grudge purchase as so many people keep saying. The result of this is a minimalist approach to security where cheaper is better and the budget makes your decisions for you.

And then security gets a bad reputation when things aren’t miraculously 100% secure.

An online site devoted to security recently wrote an article about a Chinese surveillance manufacturer, Hikvision, which had changed its terms and conditions to exclude any liability for its kit being hacked. This naturally caused a few people to comment and complain, but the reality is they are doing the same thing Microsoft, Cisco, Oracle and every other company does. Microsoft’s history of producing secure software speaks for itself, that’s why we need firewalls and anti-virus and other third-party applications on our computers.

Which surveillance manufacturers take responsibility for hacks? I’m guessing the number would be very close to zero, actually exactly zero. I would suggest that the cyber security problem the surveillance industry is now starting to face is not the fault of the manufacturers – they have partial fault through the production of poor software and through using untrusted components – but it is a shared responsibility.

Installers and integrators must also share in the blame. Understanding the risks of the information world is essential if you are going to be adding something to a network, whether it’s your home network or a large organisation’s. Moreover, catering for the risks in collaboration with your client’s IT people should be a given. Of course that doesn’t happen because we all have our things to do and security is that guy’s domain.

The end user also shares the blame. The customer should make the rules and ensure, for example, that all the changed passwords are in the hands of the security manager (or whoever is responsible) and not left as defaults or a secret the installer keeps to himself. That is probably the simplest step in ensuring your own surveillance system. It might also be worthwhile doing your homework and dictating what you want your products and infrastructure to do instead of going for the cheapest, or the one the salesperson gets the best commission on.

Whether you are making your home more comfortable, securing an estate, buying a new laptop or installing a new Internet of Things platform, the reality is that you will have problems if you see security as a necessary evil that you have to pay for just in case.

Security needs to be an integrated component of everything we do. This will automatically make us as users more aware of what we need and how we should use what we have, and it will make the systems we rely on more secure. With security designed into the architecture from the start, there will be fewer hassles trying to add it on later when your budget is already spent.

Andrew Seldon

Editor

Share this article:

Further reading: