Keeping with that, what are some other best practices for security integrators to follow in interacting with the end users’ IT departments and their networks?
DAVID SIME: It’s important the physical security integrator really understands the client environment and the different departments there. Often as they partner, the specializations increase. And you are trying to interface with one department, although they say they’re the guys to be talking to, that might not be the best entry point to start that conversation or bring the project through. You’ll get so far into a deployment and all of a sudden the roadblocks will show up, and they’ll say you didn’t apply these practices or use best practices on the network layer. It’s important to realize who are the decision makers in that organization, and ensure you’re talking to the right one.
DRAKO: Security integrators need to have sufficient knowledge of cyber-security to be able to gain confidence of the IT professionals who are increasingly involved with physical security solutions. The integrator needs to provide clarity about who is going to be responsible for cybersecurity: the integrator or the customer? Who is going to be responsible for updates/ OS patches/security, patches/AV and software/firewall changes? These items all need to be coordinated and controlled to maintain security. In large organizations, the IT team will normally take control of these items. In smaller organizations, the integrator may be relied upon and can provide a managed service, provided he has the network skills.
WILLSON: You can’t go in with a one-size-fits-all [approach]. I worked with a manufacturing company that was told to change their passwords every 90 days. There’s no clear justification for doing that, other than somebody somewhere along the line said that’s how you’re going to prevent a hack. It doesn’t make sense and it didn’t make sense for this organization. It shut down production for two hours every 90 days while they reset passwords, without any hint of any breach or any problems in their networks. You’ve got to be very cautious with best practices, and align them to the culture of the organization and their mission.
THOMAS: It’s also important to have IT professionals on staff. I’m not sure we’ll ever have cybersecurity professionals on staff. But we need to have people that at least understand how to deal with them. Many of our customers now are forcing us to hand over any piece of new product to them, and actually have it whitelisted within their own company. We hand over a camera, it disappears for three weeks, and it comes back with a pass or fail. We’re encouraging our customers to take on that responsibility as well.
