Understanding and Addressing Reliability Challenges with Cloud-Based Security Systems
Without question, the cloud has transformed the security industry landscape in recent years. And with good reason, as storing security data off-site in centralized data centers delivers a number of advantages, including physical protection, data backup and redundancy, cybersecurity and other factors that go far beyond what on-premise solutions are able to provide. For mission-critical security functions like video surveillance, access control, identity management and more, these advantages are extremely attractive for reducing risk.
Still, even with so many advantages, working with the cloud creates certain challenges at times. Fortunately, there are a number of best practices that can help optimize system availability. Below are actions, procedures and technologies security management can employ to maximize the benefits you get from cloud-based security solutions.
Choose the Right Cloud Service Provider.
Perhaps the biggest variable that can affect the availability of cloud-based security systems is the cloud services provider who will host video and data for end users, as providers are solely responsible for ensuring the availability and reliability of this data. Recognizing this, the overwhelming majority of companies operate under stringent service level agreements that guarantee a particular level of uptime.
While some providers promise uptime and availability as high as 99 percent – or more in some cases – not all cloud service providers’ service level agreements (SLAs) offer that level of guarantee. And for those who do offer virtually 24/7 uptime, uptime guarantees often come with a number of caveats. For example, among the exceptions that release a provider from providing 99-percent uptime are network issues not within their direct control, client negligence, “acts of god,” scheduled maintenance and more. These will be clearly spelled out in the SLA, so it’s vital that you take the time to carefully sift through and understand it. With physical security, the stakes are incredibly high, so even if you’re working with a limited budget, cloud services are not an area where you should shop for a bargain. In many cases, the best choice is a leading provider who is committed to best practices, possesses the capacity to offer full redundancy and has a lengthy track record of success.
Have a Backup Plan for Connectivity.
Despite the exceptions to SLAs, the reality is that any issues with connecting to data stored in the cloud rarely have anything to do with the service provider’s datacenter. The most likely culprit is internet connectivity, leaving end users unable to access their hosted data or even perform management functions such adding or removing users from their access control system until their internet connection has been restored. The good news is that there are ways to combat this possibility, including using cellular to provide backup connectivity. While this may not restore the ability to move large amounts of data, chiefly video from surveillance systems, to the cloud, it will ensure the continued ability to perform updates and management changes. This is especially vital in situations where no amount of management downtime is acceptable.
Make Sure Security Data is Secure.
Maintaining the security of video, access control and other system data is another area that lies squarely within the purview of the cloud service provider. The majority of providers ensure that their data centers incorporate strong cyber and physical security technologies and measures, including both physical walls and logical firewalls. These measures are designed to protect data and the servers where it is stored from theft, sabotage, damage caused by natural disasters, such as fire and flood, and more. Further, communications between end user sites and the data center is encrypted according to industry standards to further improve system security.
Not all providers utilize the same measures, and there is no uniformity in the way they structure their security programs. For example, while it’s logical to assume that all data is encrypted at all times, there are still questions to consider. Who controls the encryption keys, and does data remain encrypted once it reaches the service provider’s servers? Ideally, the answers to these two questions should be the end user, and yes.
A growing number of security professionals are turning to the cloud to seize on the well-documented advantages this model offers. Although the majority of organizations using cloud-based security systems will never experience problems, it’s important to understand that there is potential – however small – that access to security data may be interrupted. Therefore, it is in end users’ best interests to take the time to understand the factors that could impact the reliability of these systems and work with their cloud service provider to minimize the likelihood that they will ever occur.