According to IBM’s X-Force Team, vulnerabilities in cloud-deployed applications are growing with close to 3,000 reported cases last year. This represents more than a 150% increase over the past five years. So whether you are migrating to a private, public, or hybrid soultion, these considerations are important to understand.

There are many benefits to migrating to the cloud. But, a weak system or poor management by the cloud host could result in a variety of issues adversely affecting your organization. From a physical security perspective, the unauthorized viewing of your proprietary cameras is possible as seen in the 2021 Verkada breach that exposed schools, women’s clinics, and corporate headquarters when hackers gained access to 150,000 surveillance cameras.

Potential Areas of Risk:
With this type of access, there is also the possibility that hackers could disable your access control, building management or intrusion detection systems. Other vulnerabilities include the unauthorized gathering of confidential data, deliberate and malicious destruction of data and ransomware attacks. These examples are some of the reasons why it is important to carefully screen the cloud provider and understand how they address potential cybersecurity events and support.

Remember that although you have confidence that your cloud host maintains adequate security controls, you are ultimately responsible for issues if there is a breach. Reminding anyone considering a move to the cloud to maintain proper security at the office and due diligence with the cloud host, Mary Ann Davidson, CSO at Oracle says, “You can’t outsource risk.”

Poor security management by the cloud host is not the only negative when considering a move to the cloud. One of the most common drawbacks of cloud computing is that it relies on an internet connection to move, store, and manage information. A poor or interrupted connection could hinder access to the data stored there.

Other areas of concern include:

• Risk of “lock-in” by the cloud host where you are essentially forced to continue using their service even if the quality becomes poor
• Less control over the underlying cloud infrastructure provided by the host
• Challenges associated with the complexity involved with the integration of legacy systems
• Unforeseen additional costs
• Data privacy and online threats
• Data deletion once the business relationship with the cloud host concludes

System Hardening:
There are certain things you can do to harden your systems to reduce the potential for breaches of your systems. First and foremost, make sure your organization has and follows strict security protocols and requires the same from the cloud host.

Proper configuration is frequently identified as an issue, followed by: routine password protection and updates, failure to complete regular security system patches, and maintaining the current version of software.

Other considerations include segmenting networks to reduce opportunities for unauthorized users from moving laterally once the system is breached and installing cloud monitoring with the ability to detect API (application programming interface) misconfigurations and other anomalies.

Regardless of which cloud enviornment and system deployment strategy you decide on, a strong partnership between corporate IT, the cloud service host and physical security is paramount to overcoming the challenges with cloud-based physical security systems.

This blog is intended to be one of a series of blogs on cloud vs. on-premises physical security systems. If you’d like a full guide to cloud-based physical security system hosting and management, download our whitepaper here.