Security Resources

Risks and Costs of “The Cloud”

cart_with_globesIn the security industry, it seems that hardly a day goes by without a pitch for a new cloud-enabled service or managed device. While this may be true of numerous industries, the fragmentation of the market, range of sales channels, and large number of broad/overlapping concepts (e.g. “business intelligence” and “big data”) make for an especially confusing space without clear leaders. When you factor in a huge base of outdated equipment, marketing hype around certain technologies, and fuzzy ROI math, understanding your options becomes even more difficult.

A simple example of the state of technology maturity can be seen in today’s residential automation and security platforms. It is trivial to connect a few IP cameras and lighting automation modules to your home network. Likewise, your home security provider probably offers a control panel that supports networked communication – via your ISP or cellular – enabling features like remote arming/disarming and a virtual keypad to control other functions via a smartphone. The problems are encountered as soon as one attempts to integrate these point solutions into something more user friendly (and functional). Unless all of the cameras, modules, and other devices are provided by the same company, the odds of controlling all of them using a single interface are almost zero. Likewise, communicating between devices, monitoring alerts/failures, and aggregating data are made significantly more complex – all thanks to a lack of standards, closed architectures, and business models that rely on limiting your options.

For commercial customers – especially retailers – there are dramatically more complex offerings available. Video analytics can be used to count customers, measure wait time at the register, and determine which aisles and displays draw the most attention. Customer counts can be compared with sales to determine “conversion,” driving bonuses for store employees, and suspicious transactions can be flagged and investigated thoroughly by matching register transactions with intelligent video recording. Increasingly, systems that were traditionally standalone, such as HVAC, lighting, refrigeration, and EAS (Electronic Article Surveillance) are being monitored with the goal of creating a more holistic picture of store operations. Finally, there are a number of new entrants to the BI (Business Intelligence) space that specialize in remote video-based auditing, gathering of customer demographics/habits, and the deployment of smart displays and RFID, among many others. Like the residential example above, most of these exist as independent solutions, often provided and maintained by separate companies, using different communication protocols, reporting methods, and networks/clouds.

The problem of multiple providers and disparate systems is, of course, nothing new – but the growth of broadband networks, ubiquity of smartphones, and the value of remote control and data collection have converged to enable countless solutions that would not have been practical to develop just a few years ago. This makes for an exciting, if somewhat confusing, time as customers weigh their many options and vendors scramble to differentiate their offerings.

So how does all of this relate to the “risks and costs of the cloud?”

Symantec recently published a report titled “Avoiding the Hidden Costs of the Cloud” in which they identify a number of security and expense-related issues that organizations encounter when deploying services haphazardly. From the report:

However, in a rush to implement cloud, there are a host of hidden costs unwary organizations may face.
These costs are easily avoided with a little foresight and planning, but only if IT knows where to look.

The report was not created to address security or BI systems specifically, but many of their observations and conclusions apply. Among them:

  • Increasing use of “rogue” clouds
  • Compliance, privacy, and eDiscovery issues related to offsite data collection
  • Inadequate use of SSL (encryption) technology

Not directly addressed in the report are the potential issues related to adding edge devices such as people counters, IP cameras, and other control systems that feed data to the cloud. These include creating unintentional vulnerabilities across the enterprise network, the cost of patching and monitoring the hardware, and the increased reliance on a specific vendor for basic system functionality. These are critical considerations in security/BI rollouts, but they are frequently overlooked, especially at the early stages when the focus is on an exciting new feature or technology.

As Symantec points out, involving IT at the outset is a critical success factor when working to avoid unnecessary risk and cost. When almost every new solution requires a separate communication pathway, monthly fee, and reporting system – it is easy to see how the oversimplified notion of “the cloud” can spiral into an unmanageable and expensive program.

Opportunities abound to begin to make sense of all of this, and a number of providers are taking admirable first steps. In a future article, I will propose one method by which organizations can mitigate risk and streamline their approach to adding new data/control points to their enterprise.