Consumerisation and collaboration bring many positive changes to the enterprise. Employees can now use the devices they prefer. Through social media, they have also become used to sharing and communicating more readily with friends and colleagues. However, these changes also introduce security risks – just who and what have you got connected to the network?
If it was simply a matter of traditional IT products and regular employees, that would be complicated enough. Now all manner of smart devices and itinerant visitors are connected.
In a concerted industry effort to tackle these types of issues head on, cyber security is for the first time going to form part of conference discussions at the forthcoming Audio Visual (AV) event, Integrated Systems Europe (ISE) in Amsterdam in February. The industry’s two main associations, CEDIA and InfoComm have assembled an array of experts to discuss cyber security and the associated risks over a morning conference on Friday 10th February.
This initiative is to be welcomed as the security aspects of IT rise to the fore. Technology is not only pervasive in working environments, but also an integral element of our home lives as consumers. Widespread use can breed complacency. Organisations need to have the tools, systems and processes in place for technology to be used safely and securely in the workplace.
In many organisations cloud based services are simple to buy to extend a project without bothering IT. Employees are also used to bringing or wearing their own devices. This trend towards ‘shadow IT’ and BYOD (Bring Your Own Device) has few technical boundaries. So, when a meeting room screen needs to be connected or a video feed is required it is equally easy to buy consumer AV devices or services.
This ‘BYOAV’ (Bring Your Own AV) might seem innocuous, but AV technology, consumer and enterprise, has followed the same trends as many other technologies. Cost reduced (so easily affordable), network ready, often wirelessly (so always accessible), and open (so should be interoperable). But it also introduces, often invisible, security issues.
AV equipment is frequently placed in locations where presenting and sharing involves third parties, either as recipients or co-presenters. Guest access to Wi-Fi networks is expected too and should be secured or managed, but connections to AV equipment are more lax. Older systems may still rely on VGA connectors and cables. Sophisticated modern AV installations and low-cost consumer options are increasingly wireless. Even if they include security, the chances are high that it will be different to devices from other manufacturers in other rooms. It will also most likely be different to what is already in place elsewhere in enterprise IT.
Some control and consistency will need to be imposed, but historically, AV installations have been part of office management and facilities, often with little involvement from IT. Current AV equipment is highly sophisticated. Its potential impact both on fixed and wireless networks and security, means that AV needs to be incorporated and integrated into the IT management function.
AV also needs to be considered as part of overall enterprise security. Decades ago, some companies worried about the ability for snoopers to pick up the signals from monitors from a car parked outside of offices. Today badly protected wireless devices and networks pose risks. So too do big bright screens that can be photographed surreptitiously by mobile devices.
Snooping by visual means or via an unprotected wireless network both constitute security risks when using AV. So too does the way that users – employees and third parties – authenticate to use or access AV systems. Dial-in codes, logins and guest access should all be treated in the same rigorous way as any other IT security. As it becomes increasingly simple to seamlessly share content electronically, so it has to be managed.
This has to include a combination of polices and processes as well as tools, but the first step is to understand the scale of the problem. To do this requires co-operation and integration between those involved in AV and IT. It starts with better understanding of the current capabilities of products available and the direction of innovation.
The AV industry has undergone much recent innovation. With large display technology becoming much more affordable, screens are popping up everywhere. These include ad hoc meeting spaces and huddle rooms as well as more formal conference rooms. These are being made accessible by companies from Google and Intel to Barco, Sony and AMX. These companies also attempt to apply security and control through their own, different, systems.
Each are all very well in isolation. In mixed environments with so many other elements to consider, IT security needs to seamlessly consolidate diverse technologies. If the measures that keep AV systems secure become too complicated or restrictive, users will simply bypass them.
In addition to AV/IT integration, IT security managers need to extend security training and best practices to include visual and audible components. Unwanted data leakage is not just what is sent over the network, but may also be what is seen and heard.
AV security now needs to be taken seriously within IT. Given the current focus on collaboration and collaborative tools, IT managers would benefit from engaging with AV professionals. This could include a visit to major trade shows, such as ISE, and perhaps taking time to look in on the conference on cybersecurity.