Besides intrusion from outsiders, acts by unauthorized employees to steal stored data have also taken place. The protection of data thus requires not only encryption and authentication but also authorization, according to a blog posting by Genetec.
Security systems are meant to protect lives, assets and premises. Yet increasingly, security vendors and users are also asking the question: how to secure the device itself? Besides intrusion from outsiders, acts of theft by unauthorized employees have also taken place. The protection of data thus requires not only encryption and authentication, but also authorization.
That’s the point presented in a recent blog by Genetec, at a time when the topic of data protection has gained more prominence in the security industry. While security systems such as access control, video surveillance, and automatic license plate recognition are meant to prevent or investigate crime, they collect data on ordinary citizens going about their daily lives. If not fully protected, the data is subject to intrusion and hacking, resulting in private information being leaked out.
Aside from outside intrusion, illegal activities from within shouldn’t be ignored either. “With the increased integration and collaboration between systems, there are more entities than ever interacting with our security systems and accessing privileged data,” Genetec said in the blog. “In addition to protecting access through proper authentication mechanisms, we need to ensure that we can control who sees our data and what they can do with it.”
Traditionally, data security is achieved through authentication, or making sure that the person accessing the system is indeed who he claims to be. This involved passwords, tokens, biometrics, or a combination of all three. Encryption, meanwhile, ensures that the data transmitted between two trusted parties are coded and known to them only, not outsiders.
A third element to data security, then, is authorization, or the function that enables security system administrators to specify user access rights and privileges.
According to Genetec, to protect the data in a security system, administrators should be able to implement detailed user access privileges, select the information that can be shared internally with partners and authorities, and control how long data is kept. Logical partitions and defining user privileges are just two mechanisms cited by the company that make this possible.
“By configuring logical partitions, administrators determine whether one or more users can actually view specific data like recorded video,” the blog said. “If the user is not granted access to a partition, he or she will not be able to view archived video located within that partition.”
The next step is to define a user's privileges. “For example, although a user can view archived video, his or her privileges will determine whether he or she can export, modify, or delete that video. This ensures that recordings can only be managed by those investigators with sufficient access rights. This mitigates the risk of evidence being sent to unauthorized parties,” it said.
The blog concludes that when administrators manage what their personnel can see and do, they are ensuring the security of the data transmitted and stored within their security system. This not only increases the security of the system as a whole, but it also enhances the security of other systems connected to it, Genetec said.