Securing Security Management Systems - Cybersecurity

With the global average cost of a data breach now reported as US$3.86 million Cybersecurity has never been more critical. In addition, the average time to identify and contain a data breach or the “breach lifecycle” is 280 days in 2020 and so the effects of a data breach can be costly and very disruptive! (see IBM Security, Cost of a Data Breach Report 2020).

In this article, SPG Controls will explain why Cybersecurity needs to extend to electronic and physical security products to ensure business continuity and integrity.

What is Cybersecurity?

Simply put, Cybersecurity is the protection of any system that is connected to the internet, including both hardware and software. Customer and business data are usually targeted, and the resultant business interruption, loss of reputation and recovery can cause lasting damage.

For businesses, it is important to note that ” security” encompasses both physical security (as an example a lock on a server room door) and Cybersecurity (as an example protecting the servers with anti-virus software from vulnerabilities).

Cybersecurity also includes the study and implementation of various technologies that can help deter and prevent hackers from accessing unauthorised data. Cybersecurity specialists work hard to execute strategies to bolster a system and/or a network from cyberattacks. Some specialise in website security while others are more engaged in protecting hardware from external attack.

What Can You Do to Protect Your Business?

You can protect your business by ensuring that your security systems are certified to Industry standards and are robust and resilient to attack.

SPG Controls ARCO Platform is one of the most highly sophisticated security software platforms and can also be integrated with existing systems, meaning companies can re-use previous investments and re-utilise and re-purpose assets. ARCO is designed to work within secure environments. Every user and device communicates with the system through encrypted channels ensuring only authenticated and authorised users and equipment is connected. This is also essential for security when remote access is required.

ARCO Security is implemented in three ways

Secure Architecture

Businesses can benefit from the ARCO ‘ ‘Platform’s Onion Architecture which can be used in the cloud, on-premises, and in hybrid environments.

The ARCO Platform has different layers for each application. This is to isolate them from each other in the event of a cyber-attack. It also paves the way for better testing and maintenance of the application.

The ARCO Platform also has a domain-driven design. The domain model contains both the business logic and rules. Business logic is separated from the view and data access layers.

Secure Authentication

Remote connections and access are also protected by the ARCO Platform. Each of its functionalities are deployable through microservices, which communicate via HTTPS endpoints through a Web API. WolfSSL is used in the encryption of communication between any connected devices to the ARCO Platform through the S1000 controller.

Certificate-based authentication is used to further protect unauthorised access. The certificates are validated or revoked by ARCO Platform Integration Layers. Core services are run through standard strict Web API security checkpoints.

Java Web Token is used for access token validation. Every action of a user is passed through the token to ensure security. The ARCO Platform also uses modular access policies so that each ‘ ‘role’s permissions can be further controlled.

Secure Authorisation

Specific permissions dictate the features available to the user. Permissions are based from a set of roles (or access groups) assigned. There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard, will be able to select a role and this will define which objects can be viewed with what permissions.