AV Security: It's Time For An Upgrade
John Laughlin, CTS
CEO and President CTI, YPO member, AIA CES provider for 15+years
It's time for the AV industry, especially AV integrators and manufacturers, to level up and prioritize security in designs and products.
Period.
That was a recurring theme at the PSNI Global Alliance PVP Design Summit last week, which included a panel focused on Network, Workplace & Cyber Security.
This annual PSNI gathering brings designers and engineers from the integrators in the Global Alliance with our software and hardware partners. It's a fantastic opportunity for learning, exchanging ideas, airing challenges, and networking. (In the face-to-face sense.) There are a lot of knowledgeable people in that room.?
Security wasn't the only concern at this year's PVP Design Summit, but it was paramount. "It's not theoretical anymore. They'll yank your entire liability insurance," noted our CTO, Eric Snider CTS-D at one point during the panel, discussing what happens after a security breach when insurance companies investigate and search for liability.?
"The first thing they're going to ask is what security was in place," added one of the vendors on the panel, "air-gapped is not providing security and won't look good when an insurance company comes looking for their money after a breach."
Fear of liability isn't the motivator we're looking for at CTI . Or PSNI. Our goal is to do the job right, and 'right' evolves. But fear of lawsuits can be a powerful motivator for companies that aren't currently prioritizing security or for vendors managing tight margins in an industry that demands that we do 'more with less.'
领英推荐
Doing the job right means training staff, consulting security experts, working with third parties for guidelines and assessments, and, as several panelists pointed out, moving beyond the idea that segmenting the network is the end-all of AV security. It also means introducing security not just to your designers and engineers, but educating clients, whether they show up with security concerns, or haven't yet considered them. At the very least, it means staying on top of software and firmware updates that patch security flaws.?
As several panelists noted, the rapid incorporation of AI and machine learning into more and more AV products will introduce a new set of security challenges.
Some are obvious: if a collaboration tool includes AI-assisted writing, chat, or research tools, you have to ask who has access to your 'conversation' within that tool. Will a?competitor find your trade secrets in the answer to their query???
Some less so: if you give a device autonomy to scan faces and process video and voices during conferences, do you need to monitor what happens with that data? Is your AV or IT team keeping an eye on 'features' that might be slipped into BYO devices that connect to the AV system? Can the AI in devices be hacked or breached??
I suspect pen testers, the ethical hackers you hire to root out flaws in your system, will have a field day with AI. Or maybe not. That's why you have them attack it, so you can find out what's broken and fix it.?
Finding out what's broken and fixing it should sound familiar to any AV integrator. Bringing that attitude to security, or 'cyber security,' if you prefer, should be your next stop in AV if you aren't already there. As always, if you have any AV or Live Events needs, please reach out to us at CTI.
Director of Enterprise Solutions & Strategic Partners - Americas
1 年It was such a pleasure to be on the panel for this discussion. Thank you to PSNI for hosting such a great event and thanks to CTI for the article and helping to push our industry forward!
Advocate and expert in the command-and-control market ?? Keynote speaker ?? Sales coach ?? Force multiplier ?? Connector ?? Global Director for Barco Control Rooms
1 年Thank you for bringing this to the forefront of the PSNI Global Alliance community. Product security in these days of #AVisIT is of utmost importance. I love the comment about “airgapped is not providing security” as that seems to be the default for a lot of AVoIP and related technologies. Hardened products without direct access (i.e., web servers), certificate-based encryption, zero trust architecture, and more should be first and foremost on manufacturers’ (and subsequently the specifiers’ and integrators’) minds. Incredible topic. Thanks for sharing, John!
Regional Sales Manager - South Central
1 年Planning is a vital pillar of security for organizations. To effectively address security, it is crucial to establish a comprehensive security plan fortified by well-supported policies. Without such a plan, detecting, responding to, and mitigating security incidents becomes challenging. A well-crafted security plan encompasses various policies, including Patch Management, Employee Training, Vendor Assessment, Password Standards, and more. These components along with others collectively form a multi-tiered approach (defense in depth) that is indispensable for robust security. It is highly inspiring to witness industry leaders prioritize and emphasize topics of this nature!
Technology Executive ? Delivering technology and sales solutions to achieve a better understanding of business to support informed decisions across the entire organization
1 年This is exactly what we have been bringing to market. I’d love to share ideas along with what we are seeing in this space. Feel free to send a message and we’ll set something up.
Retired / EIR Chief Executive Officer at Intelligent-Data
1 年From an AV integrator's lens, basic design, isolation & device identification is basic stuff, but you suggest (I think) that the AV ecosystem go beyond this to vulnerability on the attack surface solutions? Such documentation discovery ( mentioned) must happen WELL BEFORE ANY INSURANCE & INSURANCE is absolutely the last element of investment. The AV ecosystem in my humble opinion will never be able to build a credible IT team to the point where fear of liability will be a point of concern; this is the clear responsibility of the IT team or better yet the partnership it has with an outsourced MSP or MSP, SOC/SIEM. So what can an AV integrator do to pivot most to the correct awareness of Cyber security? What can any AV salesforce understand that would enable their pitch to have enough gravitas to be heard? Answer...AV integrators should represent or resale Managed Service Cyber platforms where coupled with a security minded SE can assist the sales force in explanation of those platforms. That said a decision must be made to focus on internal or external threats so as to build a proper ' product plan' of well respected & PROVEN Cyber Sec partners. AV already has little credibility nor credentials to even sit at the IT table