Access control in a hybrid-cloud environment
Moving access control systems to a hybrid on-premises and cloud environment can help security leaders balance protection with operational data.
Cloud technologies are becoming more mainstream, and many organizations are now considering transitioning from on-premises access control systems to cloud-based solutions. Only a few years ago, the ‘inevitable shift’ to all things cloud was met with guarded optimism. But today, the shift is becoming more of a reality.
A number of organizations have migrated to a hybrid-cloud environment, which uses both on-premises and cloud storage. This hybrid environment can create a bridge to the cloud to modernize their existing infrastructure by adding cloud-connected appliances or devices with cloud-based software and storage. They can also connect remote sites with cloud solutions or run specific applications in the cloud.
A hybrid solution allows organizations to keep on-premises servers for existing technologies and add other cloud-based security and business systems as needed. However, there are specific security considerations to take into account with a hybrid-cloud access control environment.
Security & business implementations for hybrid-cloud access control
A hybrid access control system can go far beyond just locking and unlocking doors by collecting data from multiple sources to help with business operations. For example, an access control solution can track who is authorized to access certain areas and combine this information with video surveillance and other data sources so that an operator can have visual verification that the person’s identity matches their credential.
With a hybrid solution, this opportunity for unifying different data sources is amplified. In addition to connecting to access control and video monitoring systems, the system can also pull in data from other devices like temperature or humidity sensors used by building management systems. It can also leverage information from sources such as human resources. This can help security as a function position itself as a business value add, helping to streamline operations, improve employee and customer satisfaction, and increase efficiency.
In hybrid systems, sometimes the cloud portion of the solution is used mainly for this kind of data aggregation. The cloud system communicates over the internet to the on-premises solution, but is not part of the hardwired, closed network. Intrusion management, for example, can be an on-premises system and communicate via the cloud to an access control solution that is either on-premises, hybrid or cloud-based.
Cybersecurity best practices for access control systems
There is a misconception that cloud systems are less secure than on-premises systems. Although there are more points of connection to the internet in a cloud-based or hybrid deployment, these can be configured to be resilient in the face of cyber threats.
Legacy access control solutions had one purpose: to control entry to facilities or buildings. As long as the system continued to lock and unlock doors, it was easy to take for granted. But the technology has advanced since then — and so have the risks. Legacy access control systems are vulnerable to new cybersecurity threats because the traditional practices for installation do not meet today’s security protocols.
It’s important to work with security partners to ensure that any locally controlled systems are properly secured. For example, a hybrid-cloud system will have separate networks within the same environment, so that the local area network that links the access control devices is not connected to other networks in the organization. If there is a breach, it will remain isolated to this network. In some cases, there can even be several different networks set up to limit exposure of the system in the event of a cybersecurity incident.
An important aspect of cybersecurity is how the system is used by operators and administrators. Human error is often the weak link. When people reuse passwords, share profiles, fail to change default passwords, or don’t properly configure their system’s security settings, it creates more opportunities for bad actors to gain access to the system. Whether the system is on-premises, hybrid or fully cloud-based, security personnel and the IT department need to ensure that all staff members are properly trained to follow cybersecurity best practices.
There will always be a need for on-premises servers for some organizations. The trouble is that there’s a lot of extra work and cost involved in maintaining the infrastructure. Ongoing IT support, handling hardware and software updates and optimizing device performance are resource-intensive tasks. Over the long term, all these things add up and can become costly.
A hybrid-cloud access control system can allow security leaders to be more strategic in their physical security deployments. Moving some aspects of access control to the cloud can help take the strain off the team’s time; provide operational and business insights; and give access to cybersecurity and data privacy advances.