Network security: AV/IT convergence14 April 2016
Once upon a time, AV security meant little more than providing a Kensington lock on a projector to ensure it couldn’t be stolen. Now, in an IT/AV converged world, it means significantly more, as Ian McMurray finds out.
According to a report by digital security company Gemalto, 707 million data records were stolen in 2015 in 1,673 separate breaches. That’s about 22 records every second. Since 2013, 3.6 billion records have been exposed. And those numbers may well be understated, either because the companies that reported the breaches didn’t actually know how many records were compromised – or because not all breaches were reported.
The need for IT security has never been greater – and, as AV assumes a position of increasing importance in the IT world, complying with IT security requirements has become a fact of life for manufacturers and integrators alike.
“The relentless evolution of new business requirements and potential efficiency savings means that AV devices and services have had to be granted access by IT managers – sometimes against their will – especially when they have the C-level board breathing down their necks for new features and services,” smiles Chris Rawden, collaboration and communications specialist at integrator Saville.
“For years, AV has had the luxury of being somewhat ignored, with AV solutions often operating on our own networks,” believes Paul Zielie, manager of enterprise solutions for Harman Professional. “However, now that AV/IT integration has happened, the reality of technology of all kinds on the network has made security a top priority for integrators and manufacturers alike.”
“AMX has seen these challenges, which is why we have really led the industry in a major push for IT security for a number of years now,” he continues. “We continue to look at ways that we can improve our technology to meet concerns of the modern IT world. That, really, is what our motto ‘AV for an IT World’ is all about.”
“Security is a very important aspect of AV/IT convergence, and recent events have made it very clear that it cannot be taken lightly,” notes Toine C Leerentveld, technology manager, control solutions at Crestron. “As Crestron has been at the forefront of AV/IT convergence, we have identified the major cornerstones of this convergence. All of these are equally important to us, since you really cannot call yourself converged until you’ve addressed all of them.”
Leerentveld goes on to explain how each device on the network should integrate into IT security’s best practices, with support for Active Directory Integration, 802.1X network security, industry standard encryption protocols such as TLS 1.2, SSH, SFTP, Remote Syslog and a full audit system. Security, he says, also means that manufacturers need to stay up-to-date with encryption and security patches that are released as vulnerabilities are found.
He also describes the challenges of scalability, noting how the proliferation of AV devices means that individual manual updating is no longer feasible, and creates a need for centralised support and management.
Providing necessary levels of security is far from purely a manufacturer responsibility – although the development of appropriate platforms is, of course, key. Integrators also have a crucial role to play.
“We’re really well placed because we have got the relevant skill-sets in the company,” says Pete Symes, senior product and solutions architect at AVMI. “My background, for instance, is in IT. I moved into IT 20 years ago, and branched across into AV five years later- and I’ve been working on IT/AV convergence products for 15 years, predominantly in the video over IP space. As such, I understand the security concerns. Everything I design addresses those concerns up front, making everything much easier – rather than putting something in and trying to solve the problem at a later date, which is a horrible way of working. AVMI has a lot of IT-savvy and network-savvy people who also have that AV knowledge.”
Having that in-house expertise is unquestionably a great asset – but no less important, from an integrator point of view, is the ability to develop appropriate relationships.
“By working closely with IT companies and teams, AV integrators like ourselves can deliver installations that are fully integrated with IT networks,” observes Toni Barnett, managing director of integrator CDEC. “IT/AV convergence has been ongoing for a number of years and, during that time, both industries have been building on shared experiences. AV was never truly an island; we’ve always had to link with other elements. At CDEC, we pride ourselves on learning, adapting, staying abreast of technology developments – and, perhaps most importantly, our ability to build collaborative relationships based on mutual respect.”
Kieran Walsh, regional manager of global support services for EMEA at Audinate, sees the integrator’s role as perhaps being simpler than many imagine.
“To comply with, and train in, IT security as a specialism is challenging,” he believes, “and often, integrators appear to be under the impression that they are required to do this. The simple truth is that they can rise to these requirements by learning some of the principles of security, and understanding how the networked system that they are proposing functions.”
“Also,” Walsh continues, “by having access to trusted sources of knowledge, documentation and training to cover any questions from the security specialists – who are likely not part of the client’s IT department in any case in all but the largest organisations – systems integrators can continue with their appointed role while interfacing on a professional level with specialists in other disciplines.”