Network security: benefits of training19 April 2016
Having looked into the impact of AV/IT convergence on network security, and revealed the issues IT departments fear from the integration of AV equipment on the network, we conclude by looking at the benefits of training for AV integrators to gain an understanding of the principles and issues of the IT security team, writes Ian McMurray.
Understanding exactly what is required in terms of security policies and implementation leads, of course, to the need for quality communication between manufacturers, integrators and end users. That can be of a formal nature, according to Toine C Leerentveld, technology manager, control solutions at Crestron.
“As a manufacturer, we work hard to keep in lock-step with the developments in security in the corporate world,” he says. “As an industry, we need to provide more training on security and enterprise deployments, so that integrators and AV departments know what to look for, and what to do.”
“The question is mainly one of trust,” believes Pete Symes, senior product and solutions architect at AVMI. “AV companies have got to earn that trust. The quickest way of earning it is to talk their language – in IT terms instead of AV. You have to show a thorough understanding of their concerns. If you walk into a situation where you don’t even understand their concerns, they’re not going to let you near the network – and quite rightly so.”
There is also a requirement to be prepared to learn – and to be flexible.
“The communication with the customer has changed,” claims Paul Zielie, manager of enterprise solutions for Harman Professional. “Rather than just getting a set of required features, there is a lot of give and take with various stakeholders, such as negotiating whether something will be secured via the network or directly on the device, which can impact device selection, or explaining the trade offs when security requirements impact functionality.”
The discussion is, according to Kieran Walsh, regional manager of global support services for EMEA at Audinate, one to be relished.
“Materially, the only difference between when I was integrating AV as an island and working in converged systems is the extra conversations with, and explanations to, IT departments,” he says. “This is actually a pleasurable activity. An initial meeting will likely start with suspicion, and evolve to curiosity – and with enough mutual understanding, any security concern and network policy can be adhered to and a working system can be delivered.”
Walsh goes on to pick up on an earlier theme.
“In general, the AV industry could benefit from training as to how to present systems that are capable of being configured by an IT security specialist,” he says. “In the IT world itself, security is a particular discipline, with niches as many and varied as those occupations found within AV. The purpose of being an AV systems integrator is not to be an IT security specialist, no more than an IT specialist should be required to understand the vagaries of AV. Simple professionalism is the only requirement, and bridging the skills and communications gap is a requirement for all who wish to ‘converge’.”
The bridging process to which Walsh refers is an ongoing one.
“The problem with security is that it’s a moving target,” believes Leerentveld. “Hackers are becoming smarter, and their attacks are becoming more powerful. As such, the IT security industry needs to keep upping its game to keep up with the latest threats. The AV industry needs to work closely with the IT industry to stay apprised of these changes, so we can be in sync, rather than a few steps behind.”
“I know that at Crestron we visit IT security conferences, read security journals and newsletters to ensure we know what’s coming next, and that we are ready,” he concludes. “I can’t speak for the rest of the industry, but I strongly believe that in the long run, only the companies that embrace the IT and security culture will be able to survive.”
There is, then, little doubt that leading AV manufacturers are acutely aware of the need to design-in security at the hardware and system software level – or that they have been working (and continue to work) to ensure that the needs of corporate IT security organisations are met.
That’s good news for integrators who can, increasingly, propose platforms that will be acceptable in security terms. The challenge here, though, is not for integrators to develop in-depth expertise in corporate IT security – but rather, to understand the principles and issues, and the ‘careabouts’ of the IT security team. That too is becoming increasingly the case.
As many in the industry note, however, security is a moving target with new threats emerging on an almost daily basis. As such, it’s incumbent on the whole AV industry to maintain the rapid progress it has already made as the move towards integration continues.