There’s a saying in cybersecurity that “you can’t protect what you don’t know you have”. It’s a surprise, therefore, that the importance and value of a device inventory is often overlooked.
Using a device or asset inventory will allow an organization to keep track of the type, age and operational performance of devices, ensuring the identification of any technology gaps and necessary refresh cycles. An essential part of a rigorous approach to managing risks, particularly related to cybersecurity, here we explore the elements of effective device management.
One of the primary focus areas for any asset inventory is risk management and more specifically, cybersecurity. Combined with this is the hardening process, aimed at reducing points of vulnerability, which has often been seen as a time-consuming exercise, especially if implemented at device level. As a result, this is an area that is often overlooked during the commissioning process.
Batch device management
For fast and easy installation, configuration and management of devices, using a technology such as AXIS Device Manager offers security installers and system administrators an effective tool to manage all major installation, security and maintenance tasks. This can be achieved by handling devices either one by one or in batches, significantly reducing the time required for the hardening of devices from hours to minutes, while providing consistency across the full system.
AXIS Device Manager enables the user to create a configuration code that can be pushed to all Axis devices. The code is created in line with the Axis Hardening Guide, a technical resource that helps establish a baseline configuration as well as providing advice to deal with the evolving threat landscape. Axis follows the methods outlined by CIS Controls, Version 7.1 (previously known as SANS Top 20 Critical Security Controls), developed by the non-profit Centre for Internet Security that provides globally recognized best practices for securing IT systems and data.
While fast and easy configuration of new devices is crucial, it’s also vital to stay informed of what’s happening across your sites and security systems, including monitoring inventory status. This can be a complex and time-consuming process, so using a tool such as AXIS Device Manager Extend Base simplifies the necessary tasks. This is achieved with features including intuitive dashboards combined with remote site access that enable instant overview and insights of all devices across connected sites.
Efficient device commissioning
Before ensuring device security and monitoring inventory status, improving the efficiency of the general installation and commissioning process can enable significant time savings. In the same way that device hardening has been seen as a time-consuming exercise when implemented with a device-by-device approach, the same applies to commissioning.
An automated commissioning tool for batches of devices vastly reduces the time it takes to manage the process. This means increased productivity with the ability to take on more projects, or the advantage can be used to enable a reduction in cost for the commissioning process, helping to win new business with a more competitive offer.
AXIS Device Manager streamlines the commissioning process by automatically discovering any Axis device and managing the configuration. This includes management of IP addresses and monitoring connection status, as well as pushing firmware upgrades and camera applications. The software can restore previous settings if needed, and all communications are secure, using settings including HTTPS and 802.1X. The tool also provides the flexibility to manage devices individually if required.
The importance of patch updates
Following commissioning, effective lifecycle management of the system is crucial, particularly relating to security and firmware/patch updates. This ongoing process brings opportunities to system integrators but can also place additional responsibilities upon them. In the UK, for example, the Information Commissioners Office (ICO), the equivalent of Data Protection Authorities (DPAs) located in each EU member state, issues guidance specifically related to patch management. Failure to comply has led to breaches of consumer data, resulting in subsequent penalties.
The guidance states: ‘Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act* is serious to warrant a civil monetary penalty.’ (*GDPR equivalent.)
A worrying statistic reported by CSO, which provides news, analysis and research on security and risk management, is that 60% of breaches involved vulnerabilities for which a patch was available but not applied. If an end user is fined for non-compliance, but it has been the responsibility of a third-party systems integrator who would also act as the data processor, it can be assumed that the systems integrator would be liable for some of the associated fine. So why don’t businesses that are responsible for the service and maintenance of systems carry out updates when needed?
The time requirement is a common factor, combined with an absence of an efficient means of regularly implementing firmware and patch updates. Again, this is where AXIS Device Manager can be used as a fast and effective way of ensuring compliance. In the same way that it simplifies commissioning, the software can enhance the maintenance phase, turning a time consuming and costly process into a quick and efficient operation.
AXIS Device Manager can monitor device status, update firmware, and renew and manage certificates, as well as being able to restore default settings if needed. Reassuring customers that you understand the risk by demonstrating an effective process to manage this crucial aspect of maintenance will go a long way to building trust.
Monitoring the end of support phase
Finally, and equally important, is the replacement strategy for technologies that have reached end of support (EOS). EOS typically refers to the period where the vendor ceases support for the product or service. It’s vital for a company to have a strategy that includes a plan of how long it intends to continue to use the hardware or software once it reaches the stage, monitoring the technologies accordingly across their enterprise.
This information is crucial for IT professionals responsible for managing the IT policies and cybersecurity strategy of a site, because at this point the vendor will stop supporting with updates and patches. If alternative measures are not implemented, this will increase the risk of exploitations and a subsequent data breach. While not all organizations will look to replace technologies that have reached EOS, those influenced by their IT teams certainly will.
The ability to provide end users with a proactive approach to firmware updates will help to cement a relationship of trust by increasing their confidence in the security and compliance you can provide. If you are able to monitor systems and notify clients in advance when technologies reached EOS, rather than panicking at the last minute and realizing that they don’t have the necessary budget in place, this approach can help take your relationship to the next level.
Combined with offering an end user transparent advice on the operational performance of their installed technologies, AXIS Device Manager enables you to provide detailed information such as warranty period and EOS, demonstrating your reliability as a security partner.
As the convergence of technologies continues, there is an expectation that cybersecurity measures will be maintained. This shouldn’t be seen as an inconvenience to systems integrators, but an opportunity. If managed correctly, using tools such as AXIS Device Manager and AXIS Device Manager Extend Base will maintain your clients’ security posture. Not only will they save time and receive a positive experience through the commissioning process, the tools will also help system integrators offer new opportunities to a client throughout the life of their system.