By: VMware Sr. Manager PS&R Systems and Technology Philip J. Jang
In many ways today’s physical security efforts are like maintaining an old house—everything basically works, but the various components (insulation, wiring, plumbing) were designed for a different era. This makes physical security (PhysSec) a tempting target for sophisticated (and not-so-sophisticated) threat actors. Unpatched devices alone can be rife with vulnerabilities easily exploitable by hackers.
Let’s talk specifics
The PhysSec footprint of an average corporation with 10,000 employees encompasses ten buildings monitored by 1,000 or more cameras. In some industries, such as retail, it is exponentially more. So far, so good. The trouble is those cameras are typically different models from different vendors with different firmware levels. This results in more than 1.5 million configuration combinations that overwhelm PhysSec personnel—and is the reason most settings are noncompliant or malware friendly.
Research shows that 70 percent of PhysSec devices operate with their original passwords that are publicly available via manufacturer product brochures. In addition, PhysSec teams only do what’s called a device ‘heartbeat check’ once a week—but more typically once a month—to ensure the devices are working. That means a device may be inoperative for more than 30 days without PhysSec personnel knowing anything is wrong.
Technology changes the game
VMware as a whole is going through a digital transformation that impacts how we approach PhysSec. Today, our teams are able to deliver a competitive advantage by viewing PhysSec as an innovation sandbox, one that incorporates advanced technologies, such as artificial intelligence (AI), machine learning (ML), and automation. This also includes employing a Zero Trust approach to our mission-critical edge infrastructure.
This new approach came about because of the old adage—necessity is the mother of invention. VMware PhysSec now encompasses a variety of campus physical devices, including thousands of security cameras and access control systems from different manufacturers. These are deployed in all our locations across more than eight geographies. Had VMware kept the status quo as outlined above, the company would have been vulnerable to both physical and virtual attackers who employ the latest technology and methodologies to accomplish their illegal goals.
Magic behind the scenes
The VMware PhysSec digital transformation is made possible by a powerful driving force—SmartHub’s INFER™ built on VMware Edge Compute Stack™. Designed to connect the dots in your enterprise edge journey, INFER seamlessly undertakes constant device configuration and compliance checks (heartbeat checks) to ensure uptime for our operations, no default passwords are used, no misconfigurations are present, and the latest firmware patches have been applied. The software even continually pulls manufacturer information in order to instantly notify teams when a new security patch is available.
But that’s not all.
In the past, a threat actor breaching a PhysSec device usually meant they could gain access to a building or other secure area. Today, a hacker that is able to infiltrate a cloud-enabled device—which is the majority of them—can readily gain access to the entire enterprise ecosystem. INFER on VMware Edge Compute Stack changes that scenario by offering a whole new layer of security not possible with traditional solutions. Now physical structures and the corporate ecosystem are protected every moment of every day both by highly trained human personnel and AI/ML/automation systems.
The solution empowers PhysSec teams to employ AI/ML and automation just like other VMware product group. For the first time ever, they have holistic visibility into all PhysSec assets under management, can easily manage the lifecycle of these assets (monitor, manage, secure, end of life), and are able to enact foundational policies and procedures for any and all IoT edge systems. In fact, the system is so efficient that it only requires five PhysSec engineers to oversee each and every IoT device they manage with ease. Onlive!
Check back soon for more updates on this relevant topic. Read more about VMware security.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.