Security Systems should be Secure
In my prior “Introductions and Motivations” post I proffered an opinion that a home security system should not put the home owners personal information and data at risk. In other words, the security system itself should not become another security nightmare for the user. And yet in most instances I find that contemporary security systems do exactly that…
By their very design and implementation many home security systems expose the home owners information and data to would be cyberthieves by making that information and data available on the Internet. It seems like every day we hear about another security breach in which a cyberthief stealthily reached across the Internet and into a network server system and made off with sensitive data, more often than not, making off with lots, and lots of data.
Against this backdrop we find that many, perhaps most, contemporary home security systems employ use of “cloud” computing as the center of their security system. In these configurations what you normally will find is that, within the home there is a device referred to most often as the “hub”. The hub is connected to the home router and via that, to the Internet. Sitting out on the Internet someplace is a plain old network server that serves as the entry point to the security cloud computing services. The home owner information and data are collected by the hub from security devices and directly from the home owner in some cases. That data is then forwarded on to the cloud computing system where it is stored and processed. And therein lies the rub; the cloud computing systems are connected to the Internet and therefore are subject to attacks by cyberthieves via the Internet. In effect, the cloud presents a front door to the security system information and data.
The CEO of Cisco put it well likening this to “a security nightmare” when commenting on cloud computing security risk potentials. In February, HP Fortify released a report summarizing their review of home security systems that employ use of Internet of Things and cloud computing technology and concluded they present the “the Frankenbeast of Information Security”. In their trials of 10 different Home Security Systems the report finds:
- ”10 in 10 systems were vulnerable to account harvesting via the cloud interface”
- ”10 in 10 systems allowed weak passwords”
- ”10 in 10 systems failed to implement account lockout defense”
- ”7 in 10 systems had security posture variance between cloud, web and mobile interfaces”
- ”7 in 10 systems had serious issues with their software update systems”
- ”9 in 10 systems lacked a two-factor authentication option”
In other words, the engineers at HP Fortify were able to use brute force means to break into all systems tested. If they can do it you can be sure, the cyber thief can too.
The problems related to security are one of the primary reasons our efforts are focused on implementing the IlluminaVMS Vault such that it does not rely on, or even use, a cloud based architecture. The second most important reason has to do with performance which will be covered in a separate post.
IlluminaVMS is a Windows PC application that is run on a Windows PC within the owner’s domain and behind that domains network router and firewalls. As such, and through use of two factor authentication, the user’s personal information and data remain fully protected, safe and secure at all times.