Why picking the wrong A/V integrator may compromise your security

AV integrators are faced with a variety of security challenges, so the integrator your company picks better be prepared. Few industries have developed as quickly as the A/V industry in recent years. The move to merge A/V and IP networks, the rapid emergence of smart and Internet of Things (IoT) technologies, and the widespread adoption of enterprise-grade solutions have tested the industry. With so many vectors to cover, integrators must prioritize security like never before. An integrator that doesn’t may leave their clients exposed to disasters like leaking employee or customer data or suffering an embarrassing loss of device control.

Integrators have to fight the security battle on multiple fronts

Imagine some prankster hijacking your digital signage and displaying anything they want with your equipment. Imagine an unauthorized person sifting through your employee files. Imagine someone stealing the control panels from every conference room. These are very real outcomes if an integrator doesn’t focus on security from the outset. What security challenges do integrators face, and what problems will your company experience if an integrator doesn’t address them?

1. Basic IT security measures – AV over IP is here to stay, which means A/V integrators must interface with IT teams to properly secure resources. The intersection of IT and A/V is a fairly recent development, and many integrators aren’t prepared for it.

That’s a serious problem, because when an integrator isn’t adequately prepared for adopting IT security standards, there won’t be anyone responsible for the system’s security. This happens frequently when an integrator neglects to communicate with the client’s IT personnel. An integrator should reach out from the beginning and work with IT to determine who will be responsible for ongoing security concerns. This becomes more and more important as an A/V solution scales up in size. Dozens of unprotected digital displays, for example, means dozens of potential attack vectors.

IT has long since perfected the tools for securing a network. For instance, A/V solutions should be guarded behind the same firewall zones that the client’s other resources are behind. For some clients, this may mean setting up several zones for the A/V equipment, with different controls and configurations, depending on where the equipment is located on the network. A university, for example, may allow inbound access to some A/V equipment, and restrict it tightly to others. This is elementary for IT personnel, but even this may be too much for an unprepared integrator to handle.

If A/V equipment is not properly defended with basic IT security, it will represent a gaping security hole for hackers and others with bad intentions.

2. User access control – User access control is another focus for IT departments, which have spent many years developing ways to restrict or allow user access.

User access control looks simple on the user side. Enter an account name and password, and users are immediately given access to what they are allowed to access. On the backend, it’s a bit more complicated. Every user must be considered when setting up access control. That means detailing exactly what they can access and when, and ensuring that they are only able to reach those parts of the network. User access control must also consider things like permissions, multi-factor authentication, access logs, encryption and other monitoring and security measures. Some integrators will have plenty of experience with this, while others may leave it entirely to their clients’ IT departments. User access control is something that falls under IT’s oversight, true, but it’s dangerous for an integrator to assume that they have no part in it. If user access control is not specified and executed alongside an A/V project, there will likely be instances of users accessing sensitive data on accident, and instances of hackers using compromised user credentials to hack into the network.

User access control has become an interesting problem for A/V integrators lately, as the rise of voice controls, for example, has complicated how users interact with their technology. Voice controls, for example, are not always sophisticated enough to differentiate between one voice and another. This can lead to people accessing equipment merely with a voice command, even if they are not supposed to have access to that technology.

3. System monitoring – Security lapses and other useful data can be discovered just by monitoring the organization’s A/V equipment in real time. Modern A/V solutions rely heavily on real time monitoring to catch things like improper equipment usage or an emerging technical issue.

With real time system monitoring, IT personnel can pinpoint exactly when a piece of equipment is switched on and what user credentials were used to access it. IT personnel can turn off technology or immediately bar access to it on the network from anywhere with monitoring software. This is particularly helpful in schools, where students may attempt to mess with classroom technology when no one is around.

Without monitoring software, if an unauthorized person does access the network, it will be difficult for IT personnel to determine the nature of the security breach and where it came from. Further security breaches may occur, as a result.

4. Physical security – Even if all of the above are nailed down, a thief could still get away with an expensive piece of equipment. A/V technology is not cheap, and yet it must be as accessible as possible to properly communicate.

Fortunately, there are plenty of physical security measures that organizations can take advantage of. They include things like locking systems, RFID tagging and room access systems. Organizations should also consider additional security measures for anything that is easily accessible, like security screws or mounts for control panels. Physical security is only successful if personnel are trained on it and adhere properly to the security measures.

An A/V integrator may only have minor input in how a company or school secures its equipment physically, but it is up to the integrator to offer methods that are only known to A/V professionals, like security mounts. Failing to provide adequate physical security may result in expensive equipment disappearing.

If your integrator isn’t ready to put all of these measures in place, they are leaving a gap somewhere in your organization’s network. Fortunately, reputable integrators work hard to ensure their designers, installers and project managers know what proper security looks like.