By: VMware Sr. Manager PS&R Systems and Technology Philip J. Jang
In many ways todayโs physical security efforts are like maintaining an old houseโeverything basically works, but the various components (insulation, wiring, plumbing) were designed for a different era. This makes physical security (PhysSec) a tempting target for sophisticated (and not-so-sophisticated) threat actors. Unpatched devices alone can be rife with vulnerabilities easily exploitable by hackers.
Letโs talk specifics
The PhysSec footprint of an average corporation with 10,000 employees encompasses ten buildings monitored by 1,000 or more cameras. In some industries, such as retail, it isย exponentially more. So far, so good. The trouble is those cameras are typically different models from different vendors with different firmware levels. This results in more than 1.5 million configuration combinations that overwhelm PhysSec personnelโand is the reason most settings are noncompliant or malware friendly.
Research shows that 70 percent of PhysSec devices operate with their original passwords that are publicly available via manufacturer product brochures. In addition, PhysSec teams only do whatโs called a device โheartbeat checkโ once a weekโbut more typically once a monthโto ensure the devices are working. That means a device may be inoperative for more than 30 days without PhysSec personnel knowing anything is wrong.
Technology changes the game
VMware as a whole is going through a digital transformation that impacts how we approach PhysSec. Today, our teams are able to deliver a competitive advantage by viewing PhysSec as anย innovation sandbox, one that incorporates advanced technologies, such as artificial intelligence (AI), machine learning (ML), and automation. This also includes employing a Zero Trust approachย to our mission-critical edge infrastructure.
This new approach came about because of the old adageโnecessity is the mother of invention. VMware PhysSec now encompasses a variety of campus physical devices, including thousands of security cameras and access control systems from different manufacturers. These are deployed in all our locations across more than eight geographies. Had VMware kept the status quo as outlined above, the company would have been vulnerable to both physical and virtual attackers who employ the latest technology and methodologies to accomplish their illegal goals.
Magic behind the scenes
The VMware PhysSec digital transformation is made possible by a powerful driving forceโSmartHubโs INFERโข built on VMware Edge Compute Stackโข. Designed to connect the dots in your enterprise edge journey, INFER seamlessly undertakes constant device configuration and compliance checks (heartbeat checks) to ensure uptime for our operations, no default passwords are used, no misconfigurations are present, and the latest firmware patches have been applied. The software even continually pulls manufacturer information in order toย instantlyย notify teams when a new security patch is available.
But thatโs not all.
In the past, a threat actor breaching a PhysSec device usually meant they could gain access to a building or other secure area. Today, a hacker that is able to infiltrate a cloud-enabled deviceโwhich is the majority of themโcan readily gain access to the entire enterprise ecosystem. INFER on VMware Edge Compute Stack changes that scenario by offering a whole new layer of security not possible with traditional solutions. Now physical structures and the corporate ecosystem are protected every moment of every day both by highly trained human personnel and AI/ML/automation systems.
The solution empowers PhysSec teams to employ AI/ML and automation just like other VMware product group. For the first time ever, they have holistic visibility into all PhysSec assets under management, can easily manage the lifecycle of these assets (monitor, manage, secure, end of life), and are able to enact foundational policies and procedures for any and all IoT edge systems. In fact, the system is so efficient that it only requires five PhysSec engineers to oversee each and every IoT device they manage with ease. Onlive!