Content Hub

Putting AV security in the spotlight

After the past year, there is increasing agreement around the need for property owners and developers to repurpose and create spaces that will continue to meet their workspace occupants’ rapidly evolving requirements.

Agility and flexibility are now more important than ever to the future of the workspace. These elements are crucial not only in the creation of new, connected spaces that encourage collaboration, reinforce working culture and inspire creativity, but also to support the significant increase in hybrid working.

Of course, AV equipment and infrastructure is set to play a massive part in delivering on these strategies. However, in the rush to upgrade and update workspaces for the new world of work, there is a risk that something important is overlooked: Cybersecurity.

Security may not be the first thing that comes to mind in relation to AV kit, especially when physical security and cybersecurity have historically tended to be dealt with in their own siloes. However, with hybrid workforces meaning more AV functionality is shifted on to cloud-based management and control platforms, there is an increased threat of additional attacks and vulnerabilities [see article on page 74].

Breaches are already a reality

The reality is that security breaches are already occurring, and as more AV systems are placed online, the opportunity for them to be breached increases. These breaches have the potential to be extremely serious. Without proper isolation and segmentation of systems, any breach can easily lead to ‘horizontal propagation’ where an attacker gains access to multiple systems as a result of the initial breach.

In these scenarios organisations can quickly lose all control over any data within their system. This total and rapid loss is hard to bounce back from, so it’s crucial to put measures in place to isolate and protect systems from the risk of security breaches.

There are manufacturers in the professional AV sector that take the security of their products, and the networks they are ultimately going to be connected to, extremely seriously. They range from automation companies, to unified comms providers, to professional display manufacturers. However, the AV industry more broadly still has a long way to go when it comes to fully adopting the security standards and best practice of the enterprise IT world.

This means, for now, it is vital that companies take an infrastructure-led approach to AV security.

Managing increased AV security risks

Regardless of the default levels of built-in security in AV equipment, AV system security can be maximised by:

  1. Following industry guidelines such as ‘Recommended Practices in Networked AV Systems’. This defines best practices for authentication, segmentation, vulnerability updating and testing in line with ISO/IEC27000 security techniques — Information security management systems
  2. Fostering engagement between the AV integrator and the client’s IT team as early as possible, with documentation defining LAN requirements such as segmentation, port access, PoE requirements, routing and services. Do not merely assume that a consultant, for example, has highlighted this with the client and his team
  3. Formulating a clear plan between the AV integrator and the IT team to manage any future changes implemented, as a result of new security attacks and vulnerabilities, via thorough testing and planning for equipment upgrades both on AV and LAN equipment
  4. Being upfront and honest with manufacturers, explaining that you may not want to use a particular piece of equipment, not only due to cost or aesthetics, but because of concerns over security
  5. Training AV staff in networking fundamentals, so that they are better able to understand and discuss requirements with the teams tasked with implementation

These are critical steps to get right if property owners and operators are going to balance the need for greater flexibility and agility without compromising the integrity of their networks.

Ultimately the key lesson here is that building systems need to be considered as a whole, rather than in isolation. And as a result it makes sense to work with technology partners that can offer a converged service that incorporates the cybersecurity, physical security, AV and network needs of the workplace under one roof.

Get in touch to talk to us about our security and AV capabilities and how a converged building technology approach can benefit your workspace.