There are all kinds of reasons why IT managers pall when it comes to thinking about having responsibility for IT security at the edges of their enterprises.
First, shadow IT has taken over. Impatient managers in end business units are no longer willing to wait for IT to security-vet a new technology that they feel they need in order to do their area of the business.
Second, these business managers want new technology they can quickly get into production, but they don’t consider security as part of their jobs.
For these reasons and more, shadow IT is growing and end users want to minimize their reliance on IT—until a technology problem emerges that they can’t solve.
This problem could be a security breach that brings a production line down, or that compromises sensitive data, or that damages the company’s brand in the marketplace.
People get fired when a security breach is serious, so neither IT nor end user managers want it to happen.
Collectively, this develops a strong case for understandable security technology that is easy to install, operate and administer at the edge of the enterprise by business users and IT.
«What we wanted to do was to take IoT devices like cameras placed in remote facilities to new levels of security as part of this,» said Daniel Putterman, co-CEO and head of business for Kogniz, which AI-enables facility security cameras.
With AI-powered cameras, facility and IT security managers can observe faces in near real-time, at the rate of 30 frames per second. «We’ve also fine-tuned the facial recognition algorithms so they can analyze a broad spectrum of different facial structures and contours with 99.9987% accuracy,» said Putterman. «In the past, different facial structure and characteristic analyses were performed on more homogeneous constructs, so there were built-in facial recognition biases that didn’t necessarily yield accurate results at security checkpoints.»
An example where AI facial recognition using cameras can be put to use is retail. With AI-enabled cameras placed at all retail outlets, a central monitoring system can quickly see if a particular individual begins appearing at multiple stores, perhaps indicating that he or she was casing the stores for a future break-in. Similarly, a bank could use the technology to monitor individuals who move from ATM machine to ATM machine at multiple bank locations, potentially positioning themselves for fraudulent activity.
SEE: Vendor management: How to build effective relationships (free PDF) (TechRepublic)
«You can really program this technology with any type of surveillance rules that you need for your business,» said Putterman.
What are the takeaways for IT security managers who will ultimately get the security responsibilities for edge technology like this?
1. Encourage users to start with low hanging fruit edge applications
The advantage to an edge technology like camera security monitoring is that everyone understands what it is for. If you are trying to establish a strong collaborative working relationship with your end users and you know you’re going to have shadow IT with security implications, start with the easier edge applications like camera monitoring first. They can establish a track record of positive results.
2. Identify technologies that enable users to put in their own business rules
«Any time there is machine learning, which there is in AI-enabled video monitoring, it implies that you have to train the software to recognize what you want it to recognize,» said Putterman. This technology training phase, which some users might remember from the old voice recognition applications which had to be trained, can strike fear in the hearts of users and IT, because right away you think you will need an expert to do it. «We worked on that so users could train their own systems with easy-to-use tools that didn’t require an outside consultant,» said Putterman
An example might be a particular area of the shop floor that you consider sensitive, and that is only accessed at start and end of day. If you suddenly see an individual entering an area multiple times per day when they should only have to enter it once or twice, you can flag the incidents and individual and investigate.
3. Start small and limited your initial investment
«You can start with a very small security monitoring application at the edge of your enterprise and build out from there once you see the application prove itself,» said Putterman. «In this way, you don’t commit yourself to a large infrastructure spend prematurely.» This approach also allows IT security managers to test out their collaborative relationships with end users so that security at the edge can be enacted in a user-friendly fashion that protects the enterprise.