• icon product grey Products
  • icon professional grey Professionals
  • icon project grey Projects
  • icon photos grey Inspiration
  • icon blog grey Articles

OPTION

IT Security Put at the Fingertips

03 Sep 2020 by Commend

In the first part of this IT Security miniseries on the Symphony Cloud platform, we talked about Physical Security at the building's entrance door/gate. In this post, we will look at the next level(s) of the Symphony defense-in-depth strategy: Network and Data Security.

IT Security Put at the Fingertips

Earlier this year Forbes magazine reported that 70% of network security breaches originate at endpoints. Typical reasons include missing or insufficient protective controls, such as authentication, certification and encryption. Poorly protected endpoints (such as cloud-based devices) are a prime target for cybercriminals who have a growing arsenal of amazingly efficient tools at their disposal to 'sniff out' such vulnerabilities. Open-source port scanners such as Masscan can scan the entire Internet for open ports in under six minutes (!) from a single machine. And search engines like shodan make finding vulnerable devices on the Internet of Things as easy as a simple Google search.

IT Security Put at the Fingertips

In view of these developments, it was clear to the Symphony developers that simply adding IT security measures on top of the cloud-based apps and devices wouldn't do – not by a long shot. It is precisely for this reason that the cloud native Commend Symphony platform has been developed from the start to be “secure by design” in line with Commend's holistic Privacy and Security by Design (PSBD) approach. In keeping with this commitment, Commend has also implemented an ISO/IEC 27001:2013 compliant Information Security Management System (ISMS) to keep all corporate data as well as customer and supplier information safe. 

IT Security Put at the Fingertips

PUTTING SECURITY FIRST – AND MAKING IT LAST

In their security-first approach, Commend's DevSecOps team has gone to great lengths to build latest cybersecurity capabilities into the Symphony Cloud platform. Throughout the entire lifecycle, they follow a security-focussed approach by consistently applying a variety of measures. Let's look at some of them.

THREAT MODELLING: BE PREPARED!

Cyberattacks come in an amazing variety of strategy and level of sophistication. To meet this challenge, Symphony security development is based on the STRIDE approach. This allows the developers to study potential vulnerabilities and simulate various attack scenarios (e.g., client/server spoofing, denial of service (DoS) attacks, elevation of privilege via code injection, etc.). Based on the results, they can then implement countermeasures with respect to specific security goals. To complement these efforts, the Symphony deliverables are subjected to continuous highly automated quality testing, and for further network security the mechanisms of the cloud provider are used.

AUTHENTICATION: A QUESTION OF IDENTITY

Poor authentication, especially in a cloud-based solution, is like a security disaster waiting to happen. This is why in Symphony all access to configuration settings are state-of-the-art password-protected based on our internal product secret policy. In addition, the Symphony platform API is protected by state-of-the-art API token authentication. Naturally, Symphony also comes with a zero-tolerance policy where default passwords are concerned. To ensure ultimate security, authentication throughout the Symphony platform is managed via world-leading authentication & authorisation services.

AUTHORIZATION: THE KEY TO SECURE COMMUNICATION

Implicitly trusting every device within one's network is a mistake that Symphony avoids systematically through certification of valid Symphony devices. For this reason, every Commend device comes pre-configured with a factory-set certificate.

Now whenever a Symphony device, such as a concerto Station or a third-party iOS or Android mobile devices is ‘claimed’ with the Symphony service, it becomes an edge device to be managed by the Symphony Cloud only. As a result, it can be identified as a valid component with specific access privileges within the Symphony environment.

With all registered devices being 'fingerprinted' like that, Symphony can immediately detect and block any attempt by an attacker spoofing a Symphony device by means of extraneous equipment.

These certificates are also used to enable a secure key-exchange, as Symphony uses only encrypted connections for all data and audio/video connections (SIPS, SRTP, HTTPS, MQTTS etc.). These essential security features cannot be deactivated by the user.

What is more, these security measures are complemented by regular automatic updates that keep reinforcing Symphony’s cyberdefence shields without the user having to lift a finger.

All these network and data security measures involve sophisticated processes based on amazingly powerful concepts like public key encryption and related technologies (which we intend to explore a little further in an upcoming post). The main takeaway at this point is that Symphony puts it all at the fingertips of users and operators without them even noticing it. This way, they can enjoy all the benefits of revolutionary door call convenience and upcoming services with tap-and-swipe ease, while Symphony makes sure they can do so with the reassurance of having their safety, privacy and property protected.

In our next blog post we’re taking a closer look at the final layer of Symphony IT Security: Fail Safety.

To learn more about Symphony, visit the Symphony homepage or contact your local Commend representative.



Commend
Salzburg, Austria
About CommendCOMMEND AT A GLANCEFrom its founding in 1971, Commend grew from a small family business into a large, globally recognised player providing Integrated Intercom Systems. Today, our unique solutions are installed for the protection of people, buildings and assets throughout the world. Integration of Commend Intercom Solutions has been hugely successful in many industry sectors. Intercom stations, modules and servers for integration of speech, image and data can be found in control rooms throughout the world for increased security. For example, help and emergency call points for transport solutions, controlling barriers in car parks and controlling lifts in buildings. Our solutions can be found in iconic buildings including the Shard (UK), Mercury Tower (RUS); throughout the London Underground Network (UK); in universities and schools; in production facilities; refineries, airports; hospitals; car parks; tunnels and many more.About Stelsen Integrated Systems, Inc.Stelsen Integrated Systems, Inc. has a collective experience of 50 years in delivering high quality solutions and services to our clients in the safety and security industry. We as a company, aim to provide our clients with holistic approach to maximize effectiveness of our service and systems. Our continued growth is built on our reputation and reliability while meeting our client’s expectations. Our team’s knowledge in regulations, great technical ability and experience in a wide range of industries, lets us efficiently design an integrated solution to maximize the effectiveness of your investment.

Collections

Choose Another Product
Choose Another Product
Choose Another Product
Cancel
Compare

Save Company

Share this Supplier

Send Message to this Supplier

Add All Products to My Library

Send Meeting Request to this Supplier