<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-PWSWKNM" height="0" width="0" style="display:none;visibility:hidden">

Protection by Design: The Importance of Architectural Artifacts in AV Security

Let me set the scene. Two companies are rolling out their new AV systems. Company A has meticulously prepared network diagrams, security documentation, and architecture reviews. Company B, on the other hand, chose to make things up as they went along. Guess which company is scrambling to fix security breaches, and which one isn’t?

Architectural artifacts - those beautiful network diagrams, data flow charts, and patching schedules - are the unsung heroes of AV security. But to many, they’re as exciting as a trip to the dentist. However, here, I’ll explain why considering architectural artifacts may just save you from endless firefighting and sleepless nights.

Security by Design: Not just a buzzword

Secure by Design sounds like the kind of thing someone might slap on a PowerPoint slide at a conference, doesn’t it? But behind the corporate connotations, there's substance. It’s based on principles laid out by, among others, the UK Government’s National Cyber Security Centre. The idea is that security shouldn’t be an afterthought, it should be built into projects from the very start, something Kinly's CISO, Don Gibson, discussed in his recent blog.

Think of it this way: If you were building a house, you wouldn’t add the locks after it’s built. You plan for them in advance, ensuring they’re in place before thinking about the curtains or the colour of your front door.

In AV, that means considering, from day one, how data moves through your system (data flow diagrams), who accesses what (identity provision), and how often you patch vulnerabilities (patch schedules). Proving you’ve thought about them is crucial, and not just through a handshake agreement with your IT team, but through detailed documentation.

Architectural artifacts: Proving you're secure

CISOs, architects and risk managers are paid to worry about the things that might go wrong. In a world where AV systems are increasingly a gateway for cyberthreats, they’ll want to know that security was considered throughout the system’s lifecycle.

This is where your high-level design (HLD) and low-level design (LLD) documents come in. If you feel yourself zoning out at the mention of these terms, think of them like this:

HLD: The view from 30,000-feet. It shows how the system is going to work from a macro-level including key components, major integrations, and security principles.

LLD: The nuts and bolts. This is the technical blueprint that shows the nitty-gritty details; how each component will be deployed, where the data will flow, and how it’s all protected.

Later down the line, anybody looking at these documents can easily pick up where you left off. Like breadcrumbs to follow, they tell the story of how the system was built and, crucially, how security was considered at every step.

converted_image

The security lifecycle: No, you can’t set it and forget It

If only security were a one-and-done thing. In reality, it's more like upkeeping a garden as opposed to setting up a fortress. Things change. Systems grow, evolve, and unfortunately, so do threats.

Part of the Secure by Design approach is acknowledging that the security lifecycle needs constant attention, from birth to death. You can’t just install your AV system and wash your hands. Special consideration needs to be given to:

Patching schedules: This is your first line of defence. The plan for regularly updating software and firmware to fix vulnerabilities. Not glamorous, but crucial.

Horizon planning: This involves anticipating what’s coming. Your AV system might need to integrate with a new cloud platform next year. Does your current security posture support that? Will the new interface introduce new risks? Horizon planning ensures you're not blindsided by future developments.

These living and breathing documents are vital for keeping the system secure over time. If your AV system goes through changes (and it will), your patch schedules and horizon plans need to show how you’re keeping up with new threats.

What if everyone vanished tomorrow?

Imagine every single person that worked on your AV system disappears. Now, someone new has to come in and figure out not only how it works, but how secure it is.

What are they going to look at? Network diagrams, data flow charts, HLDs, LLDs, and security documentation. These documents are the instruction manual for your AV system. They show how everything is connected, where potential risks lie, and how those risks are being managed.

If these documents are missing, incomplete, or incomprehensible, your new team might find themselves rebuilding things from scratch. That’s how you get breaches, misconfigurations, and a lot of very expensive headaches.

Educating the CISO’s risk team (you’ll need them on side)

Chief Information Security Officers (CISOs) are the guardians of your company’s risk posture. They want to know, in no uncertain terms, whether the AV system you're deploying is going to increase or decrease risk. Believe me, if you can't prove that you're on top of the security lifecycle, they'll assume the worst.

This is where architectural artifacts come into focus. Your HLDs, LLDs and patch schedules tell the risk team exactly where the security landmines are, and how you’re avoiding them. They don’t want vague assurances; they want hard evidence. If your documentation shows that security has been considered from day one and is carefully  maintained over time, you’ll have them sleeping a little easier (that’s a big deal for a CISO).

The most important thing you’ll overlook

What’s the single most prevalent risk in AV security today? It’s not network vulnerabilities or unpatched firmware. It’s identity provision, knowing exactly who has access to your AV systems, and what they’re allowed to do.

Poor identity management is like leaving your car keys in the ignition and walking away. It doesn’t matter how many locks, alarms or cameras you have; if someone can jump in and drive away, you’ve got a problem.

Your documentation should lay out, in painstaking detail, how identity is provisioned and managed. This includes who has access, what permissions they have, and how access is revoked when someone leaves.

Identity is the foundation of a secure AV system, and without it, the rest of your security measures aren’t much more than decoration.

The necessary hero

In the grand scheme of things, architectural artifacts aren’t flashy. They’re not the new piece of kit that gets all the attention in the office. But when it comes to security, they are essential.

These documents are the instruction manual and safety net that ensures your AV system doesn’t just look good - it works, securely and reliably, over its entire lifecycle. If performed right, you’ll sleep easy. If ignored, I wish you luck.

So, next time you’re tempted to skip over the paperwork, remember: Secure by Design isn’t just a concept. It’s a necessity.

 

Back to top