July 24, 2024

Security Pix

Security Pix Your World

Pearl Technology on its Approach to Security in Integrated Systems

8 min read

From conference rooms and specialized spaces to training rooms and expansive auditoriums, Peoria Heights, Ill.-based Pearl Technology boasts expertise that caters to a diverse range of clients. These include Fortune 50 corporations that require the orchestration of nationwide and global room standards; they also include local churches in need of a projector and speaker setup. While corporate projects form the company’s core focus, its portfolio showcases a versatile client base. The company’s work can also be found in the government sector, such as the Illinois State Capitol and city council chambers. The design-build firm specializes in user experience and enterprise standardization. 

With roots stretching back to its inception as Computer Age in 1985 and evolving through strategic acquisitions — including CIAN (an IT and data security company), A5 (a private cloud, hosting and data center services company) and, most recently, IAS Technology (an integrated audiovisual solutions provider) — the firm has significantly expanded beyond the capabilities that most AV integration firms can claim. 

In particular, Pearl Technology shines among the global elite, as one of the top 250 managed security service providers in the world. The prestigious accolade celebrates honorees from across 37 countries, underscoring the company’s excellence in managed security services. 

According to Jeremy Caldera, EVP of Pearl Technology, as well as one of Commercial Integrator’s very own #AVLivingLegends, the company has seen exponential growth in the past couple of years, particularly driven by the demand for cybersecurity, cloud storage and AV solutions. “AV, years ago, used to be a nice-to-have component,” he says. “Now, it’s a ‘have-to have’ — it’s not quite life safety, but it’s an essential component for organizations, closely paralleling the critical importance of cybersecurity.” The future direction is clear: integrated, cohesive systems that fulfill these indispensable needs are paramount. 

FEATURED REPORT

A Perfect Union 

Pearl Technology Company FilePearl Technology’s 2021 acquisition of IAS Technology helped the company expand its portfolio and meet the evolving needs of its IT clientele. Recognizing the synergy that exists between IT and AV services, the company capitalized on partnerships with IT companies lacking AV capabilities. This gave Pearl Technology a new client base and broadened its sales. This move not only positioned the company advantageously but also reflected a forward-thinking approach in the rapidly changing landscape where integration across services is essential. 

Caldera, formally CEO of IAS Technology, highlights many longstanding AV clients, despite knowing about the acquisition by Pearl Technology, were initially unaware of the full range of services offered by the company. This has been particularly true for sectors like house of worship and public and private education, he says, which are only beginning to recognize the necessity of cybersecurity measures due to increasing risk posed by threats like ransomware. The revelation that their AV provider can also deliver cybersecurity solutions has been surprising to some clients; others have expected it. This expansion into offering comprehensive services means clients now have the convenience of a single point of contact for both AV and IT needs, enhancing the overall experience. 

For example, Pearl Technology is enhancing higher-education facilities by integrating cybersecurity, managed services and, now, AV services. “Our clients are recognizing the immense value in having a unified provider for a comprehensive suite of services, including data center management, cybersecurity and managed services,” adds Caldera. 

Anthony Mini, president and CISO of Pearl Technology, remarks, “The transition of AV from analog to digital, and now toward IP, represents a perfect union of data management, IT networking solutions and security. With AV platforms increasingly exposed to the internet, the convergence of these disciplines into the IP space is crucial for security.” 

Caldera equally emphasizes the importance of IT expertise in AV integration, stating, “Having the resources and the expertise on the IT side allows us to walk the walk.” He adds, “AV integrators now need to be able to speak to IT teams. Now, I can bring a member of our IT team into a meeting, where we can discuss network security or network strategy for all of our AV equipment.” According to Caldera, a lot of the work is on the network. He says, “Then, taking it a step further is securing that network better — not only for us but [also] for clients. Because it’s just going to make them ultimately safer in the long run.” In his opinion, there aren’t too many AV integrators out there whose businesses are doing much beyond the most basic levels of password protection on equipment. “All this gear is out there and subjected to who knows what!” he exclaims.  

Mini notes that, if one had to define the word “integration” as making things come together and work — it’s difficult. “You’re spending all day just trying to keep your head above water, making connectivity possible. Security is 100% counterintuitive to that effort. Jeremy has lost his hair from this frustration,” he quips. “Security, while seemingly counterproductive, is essential. It complicates the already challenging task of AV integration, yet most companies struggle to incorporate it effectively,” he explains. “From an IT perspective, we understand this dilemma; striving to maintain operational efficiency while our security protocols add layers of complexity.” Mini then emphasizes the long-term benefits of this approach. “It’s a trade-off between short-term inconvenience and lasting stability.” He remarks that neglecting security can lead to severe consequences, like ransomware attacks costing millions. “It’s about choosing a brief one or two-day downtime over potential significant financial losses,” Mini stresses. 

Enhancing AV Security 

Jeremy Caldera PQCaldera emphasizes the critical importance of security in commercial AV, noting that hackers target entities with valuable resources and data vulnerable to ransom demands. “Unfortunately, our industry often lacks robust security, making our ability [at Pearl Technology] to enhance protection a significant advantage,” he says. 

Caldera also addresses the evolution within the AV industry regarding firmware updates. He states, “The previous reluctance to update firmware has shifted toward recognizing its importance for adding features and enhancing security. At Pearl Technology, we actively support and encourage this, incorporating firmware management, security patches and related services into our AV support offerings.” 

Mini references Microsoft’s Patch Tuesday, in which security updates are released monthly for Windows and other software. “Every piece of AV equipment, with its extensive code, is a potential target on the internet,” he warns. “It’s a simple equation: More exposure leads to more vulnerabilities, necessitating frequent firmware updates.” This trend toward monthly updates presents an increasing challenge for AV integrators as they grapple with the constant need for system maintenance and security enhancement. 

Caldera points to another significant concern, stating, “My greatest worry is a client being compromised through an AV device, like a videoconferencing system or touchpanel.” From his perspective, such vulnerabilities are unacceptable. 

“Despite the inconvenience, integrating robust security measures is crucial. This shift in mindset is not just temporary but a vital evolution within the AV industry,” Caldera emphasizes. He thus advises aligning with IT standards and prioritizing security in every aspect of the work, from strategic network to security design in the integrated systems. 

Pearl Technology’s Approach 

Pointing to the company’s approach, Caldera remarks, “We inform clients about our comprehensive AV solutions. Our approach integrates AV services with our data centers, offering secure video storage alternatives to the cloud within our infrastructure.” This setup not only enhances data protection but also allows for a unified service model. “Here, our cybersecurity and data center teams work in tandem with the AV sales team, providing a cohesive and secure service offering,” he proclaims. 

According to Mini, “Our approach integrates audiovisual data management with secure storage and protection against ransomware, utilizing immutable storage that prevents modification.” By doing so, the capability ensures clients’ data is not only secure but also physically accessible in the data centers. “Such integration sets us apart, especially as many face the risk of losing backups in security breaches,” Mini asserts. “By merging these services, we’re elevating our offerings.” 

Securing AV Environments 

Anthony Mini PQWhen it comes to securing AV environments, Mini believes that the “…approach to authentication is deliberate, focusing on secure password management.” Unlike the common practice of reusing passwords across devices for multiple customers, Pearl Technology ensures unique credentials for enhanced security. “Additionally,” Mini continues, “We implement multifactor authentication and network segmentation to fortify our systems further.” 

Caldera adds, “We’ve engaged with multiple manufacturers to ensure their products meet our cybersecurity standards.” He notes that it is encouraging that many major AV manufacturers are adopting stronger security measures. However, Caldera acknowledges that some TAA compliance issues persist. “For instance, during our penetration testing for a new room-scheduling device, [it] was flagged by our IT team for unauthorized communications with a server in China,” he recounts. Eventually, the manufacturer addressed this issue by providing a replacement without the problematic operating system. “Prioritizing manufacturers that are committed to securing their products is crucial,” Caldera declares. 

Mini advises integrators to be cautious about dual network cards on devices. He says, “Many devices in our homes and offices, often unbeknownst to us, are sending data to China under the guise of monitoring, maintenance or troubleshooting.” He reveals that such transmissions appear as diagnostic messages. “It’s a widespread practice that might go unnoticed without vigilant IT teams questioning these communications,” Mini states. In his opinion, numerous devices manufactured in China — everything from smartwatches to phones — could be involved. “While manufacturers may argue this is for identifying errors or issues, it raises valid concerns about privacy and supply chain security, especially considering TAA compliance. This phenomenon is more common than most people realize,” he says. This, therefore, highlights the need for increased awareness and scrutiny. 

Mini adds, “If [the AV gear] doesn’t talk to the internet, then you have a secure product.” However, Caldera notes that in today’s workspaces, where Zoom and Microsoft Teams Rooms prevail, the conversation has shifted from the hype around the internet of things (IoT) to practical concerns about network security and data management. Unlike household IoT devices like smart thermostats, pro AV doesn’t always require such connectivity. However, the integration of AI features in AV systems necessitates constant internet connection. This, Caldera emphasizes, raises important questions about what is being added to the network, its destinations and security. Naturally, this aligns with the growing need for remote management services to ensure these integrations are both effective and secure. 

Network Design 

“The convergence of AV and IT occurred long ago, with the industry’s focus now on network design due to the deep integration of systems within networks. Not every AV company possesses the capability to offer managed security services like we do,” says Caldera. He thus advises other integration firms to partner with a reliable provider that can deliver both network design and security services. “It’s essential for progress in our industry,” he proclaims. 

Mini emphasizes that business decisions around technology should revolve around assessing risk. “It’s not about perfection in security but, [rather], understanding the level of risk you’re willing to accept based on your goals, the costs of control measures, and the value you place on mitigating residual risk,” he explains. With absolute security unattainable, as evidenced by the threat of unknown vulnerabilities (zero-days), many companies are opting for cyber insurance as a precaution. “Being fully updated does not guarantee immunity from attacks, making awareness and preparedness a crucial factor,” Mini says. 

In sum, both agree that, given the AV industry’s alignment with IT, now is the time to prioritize security in every aspect of systems integration. And, certainly, that is exactly what Pearl Technology is doing. 

link

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © All rights reserved. | Newsphere by AF themes.