New from the European security sector umbrella body Euralarm is a guideline on ‘Contracting cloud services for secure remote access to alarm systems and for secure alarm transmission’. Some parts have been taken out of BSIA guidance “ARC considerations when utilising data centre or cloud services”, with the permission of the British Security Industry Association (BSIA), a member of Euralarm.
The document considers standards and provides an overview of the legal criteria for a choice of cloud services provider (CSP). However, the authors point out that the guidance does not address all legislative requirements of particular countries within Europe, although the document does go through the European Union General Data Protection Regulation, and what European countries have adopted. The document concludes that you should check in terms of service reliability, and security, what cloud providers may say in terms of their compliance, including cyber, and business continuity assurance.
As the document sets out, a fire safety and security installer can either use one or more of three sorts of cloud to operate the technical equipment for alarms: a private business cloud solution, data centre host (premises operated by a third-party company who provides physical security, power and rack space to house servers), or native cloud (such as AWS – Amazon Web Services, Microsoft Azure, Google Cloud, IBM).
As for what to consider, the document says: “Private business cloud solutions and data centre solutions require investment in hardware, software, and infrastructure, and the expertise to set up and maintain them. Cloud based solutions still require the application provider to have the skills to understand, monitor and scale the functionality required. The cloud service provider bundles expert IT services for the deployment and maintenance of the hardware, operating systems and database software.”
The document covers roles and responsibilities; fire and security service providers considering a hosted solution should ensure that agreements (SLAs) are in place with the cloud service providers to ensure that the service provider is notified before off-line periods and planned maintenance. If the fire and security firms are relying on IT firms for tech services, then the fire and security provider should consider how incidents may affect the service.
Visit https://www.euralarm.org/resource/guideline-on-contracting-cloud-services-for-secure-remote-access-to-alarm-systems-and-for-secure-alarm-transmission-pdf.html. You can freely download the 17-page document from the Euralarm website, in English, German, French and Spanish.
