Device management and cybersecurity through the lifecycle

Article
10 November 2022
After a surveillance device has been installed, as long as it delivers the expected functionality, it can be easy to forget about. It’s crucial to remember though that over time, a device can become a cybersecurity risk, whether through changing settings or outdated firmware. As a result, device management is vital throughout the product lifecycle.  This article explores the recommended cybersecurity measures and device management tools supported by Axis during implementation, through the operations phase, and finally to decommissioning.

Implementation

During implementation, involving configuration and staging, installation, then on to deployment and onboarding, there are important measures to take before handing the system over to the customer. To help achieve this, AXIS Device Manager is a tool for efficiently configuring and managing Axis devices. It supports configuration of network parameters such as credentials, IP (internet protocol) and time settings, and it also overlays and deploys certificates when needed.

An important step is also to upgrade the device to the latest recommended firmware version during the implementation phase. Using the up-to-date firmware version ensures inclusion of the most recently identified bug fixes. Crucially, it helps maintain cybersecurity by addressing vulnerabilities through the latest patches in firmware and manages certificates.  As cyber security is a constantly moving target, the latest firmware version provides the most secure defense.

It’s also important to consider the timespan between device production and implementation at the customer site. Depending on the duration, the firmware version might have been updated by the time implementation is reached, so it’s important to check at handover that the latest firmware version is installed.

Firmware updates can be installed through the device’s web interface but using a tool like AXIS Device Manager gives you more control of these important installation and security tasks. An often-overlooked value of Axis device management tools is that they alert the user to new firmware when they become available. The software also provides an overview of all connected devices, giving instant clarity on the status of each device and the system as a whole. Equally important, AXIS Device Manager saves hours of time and labor as it can manage multiple devices – several thousand if required – in batches, or the flexibility to configure individual devices if you prefer this approach. 

Security foundationIn service

Usually, a device is in service for approximately 5-7 years. Keeping track of a large amount of devices during their lifetime on the network can be very time-consuming. In addition to inventory management and understanding the status of each device, key requirements include monitoring, maintenance, and upgrades across your system. An efficient and convenient way to monitor and perform maintenance is to use AXIS Device Manager Extend as a complement to AXIS Device Manager.

AXIS Device Manager Extend provides a dashboard with remote access that allows efficient inventory and asset management, ideal for multisite operations. It simplifies scaling of crucial maintenance tasks, such as upgrading AXIS OS; defining, applying and enforcing security policies; and managing applications.

AXIS Device Manager Extend speeds up troubleshooting, allowing you to identify and resolve potential problems remotely, removing the time and expense usually required for a site visit. The system administrator can use the software to instantly check the operational status of a device, its connection stability, and that all devices are operating as intended.

The software also provides the administrator with firmware status information, such as whether the firmware version is up to date and fully supported. Via AXIS Device Manager Extend, firmware upgrades can be pushed out to any connected device with just a few clicks. When a device is in service, it remains crucial to keep firmware updated to the latest version. Being fully patched today doesn’t mean that your device is fully patched tomorrow and ready to face the latest cybersecurity threats.

Some organizations can be reluctant to upgrade in-service firmware due to concerns that upgrades can affect system stability. AXIS Device Manager Extend provides two options to keep AXIS OS up to date: the active channel and the long-term support (LTS) channels. In the active channel, AXIS OS is continually updated with new features and security patches. Alternatively, organizations with concerns regarding upgrades have the flexibility of the LTS firmware track, which ensures crucial maintenance tasks such as security fixes and patches without adding any new functionality. AXIS Device Manager gives recommendations on LTS and active channel to help you make the best decision for your upgrade according to your needs.  Axis devices are typically supported with an additional five years with firmware patches after the hardware is end of life.

Recommendations on security policies and advice in deployment can be found in the Axis hardening guide. You can then use AXIS Device Manager Extend to set recommended security policies, such as making sure file transfer protocol (FTP) and secure shell (SSH) protocol are always closed. Applying these policies, you ensure that parameters are constantly maintained with the most up to date security compliance. Even if the settings are changed in error, AXIS Device Manager Extend will revert to the set policy.

In large systems, there’s the potential for high numbers of inactive, redundant accounts, such as temporary user names set up for one-time service purposes. These unused accounts enable entry points and pose a potential security risk. The AXIS Device Manager Extend dashboard presents an aggregated view of all user accounts and from here, the administrator can quickly manage them, removing them if necessary.

You can also use AXIS Device Manager Extend to apply application policies, such as making sure that AXIS Video Motion detection is always running the most up to date version on selected cameras. AXIS Device Manager Extend will also allow users to install and directly configure most applications on Axis devices.

Decommissioning

AXIS Device Manager Extend allows you to proactively plan for device replacements. You can track the status of warranties for all devices in the system, including product discontinuation and end of support information. The software will also present recommended replacements to help plan according to your budget after warranties expire. It’s also possible to export inventory lists to Excel (.csv) making it easy to provide reports for planning or audit purposes.

When decommissioning an Axis device, it’s also important to remove data and have a device sanitation process. A factory default should be made to erase all configurations and data. This is achieved via AXIS Device Manager itself, or through the camera web interface.

Efficient and secure lifecycle management

Throughout the lifecycle of a surveillance device, ensuring cybersecurity is vital. Axis device management tools increase the speed and efficiency of configuration, management, and maintenance of your devices over time. Most importantly, they help you ensure a secure system.

To learn more about cybersecurity and your devices, read more.
Cybersecurity
Terri Miller, Axis Communications
For further information, please contact: Terri Miller, Marketing Specialist, Axis Communications
Phone: +27 11 548 67 80