In addition to sharing responsibility across multiple partners, you must embed security measures into your network from one end to the other. Important considerations include on-premise vs. software-as-a-service (SaaS), human error, data residency, and data redundancy. While each of these concepts are distinct and must be considered separately, they can affect one another in complex ways.
For example, relying solely on on-premise systems and data storage doesn't add up to an effective risk reduction strategy. Most attacks are launched remotely, regardless of where data or applications reside. Additionally, strict on-premise policies introduce other risks, including lack of redundancy and the need for manual management, which is notoriously error-prone.
Comprehensive smart city solutions typically integrate several different system infrastructures, from connected lighting to enhanced mass transit, and many of these use cloud technologies to improve accessibility, availability, and—yes—security. Cloud services can be continually backed up to separate data centers with automatic capacity management and switchovers in periods of high demand or unanticipated service interruption. These services ensure that data is securely encrypted offsite, where a major weather event or other catastrophe can't wreak havoc. Leading vendors often coordinate security among several different offerings within their smart city portfolios, using cloud integration layers to ensure careful and properly vetted communications and data sharing.
End-to-end security should also include failsafe operation modes for essential services in the unlikely event that the broader infrastructure goes offline. For example, connected street lights compatible with Interact IoT lighting systems from Signify are designed to failover to a pre-loaded schedule when the control infrastructure is unavailable, and to store operational data locally until it can be reported to the back-end platform. This approach ensures that basic services remain uninterrupted even if a security exploit or other interruption occurs.