AMAG Access Control Readers

The jury is in: traditional security is out — and it’s being replaced with service-based solutions. The bottom line is: if you’re not embracing it, you’ll soon be left behind. XaaS — the collective term referring to the delivery of anything as a service — includes all services made possible through the use of the cloud. Security-as-a-Service (SaaS), which encompasses any type of system from access control to video surveillance, has paved the way for users to gain significant functionality and scalability not previously experienced with more traditional methods. Complicated IT functions SaaS allows manufacturers to provide numerous benefits to their customers As such, there is a marked transition for manufacturers from simply designing and building products to providing a service rooted in a partner- and customer-centric focus. This change hasn’t come easily. Some are still holding out and waiting for the “fad” to pass. However, the potential advantages for all parties involved far outweigh the perceived negative points. First and foremost, SaaS allows manufacturers to provide numerous benefits to their customers. An “as-a-service” model shifts the burden of data maintenance and infrastructure spending to an integrator/dealer partner or service provider. This relieves the end user of the expertise necessary to implement complicated IT functions to keep networked and on-premise solutions up-to-date. Traditional security systems Additionally, end users demand solid customer service. For some end users, traditional security systems are so similar in features and functionality that the key differentiator is the ability of the integrator or manufacturer to provide exceptional customer service and training. This is made possible through the service-based model, where customers appreciate a strong relationship with their integrator or manufacturer that provides them with additional knowledge and assistance when necessary. The cloud has proven to be  highly functional, flexible, and convenient for organisations Everyone also wants convenience. In the consumer market, we invest in things like meals that are pre-measured, prepped, and ready to be cooked, or companies that auto-ship dog food to our door each month. This ease-of-use translates over to the B2B market, where time is money and systems that save valuable resources are highly regarded. The role of the cloud The cloud has proven to be a highly functional, flexible, and convenient method for organisations to leverage as part of their strategies to protect and modernise their facilities. And the service-based nature lends itself well; forward-thinking integrators and dealers can diversify their product arsenal while still capitalising on a recurring monthly revenue model (RMR). But then why has there been so much resistance to this change? Over the last 10 to 15 years, the cloud has gotten a bad rap for a myriad of reasons, including usability, management, and unreliability. However, that view of the cloud is changing for the positive as the technology becomes more advanced and innovators learn more about what it means to design a product or service with security at its core. "As-a-service” platform For example, one of the biggest misconceptions that plagues the cloud is the idea that it is not secure. However, the security of public cloud service providers is integral to their success because their business depends on it. Developing an ongoing and trustworthy relationship with customers can only be made possible through the assurance that their services are safe and the customer’s data is protected. As such, they’ve embraced the service-based model that is, at its core, the future of the business world as we know it. There isn’t a person, manufacturer, or integrator partner out there today who isn’t somehow touched or influenced by an “as-a-service” platform. And it’s about time the service-based model that leverages the public cloud reaches the masses.

The statistics are staggering. The death tolls are rising. And those who now fear environments that were once thought to be safe zones like school campuses, factories, commercial businesses and government facilities, find themselves having to add the routine of active-shooter drills into their traditional fire drill protocols. The latest active shooter statistics released by the FBI earlier this year in their annual active-shooter report designated 27 events as active shooter incidents in 2018. The report reveals that 16 of the 27 incidents occurred in areas of commerce, seven incidents occurred in business environments, and five incidents occurred in education environments. Deadly active-shooter events Six of the 12 deadliest shootings in the country have taken place in the past five years Six of the 12 deadliest shootings in the country have taken place in the past five years, including Sutherland Springs church, Marjory Stoneman Douglas High School, the San Bernardino regional center, the Walmart in El Paso and the Tree of Life Synagogue in Pittsburgh, which have all occurred since 2015. Although these incidents occurred in facilities with designated entry points common to churches, schools and businesses, the two most deadly active-shooter events since 2015 were the Route 91 Harvest music festival shooting in Las Vegas that left 58 dead and the Pulse nightclub killings in Orlando where 49 perished. As Christopher Combs, special agent in charge of the FBI field office in San Antonio, Texas, said during a news conference following the August 31 mass shooting in Odessa, Texas that claimed seven lives: “We are now at almost every two weeks seeing an active shooter in this country." Active shooter incidents Between December 2000 and December 2018, the FBI’s distribution of active shooter incidents by location looks like this: Businesses Open to Pedestrian Traffic (74) Businesses Closed to Pedestrian Traffic (43) K-12 Schools (39) Institutions of Higher Learning (16) Non-Military Government Properties (28) Military Properties—Restricted (5) Healthcare Facilities (11) Houses of Worship (10) Private Properties (12) Malls (6) What the majority of these venues have in common is they all have a front entrance or chokepoint for anyone entering the facilities, which is why any active-shooter plan must include a strategy to secure that entry point. Situational awareness in perimeter and door security Preventing people with the wrong intentions from entering the space is the goal" According to Paul Franco, an A&E with more than 28 years of experience as a consultant and systems integrator focusing on schools, healthcare and large public and private facilities, that while active shooter incidents continue to rise, the residual effect has been an increase in situational awareness in perimeter and door security. “Certainly, protecting people and assets is the number one goal of all our clients. There are multiple considerations in facilities like K-12 and Healthcare. Preventing people with the wrong intentions from entering the space is the goal. But a critical consideration to emphasise to your client is getting that person out of your facility and not creating a more dangerous situation by locking the person in your facility,” says Franco. High-security turnstiles “Schools today are creating a space for vetting visitors prior to allowing access into the main facility. Using technology properly like high-security turnstiles offer great benefits in existing schools where space constraints and renovation costs can be impractical.” What steps should they be taken when recommending the proper door security to ensure the building is safe As a consultant/integrator, when discussions are had with a client that has a facility in a public space like a corporate building, government centre or industrial facility, what steps should they be taken when recommending the proper door security to ensure the building is safe and can protect its people and assets? For Frank Pisciotta, President and CEO of Business Protection Specialists, Inc. in Raleigh, North Carolina, a fundamental element of his security strategy is making appropriate recommendations that are broad-based and proactive. Properly identifying the adversaries “As a consultant, my recommendations must include properly identifying the adversaries who may show up at a client’s door, the likelihood of that event occurring, the consequences of that event occurring, determining if there are tripwires that can be set so an organisation can move their line of defence away from the door, educating employees to report potential threats and creating real-time actionable plans to respond to threats. A more reactionary posture might include such thing as target hardening such as ballistic resistant materials at entry access points to a facility,” Pisciotta says. Veteran consultant David Aggleton of Aggleton & Associates of Mission Viejo, California recommends that clients compartmentalise their higher security areas for limited access by adding multiple credential controls (card + keypad + biometric), along with ‘positive’ access systems that inhibit tailgating/piggybacking such as secure turnstiles, revolving door and mantrap if your entrances and security needs meet the required space and access throughput rates. Integrated solution of electronic access control Defining a single point of entry in some public facilities is becoming the new standard of care according to many A&Es and security consultants, especially in a school environment. This approach allows a concerted effort when it comes to staffing, visitor monitoring and an integrated technology solution. The bottom line remains: most buildings are vulnerable to a security breach A proactive stance to securing a door entryway will use an integrated solution of electronic access control, turnstiles, revolving doors and mantraps that can substantially improve a facility’s security profile. The bottom line remains: most buildings are vulnerable to a security breach, so it’s not a matter of if there will be a next active shooter tragedy, it’s only a matter of where. Enhancing access control assurance “There is no easy answer to this question,” says Pisciotta referring to how a secured entrance can deter an active shooter. “There have been at least two high-profile incidents of adversaries shooting their way into a facility through access control barriers. So, if the threat so dictates, a ballistic resistant might be required.” He concludes: “There is obviously no question that turnstiles, revolving doors and man traps enhance access control assurance. Electronic access control is easy to integrate with these devices and providing that credentials are secure, approval processes are in place, change management is properly managed and the appropriate auditing measures in place, access control objectives can be met.”

There’s a lot of hype around the term ‘digital transformation.’ For some, it’s the integration of digital technology into everyday tasks. For others, it’s the incorporation of innovative processes aimed at making business optimisation easier. In most cases, digital transformation will fundamentally change how an organisation operates and delivers value to its customers. And within the security realm, the age of digital transformation is most certainly upon us. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality. No longer are the cloud, Internet of Things (IoT) and smart cities foreign and distant concepts full of intrigue and promise. Enhancing business operations We’re increasingly seeing devices become smarter and better able to communicate with each other These elements are increasingly incorporated into security solutions with each passing day, allowing enterprises the chance to experience countless benefits when it comes to enhancing both safety and business operations. The term ‘connected world’ is a derivative of the digital transformation, signifying the increasing reliance that we have on connectivity, smart devices and data-driven decision-making. As we become more familiar with the advantages, flaws, expectations and best practices surrounding the connected world, we can predict what issues may arise and where the market is heading. We’re increasingly seeing devices become smarter and better able to communicate with each other through the IoT to achieve both simple goals and arduous tasks. Within our homes, we’re able to control a myriad of devices with commands (‘Hey Google...’ or ‘Alexa...’), as well as recall data directly from our mobile devices, such as receiving alerts when someone rings our doorbell, there’s movement in our front yard or when a door has been unlocked. Analytics-driven solutions The focus is now shifting to the business impacts of connectivity between physical devices and infrastructures, and digital computing and analytics-driven solutions. Within physical security, connected devices can encompass a variety of sensors gathering massive amounts of data in a given timeframe: video surveillance cameras, access control readers, fire and intrusion alarms, perimeter detection and more.As the data from each of these sensors is collected and analysed through a central platform, the idea of a connected world comes to fruition, bringing situational awareness to a new level and fostering a sense of proactivity to identifying emerging threats. The connected world, however, is not without its challenges, which means that certain considerations must be made in an effort to protect data, enhance structured networking and apply protective protocols to developing technology. Physical security systems We can expect to see the conversations regarding data privacy and security increase as well As the use of connected devices and big data continue to grow, we can expect to see the conversations regarding data privacy and security increase as well. Connectivity between devices can open up the risk of cyber vulnerabilities, but designing safeguards as technology advances will lessen these risks. The key goal is to ensure that the data organisations are using for enhancement and improvements is comprehensively protected from unauthorised access. Manufacturers and integrators must be mindful of their products' capabilities and make it easy for end users to adhere to data sharing and privacy regulations. These regulations, which greatly affect physical security systems and the way they're managed, are being implemented worldwide, such as the European Union's General Data Protection Regulation (GDPR). In the United States, California, Vermont and South Carolina have followed suit, and it can be expected that more countries and U.S. states develop similar guidelines in the future. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality Automatic security updates Mitigating the concerns of the ‘connected world’ extends beyond just data privacy. IoT technology is accelerating at such a pace that it can potentially create detrimental problems for which many organisations may be ill-prepared - or may not even be able to comprehend. The opportunities presented by an influx of data and the IoT, and applying these technologies to markets such as smart cities, can solve security and operational problems, but this requires staying proactive when it comes to threats and practicing the proper protection protocols. As manufacturers develop devices that will be connected on the network, integrating standard, built-in protections becomes paramount. This can take the form of continuous vulnerability testing and regular, automatic security updates. Protocols are now being developed that are designed to ensure everything is encrypted, all communications are monitored and multiple types of attacks are considered for defensive purposes to provide the best security possible. IoT-connected devices Hackers wishing to do harm will stop at nothing to break into IoT-connected devices Built-in protection mechanisms send these kinds of systems into protection mode once they are attacked by an outside source. Another way for manufacturers to deliver solutions that are protected from outside threats is through constant and consistent testing of the devices long after they are introduced to the market. Hackers wishing to do harm will stop at nothing to break into IoT-connected devices, taking every avenue to discover vulnerabilities. But a manufacturer that spends valuable resources to continue testing and retesting products will be able to identify any issues and correct them through regular software updates and fixes. ‘IoT’ has become a common term in our vocabularies and since it’s more widely understood at this point and time, it's exciting to think about the possibilities of this revolutionary concept. Providing critical insights The number of active IoT devices is expected to grow to 22 billion by 2025 — a number that is almost incomprehensible. The rise of 5G networks, artificial intelligence (AI) and self-driving cars can be seen on the horizon of the IoT. As more of these devices are developed and security protocols are developed at a similar pace, connected devices stand to benefit a variety of industries, such as smart cities. Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches to ensuring a city is well-run and safe. For example, think of cameras situated at a busy intersection. Cameras at these locations have a variety of uses, such as investigative purposes in the event of an accident or for issuing red-light tickets to motorists. But there are so many other possible purposes for this connected device, including providing critical insights about intersection usage and traffic congestion. These insights can then be used to adjust stoplights during busy travel times or give cities valuable data that can drive infrastructure improvements. Physical security market The impact of connected devices on cities doesn’t stop at traffic improvement. The possibilities are endless; by leveraging rich, real-time information, cities can improve efficiencies across services such as transportation, water management and healthcare. However, stringent protections are needed to harden security around the networks transmitting this kind of information in an effort to mitigate the dangers of hacking and allow this technology to continuously be improved. Whether you believe we’re in the midst of a digital transformation or have already completed it, one thing is certain: businesses must begin thinking in these connectivity-driven terms sooner rather than later so they aren’t left behind. Leveraging smart, connected devices can catapult organisations into a new level of situational awareness, but adopting protections and remaining vigilant continues to be a stalwart of technological innovation within the physical security market and into the connected world.

AMAG Technology, a provider of unified solutions that help organisations mitigate risk, releases Symmetry Control Room V4.5. Symmetry Control Room V4.5 is an open architecture command and control platform that unifies security. It brings together multiple, disparate systems into a single, personalised user interface which improves response time and security management. “The newest version of Symmetry Control Room offers many feature enhancements to simplify the security process while delivering more value to the user,” said AMAG Technology, Senior Product Manager, Jim Murray. “Control Room brings security together.” Controlling door access Symmetry Control Room V4.5 features a new Video Overlay to control and navigate the system directly Symmetry Control Room V4.5 features a new Video Overlay to control and navigate the system directly from within a camera view. The new Video Overlay option allows for symbols or objects to be placed directly onto the foreground layer of a camera video stream. For example, add Video Overlay objects as user selectable buttons to a camera’s view to connect to a nearby intercom, control door access, and switch to an adjacent camera while tracking an individual. The operator is able to monitor, control and track directly from within the camera view while keeping focus on the object of interest. Creating customised dropdown The Camera Lasso tool is a new feature that now allows for a quick display and/or control of devices within a selected area on a graphic or map, improving efficiency and response time. Users can quickly lasso or select a group of cameras, doors or intercoms, for example, and control those devices. Localise devices or objects with the ability to add GPS coordinates to any high resolution map as a background layer, allowing users to quickly locate or position devices within the map by geolocation. With Control Room V4.5, users now have the added flexibility to create customised dropdown menus and submenus to support desired actions. For example, create a ‘video replay’ command menu with submenu to go back one, two, or five minutes. Customise the time based on a company’s needs. To provide ease of use, Control Room V4.5 configuration updates with graphics or scripts are now reflected dynamically, eliminating the need to restart the client software to see the updates.

Insider threat programmes started with counter-espionage cases in the government. Today, insider threat programmes have become a more common practice in all industries, as companies understand the risks associated with not having one. To build a programme, you must first understand what an insider threat is. An insider threat is an employee, contractor, visitor or other insider who have been granted physical or logical access to a company that can cause extensive damage. Damage ranges from emotional or physical injury, to personnel, financial and reputational loss to data loss/manipulation or destruction of assets. Financial and confidential information While malicious insiders only make up 22% of the threats, they have the most impact on an organisation Most threats are derived from the accidental insider. For example, it’s the person who is working on a competitive sales pitch on an airplane and is plugging in financial and confidential information. They are working hard, yet their company’s information is exposed to everyone around them. Another type of insider, the compromised insider, is the person who accidentally downloaded malware when clicking on a fake, urgent email, exposing their information. Malicious insiders cause the greatest concerns. These are the rogue employees who may feel threatened. They may turn violent or take action to damage the company. Or you have the criminal actor employees who are truly malicious and have been hired or bribed by another company to gather intel. Their goal is to gather data and assets to cause damage for a specific purpose. While malicious insiders only make up 22% of the threats, they have the most impact on an organisation. They can cause brand and financial damage, along with physical and mental damage. Insider threat programme Once you determine you need an insider threat programme, you need to build a business case and support it with requirements. Depending on your industry, you can start with regulatory requirements such as HIPAA, NERC CIP, PCI, etc. Talk to your regulator and get their input. Everyone needs to be onboard, understand the intricacies of enacting a programme Next, get a top to bottom risk assessment to learn your organisation’s risks. A risk assessment will help you prioritise your risks and provide recommendations about what you need to include in your programme. Begin by meeting with senior leadership, including your CEO to discuss expectations. Creating an insider threat programme will change the company culture, and the CEO must understand the gravity of his/her decision before moving forward. Everyone needs to be onboard, understand the intricacies of enacting a programme and support it before its implemented. Determining the level of monitoring The size and complexity of your company will determine the type of programme needed. One size does not fit all. It will determine what technologies are required and how much personnel is needed to execute the programme. The company must determine what level of monitoring is needed to meet their goals. After the leadership team decides, form a steering committee that includes someone from legal, HR and IT. Other departments can join as necessary. This team sets up the structure, lays out the plan, determines the budget and what type of technologies are needed. For small companies, the best value is education. Educate your employees about the programme, build the culture and promote awareness. Teach employees about the behaviours you are looking for and how to report them. Behavioural analysis software Every company is different and you need to determine what will gain employee support The steering committee will need to decide what is out of scope. Every company is different and you need to determine what will gain employee support. The tools put in place cannot monitor employee productivity (web surfing). That is out of scope and will disrupt the company culture. What technology does your organisation need to detect insider threats? Organisations need software solutions that monitor, aggregate and analyse data to identify potential threats. Behavioural analysis software looks at patterns of behaviour and identifies anomalies. Use business intelligence/data analytics solutions to solve this challenge. This solution learns the normal behaviour of people and notifies security staff when behaviour changes. This is done by setting a set risk score. Once the score crosses a determined threshold, an alert is triggered. Case and incident management tools Predictive analytics technology reviews behaviours and identifies sensitive areas of companies (pharmacies, server rooms) or files (HR, finance, development). If it sees anomalous behaviour, it can predict behaviours. It can determine if someone is going to take data. It helps companies take steps to get ahead of bad behaviour. If an employee sends hostile emails, they are picked up and an alert is triggered User sentiment detection software can work in real time. If an employee sends hostile emails, they are picked up and an alert is triggered. The SOC and HR are notified and security dispatched. Depending on how a company has this process set-up, it could potentially save lives. Now that your organisation has all this data, how do you pull it together? Case and incident management tools can pool data points and create threat dashboards. Cyber detection system with access control An integrated security system is recommended to be successful. It will eliminate bubbles and share data to see real-time patterns. If HR, security and compliance departments are doing investigations, they can consolidate systems into the same tool to have better data aggregation. Companies can link their IT/cyber detection system with access control. Deploying a true, integrated, open system provides a better insider threat programme. Big companies should invest in trained counterintelligence investigators to operate the programme. They can help identify the sensitive areas, identify who the people are that have the most access to them, or are in a position to do the greatest amount of harm to the company and who to put mitigation plans around to protect them. They also run the investigations. Potential risky behaviour Using the right technology along with thorough processes will result in a successful programme You need to detect which individuals are interacting with information systems that pose the greatest potential risk. You need to rapidly and thoroughly understand the user’s potential risky behaviour and the context around it. Context is important. You need to decide what to investigate and make it clear to employees. Otherwise you will create a negative culture at your company. Develop a security-aware culture. Involve the crowd. Get an app so if someone sees something they can say something. IT should not run the insider threat programme. IT is the most privileged department in an organisation. If something goes wrong with an IT person, they have the most ability to do harm and cover their tracks. They need to be an important partner, but don’t let them have ownership and don’t let their administrators have access. Educating your employees and creating a positive culture around an insider threat programme takes time and patience. Using the right technology along with thorough processes will result in a successful programme. It’s okay to start small and build.

Products are the building blocks of the security industry. Historically much of the industry’s sales effort has been focused on highlighting product features and functionality. At the end of the day, however, an end user is less interested in the performance of any individual system component than in the system as a whole. Lately, the industry has embraced a changing sales approach by emphasising systems rather than products. We asked this week’s Expert Panel Roundtable: What are the benefits of a transition from selling security products to selling security solutions?