At the end of last year, we anticipated that data gathering and analysis would continue to be a strong trend, and that certainly proved to be the case in 2016.

 

More and more organisations are seeing the value of the intelligence provided by diverse systems’ data. The number and variety of networked systems and devices – both security and non-security – continued to grow steadily in the last year, and the data these disparate sources create has proven highly useful in identifying statistical patterns and trends that may indicate the likelihood of incidents occurring. More data leads to more complete intelligence, allowing organisations to more easily identify threats or business opportunities, make more informed decisions and create better outcomes in general.

Another key trend we anticipated in 2016 was the growth of security as a critical component in an organisation. This also proved to be the case in the last year, as the role of security teams continued to take on more relevance related to overall operations. This has largely been possible thanks to the ready availability of strong tools and solutions that allow security departments to lower costs, increase compliance and reduce the risk of insider threat. 

Identifying insider threats

Increased adoption of predictive analysis to identify potential threats and opportunities will continue to be a strong trend in 2017, as will the transformation of security from reactive cost centre to proactive business partner. Additionally, the coming year will see even greater emphasis on the convergence of physical and cyber security, which should come as no surprise given the ever-increasing number and sophistication of cyberattacks we have seen in recent months.

Nearly every organisation’s business strategy includes the critical need to secure networks and digital assets with technologies that apply intelligence to their infrastructures to detect vulnerabilities and improve network security. While these are vital measures, they overlook the role of physical security in protecting digital assets. Consider that many data breaches are actually perpetrated by individuals from within an organisation who are authorised to access sensitive areas of networks or facilities. Many other data breaches are the result of physical break-ins to steal a laptop or backup server.

Organisations are beginning to understand the need for strong physical security and identity management to complement cybersecurity programmes. In considering solutions to bridge the gap between the two, many find that the most effective practices are those that include physical and logical security working in tandem to thwart data breaches from inside and outside of an organisation. There is still a long way to go in making organisations aware of this reality, but we anticipate that education will expand awareness in the coming year.

Another key trend in the security industry for the last several years is mobile capability
Mobile PIAM solutions offer the ability to connect systems that use mobile devices, access control and offline locks

Increasing mobile capability

Another key trend in the security industry for the last several years is mobile capability, which will see even broader and deeper adoption and integration in 2017. A main area of growth will be mobile PIAM (physical identity and access management), which allows organisations to extend their infrastructure to areas that may otherwise be difficult or time-consuming to secure. These include locations such as outdoor or temporary venues, where deploying a traditional solution would be cost-prohibitive and where identity is often verified by consulting physical lists and checking photo IDs.

Mobile PIAM solutions offer the ability to connect systems that use mobile devices, access control and offline locks to deliver strong identity authentication, allowing organisations to more easily control access and extend control wherever there is a need. Given the flexibility, ease of use, effectiveness and cost savings these mobile PIAM solutions, will likely see steady growth in terms of both maturity and adoption in the coming year. 

Closing out another strong year

Following up on a strong 2015, Quantum Secure experienced another high-growth year in 2016. Since becoming part of HID Global in 2015, we have seen a rise in the volume and range of opportunities to deploy SAFE software solutions. Most notable was Quantum Secure’s involvement in the recent International Sporting Event held in Rio de Janeiro, Brazil, where SAFE Sports and Events Manager was deployed to manage and track the identities of approximately 500,000 credentialed individuals to reduce the risk of unauthorised intrusions and prevent potential threats. Using a mobile app, security staff were able to quickly and effectively validate individuals by simply swiping their credentials on handheld peripherals, while also performing an on-site visual verification via a workstation and/or mobile device.

Quantum Secure has led the way in software for identity management, compliance and access provisioning within physical security infrastructures, and we will continue our tradition of innovation in 2017 and beyond. We are continually looking to expand our SAFE portfolio to deliver solutions that simply physical identity and access management and generate actionable intelligence that can identify and eliminate potential risk for growing number of vertical markets and applications.

See the full coverage of 2016/2017 Review and Forecast articles here

Save

Save

Download PDF version

Author Profile

Don Campbell Director of Product Management, Quantum Secure, Inc

In case you missed it

BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage
BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SourceSecurity.com to discuss the reasoning behind the deal, and how the programme will benefit partners, integrators, and end-users alike. Expanding BCDVideo's product offering For BCDVideo, the HPE OEM programme has been widely acknowledged as a success, allowing the company to leverage a globally recognised brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support for integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting surveillance market demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating for growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.

How to manage physical security data in compliance with EU GDPR
How to manage physical security data in compliance with EU GDPR

Until recently, data laws have differed from one country to the next. This meant that for those organisations conducting business or protecting assets abroad, they needed to localise both their infrastructure and policies dependant on the country they were operating in. However, with the impending arrival of the EU GDPR (General Data Protection Regulation), which comes in to force on the 25th May this year, all of that will need to change. Data management in CCTV surveillance Surprisingly, despite the fact that much has been written about the impending EU GDPR, very little attention has been devoted to the process of ensuring compliance for the operation of video surveillance, access control and other physical security systems. The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data. As this includes such a large scope of data, any public or even private organisation using CCTV to monitor publicly-accessible areas must pay attention, as monitoring the public on a large scale is by default considered a high-risk activity. This includes information that shows who a person is, where they are and any other specifics about them.We have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies According to numerous market research studies, many organisations are yet to take the necessary steps in order to review the new regulations and ensure the necessary changes are made to meet these obligations. To date, we have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies. With the implementation deadline of the new regulations fast approaching, these should be in a better state of readiness, with standardised processes, common organisational approach and technology. Enhancing industry awareness of compliance  What’s more, a lot of legacy systems or disparate systems are still out there, and these may still have been entirely commissioned and operated by location-specific security teams. Regardless as to where your organisation stands in terms of technology, it is important to participate in the GDPR review with a greater sense of urgency.  The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data Tony Porter, the UK’s Surveillance Camera Commissioner, has been incredibly vocal in recent months with regards to making security system operators aware that their activities will be subject to the GDPR and to signpost them to relevant guidance from the ICO. For those actively seeking to ensure their businesses are compliant, his organisation’s independent third-party certification is a great place to start. However, with just a few months until the regulation comes into force, it is unfortunate that his organisation is not yet in a position to confirm this will be sufficient to demonstrate compliance with the EU GDPR. Ensuring regulatory preparedness With this being said, there are still a number of steps organisations can take to ensure they are well-prepared when the law comes into play: Get involved in the GDPR discussion If you haven’t already, proactively initiate a GDPR discussion with your legal team and ask for their guidance. Conduct a gap analysis to identify what works and what might require improvement in accordance with the new regulation. Then engage your consultants, integrators and manufacturers who should be able to advise on appropriate solutions. In the vast majority of cases, it should be possible to upgrade the existing system rather than ‘rip out and replace’.The appropriate use of encryption and automated privacy tools is a logical step Adopt privacy by design Under the terms of the EU GDPR, data that is anonymised or pseudonymised is likely to be low-risk. The appropriate use of encryption and automated privacy tools is therefore a logical step. For example, video redaction that blurs out people’s faces in video unless there is a legitimate reason to reveal their identity can minimise the dangers of having security cameras deployed in public spaces. Seek out certified and sanctioned organisations, such as the European Privacy Seal group ‘EuroPriSe’, a professional organisation whose purpose is to ensure companies meet the ‘GDPR-ready’ privacy compliance standards. Consider cloud-based services Owners of on-premises video surveillance, access control or ANPR systems are responsible for all aspects of EU GDPR compliance, including securing access to the systems and servers storing the information. However, by working with an approved cloud provider it is possible to offload some of these responsibilities. For example, we partner with Microsoft Azure to offer these systems ‘as a service’. This pathway significantly reduces the customer’s scope of activities required to ensure compliance and is highly cost-effective. Yet it is important to realise it isn’t a full abdication of responsibility. You remain accountable for ensuring data is classified correctly and share responsibility for managing users and end-point devices.  With data laws changing around the world, businesses need to seriously consider how their security technology investments will help them manage risks in order to keep pace. With the GDPR deadline approaching, it is the ideal time to re-evaluate practices, partner with forward-thinking vendors and adopt technologies that will help meet privacy and data protection laws. This way, businesses can minimise risk, avoid costly penalties and be ready for anything.

How should your security company measure total cost of ownership (TCO)?
How should your security company measure total cost of ownership (TCO)?

How much does a security system cost? We all know that total costs associated with systems are substantially higher than the “price tag.” There are many elements, tangible and intangible, that contribute to the costs of owning and operating a system. Taking a broad view and finding ways to measure these additional costs enables integrators and users to get the most value from a system at the lowest total cost of ownership (TCO). However, measuring TCO can be easier said than done. We asked this week’s Expert Panel Roundtable to share the benefit of their collective expertise on the subject. Specifically, we asked: How should integrators and/or end users measure total cost of ownership (TCO) when quantifying the value of security systems?