Keeping track of keys at Festival Place had become a full-time job. With over 170 shops, a cinema, sports centre and restaurants, the large retail complex has an ever-changing roster of permanent staff, cleaners and out-of-hours contractors. Everyone requires secure entry on demand. 

At the same time, the public needs open access to a pool and gym, retail outlets and car parks, for 18 hours or more every day. Lockdown was not an option, yet a single lost key could become a security problem for all users and tenants. 

CLIQ® solution

The solution was CLIQ®, a security locking system with high-end microelectronics, programmable keys and cylinders. Installing just over 250 CLIQ® mechatronic cylinders from ASSA ABLOY drastically cut the burden that mechanical key management was placing on site security staff. 

Now, cleaners and maintenance workers are issued with a key that allows entry to specific doors for a pre-defined time period. After the permitted time ends, the key no longer works. Using simple online software, site managers can immediately de-authorise and reissue a lost key, or amend any key’s permissions.

A single lost key could become a security problem for all users and tenants

Only genuine CLIQ® keys with the relevant authorisation will open a CLIQ® lock, meaning security risks from copied keys are no longer an issue. Generating a comprehensive audit trail – who accessed which lock, and when – takes just a couple of mouse clicks. 

Flexible, programmable locking solution

CLIQ® has also cut Festival Place operational costs. The electronics in CLIQ® locks are powered by the standard battery inside every CLIQ® key, not mains electricity. Installation was wireless, a huge saving on potentially expensive electrical work. 

With CLIQ®, there is no need for keyholders to return to an administrator to change or update permissions. Everything is controlled remotely from the admin dashboard, streamlining everyone’s workflows. At Festival Place, CLIQ® technology now powers a flexible, programmable locking solution. It has put security managers in control of their 102,000 sq. m premises, around the clock, without compromising security. 

“We were looking to solve key management issues,” explains Craig Allen, Festival Place’s security centre manager. “CLIQ® enabled us to have more control. “We now have plans to phase out mechanical keys altogether, replacing them with CLIQ® within two years.”

Download PDF version

In case you missed it

Where is it inappropriate to install video cameras?
Where is it inappropriate to install video cameras?

Video cameras are everywhere, and hundreds more are installed every day. Our society appears to be reaching a point of perpetual surveillance. It certainly feels as if we are always being watched even though it is not yet the case. But as cameras are becoming more common than ever, we are also entering a new era of privacy concerns and sensitivities, as evidenced by GDPR and other such initiatives. We presented this quandary to this week’s Expert Panel Roundtable: Surveillance cameras can go anywhere, right? Where is it “not OK?”

How SecuriThings boosts cybersecurity across multiple IoT devices
How SecuriThings boosts cybersecurity across multiple IoT devices

As Internet of Things (IoT) devices go, networked video cameras are particularly significant. Connected to the internet and using on-board processing, cameras are subject to infection by malware and can be targeted by Distributed Denial of Service (DDoS) attacks. Hacking of cameras also threatens privacy by allowing unauthorised access to video footage. The performance of hacked cameras can be degraded, and they may become unable to communicate properly when needed. Ensuring cybersecurity is a challenge, and the fragmented structure of the video surveillance market contributes to that challenge. A variety of companies are involved in manufacturing, integrating, installing and operating video systems, and cybersecurity threats can enter the picture at any stage. “It’s not always clear who is responsible,” says Yotam Gutman, vice president of marketing for SecuriThings, a cybersecurity company. “However, the only entities who can ensure cybersecurity are the security integrator and the service provider. They will bear the financial pain and are willing to pay for cybersecurity. An extra $1 or $2 per camera per month is not expensive.” SecuriThings’ “lightweight software agent” runs in the background of video cameras, sending information to an analytics system in the cloud IoT device security management At the recent IFSEC trade show in London, SecuriThings unveiled its IoT Device Security Management (IDSM) approach to enable integrators to ensure cybersecurity. Founded in 2015, the company has around 20 employees in Tel Aviv, Israel, and operates a sales office in New York City. SecuriThings’ “lightweight software agent” runs in the background of video cameras, collecting metadata on camera processes and connections and sending information back to an analytics system in the cloud. Drag-and-drop deployment enables a camera to begin generating data within seconds and requiring only two mouse clicks. The cloud system analyses data, pinpoints abnormalities, identifies new users, detects multiple entry attempts and tracks other camera processes to identify any cyberattacks. It monitors all devices, gateways, users and APIs to detect threats in real-time and mitigate the threats based on a pre-determined security policy. Machine learning tools also analyse more subtle activities that can indicate insider abuse. For example, a user support center can identify if cameras are being accessed improperly by employees, thus preventing insider abuse. Certified vendor agnostic software SecuriThings is working with camera manufacturers and video management system (VMS) manufacturers to certify operation of its software agents with various camera models and systems. Working through integrators, such as Johnson Controls, is the fastest route to market, SecuriThings has determined. The system can be added after the fact to existing installations for immediate monitoring and remediation, or it can easily be incorporated into new systems as they are launched. “We have a strong sales team in the United States focusing on bringing the technology to more local and national integrators,” says Gutman. Certification ensures SecuriThings’ software agent can be installed in most modern camera models without negatively impacting operation; the software is vendor agnostic. Another eventual route to market is to work with camera manufacturers to install the SecuriThings software agent in cameras at the factory. In this scenario, the system can easily be “clicked on” when cameras are installed. The SecuriThings cloud system generates a dashboard that tracks system activities to identify any cybersecurity threats IoT Security Operations Center SecuriThings operation is transparent to the VMS, and the company works with VMS manufacturers to ensure the code operates seamlessly with their systems. Cloud analytics generate a dashboard that tracks system activities, and/or a managed service monitors the system and notifies customers if there is a problem. “We monitor it from our IoT Security Operations Center, a fully managed service that ensures the real-time detection and mitigation of IoT cyber-threats,” says Gutman. “We found that end-customers don’t have the manpower to monitor the system, so our experts can guide them.”Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable" A benefit for camera manufacturers is the ability of a system like SecuriThings to “level the playing field” on issues of cybersecurity, says Gutman. The approach provides a higher level of cybersecurity confidence for integrators and users, including those using cameras that have previously had cybersecurity problems such as “back door” access. SecuriThings has certified its software for use with Hikvision cameras and is in the process of certifying with Dahua, says Gutman. “Western manufacturers say their products are more secure, but we can help all camera manufacturers prove that they are just as secure,” says Gutman. “Integrators and users can log into a device and see all the activity.” Securing connected devices from cyber threats Beyond video, SecuriThings’ products target the full range of connected devices in the Internet of Things (IoT). The SecuriThings security solution enables real-time visibility and control of IoT devices deployed in massive numbers in smart cities, physical security, building automation, home entertainment and more. Video surveillance is an early focus because of market need, an opportunity to gain traction, and the critical nature of security applications. But the challenges are much broader than video surveillance. “We are seeing similar risks to other devices,” says Gutman. “Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable. If you can disable the access control system, you can cause a lot of problems.” Other connected devices that could be at risk include building automation and heating and cooling (HVAC) systems.

Social media data provides security professionals with real-time situational awareness
Social media data provides security professionals with real-time situational awareness

Twitter has around 350 million active users a month, all eagerly posting 280-character “tweets” about the world around them. It’s a vast amount of data from all over the globe. Security professionals have begun to appreciate the value of mining all that data for insights to help them protect people, assets and operations. One company leveraging the Twitterverse to provide real-time situational awareness to corporate security end users is Dataminr.Dataminr assembles this information flow into a useful timeline that summarises the ongoing sequence of events Algorithms for actionable security signals The New York-based technology company has developed algorithms that comb through the full Twitter dataset to provide actionable signals to security professionals around the world about security-related events as they unfold. For corporate security, early information about an unfolding event enables them to take action faster in order to secure their people, locations and business operations. “OMG! Just heard a loud bang on the quad,” a tweet might declare. Combined with location information gleaned from a mobile phone, such a tweet could be the first indicator of an unfolding security incident. As an event unfolds, hundreds of such tweets are likely to be posted from the surrounding areas, collectively offering a running narrative of developing events. Dataminr assembles this information flow into a useful timeline that summarises the ongoing sequence of events. Many times, tweets are the first information available from an incident even before the arrival of first responders.Dataminr’s information is provided in a variety of platforms, from a web-based dashboard to a mobile app or notification via email “Early notification allows security professionals to be more proactive,” says Dillon Twombly, SVP, Corporate Sales at Dataminr. “We have a broad range of users across Fortune 1000 companies, and also including country security managers, security operations centers, and executive protection. "In retail, we provide information for security operations or loss prevention. Events sometimes have a potential to spin out of control, and we allow security professionals to react faster and get ahead of an event proactively.” Various security platforms Dataminr’s information is provided in a variety of platforms, from a web-based dashboard to a mobile app or notification via email. The system can be integrated with a company’s workflow, and the software interfaces with various security platforms, such as physical security information management (PSIM) systems. Another corporate use for Dataminr is in public relations, where social media could be a source of misinformation or rumors about an issue or event Dataminr addresses all regulatory and legal concerns, and it is GDPR-compliant. However, privacy is generally not a big concern because Twitter data is posted publicly, and Dataminr gleans information related to a specific event, not a specific Twitter user’s individual data. “Over the past couple of years, we have grown the security vertical,” says Twombly. “The market is receptive to the value of social media as a tool for users tasked with responding in a comprehensive way to a range of issues.”The company’s services are useful across the full range of vertical markets in the security industry Public safety and security In addition to security and public safety applications, Dataminr also provides services to financial companies and even media outlets. In fact, the 9-year-old company started in finance, where stock or currency traders were able to leverage breaking news notifications to make decisions faster. In the media vertical, Dataminr provides information to 500 newsrooms globally. Public safety and security uses have evolved, and Twombly currently spearheads the company’s work in corporate security, calling on his experience in the security world. Another corporate use for Dataminr is in public relations, where social media could be a source of misinformation or rumors about an issue or event.Customers can customise the kind of information they want to receive, and Dataminr algorithms use the full publicly available data set of Twitter Tracking Twitter posts enables a company to get ahead of an evolving story and help to shape the narrative. Twombly says Dataminr has “deep and broad relationships” with corporate customers and delivers information that can possibly be used by multiple departments in an organisation. The company’s services are useful across the full range of vertical markets in the security industry, from transportation to major industrials to financial services to energy. In the education vertical, major universities are customers, as are local school districts. Customers can customise the kind of information they want to receive, and Dataminr algorithms use the full publicly available data set of Twitter. Twombly says the company’s software is constantly evolving and being fine-tuned in response to changing needs. Dataminr is a “strategic partner” of the social media giant and works closely with them on product development, he adds.