Articles by Adam Shane
“Better, Faster, Cheaper – choose any two” is the old adage for computerised systems. When it comes to businesses subjected to federal or industry security regulations, the equivalent saying might be, “mitigate risk, achieve compliance, or reduce cost – choose any two.” So if there were a way to have all three that would get your attention. Complying with regulations More and more industries are subjected to some form of regulation. Publicly traded companies must adhere to Sarbanes-Oxley (S-Ox), financial companies have Dodd-Frank, and the electric energy sector has FERC/NERC. There are also HIPAA, CFATS, TWIC, and more to come. Dealing with the requirements of these regulations has been challenging, and in many cases, the processes that will be audited are relatively manual. For instance, consider the granting of physical and logical access privileges. More often than not, this is initiated by an email to security who fills out a paper form. It is passed to appropriate managers for signature or an email confirmation may suffice (which is printed and attached to the form), and then changes are manually made in the access control systems. Failure to comply with regulations could expose the company to huge fines or other liability. Some companies may have recognised this inefficiency and moved forward with Active Directory integration between logical and physical access control systems. However, this only streamlines the actual provisioning or de-provisioning of cardholders and doesn’t track the approval process. Automated process A more efficient method is to automate the process using a policy-based web hosted software platform that allows personnel to request access for an individual to a particular facility or area. The workflow driven software can be configured to require various approvals prior to authorising access. Each approval (request and grant) is logged within the database, simplifying auditing and reporting to the point of a few clicks of the mouse. A more efficient method is to automate the process using a policy-based web hosted software platform that allows personnel to request access for an individual to a particular facility or area Compare this with having to store email approvals from various line managers and area owners. After getting trained on how to complete an approval, personnel have to manually implement the approval and attempt to consolidate information for reporting and auditing purposes. The cumbersome process takes time, costing money, and the liability of storing paper records is inefficient and difficult to manage. Plus, there is no way to accurately track human error or if policies were not followed. If an employee requires access to a particular facility to complete a job assignment, rather than waiting for a manual process to be completed (that could take several days and irritate the personnel that have to babysit the approval process), the employee could log into a web portal and request the access. An automated policy management system determines the employees certifications for access to the area, gets the manager and area owner approvals (and any other necessary approvals) and then makes the access privilege change in the access control system. All of these steps and the data collected are stored in a hosted, high security environment, protecting the data, but at the same time making it available to managers and other authorised personnel to provide their reports for evidence of compliance. Web hosted software When achieving compliance, organisations designate employees with specified roles. Some roles require certifications that must be updated annually to continue to have access to certain areas. The policy-based software automatically notifies the employee and manager when a certification is about to expire, prompting action. Updates may be needed for training, background checks or to maintain a specialised certification that requires a class. A policy-based web hosted software automates periodic attestation. Managers are required to validate access for personnel on a scheduled basis (such as once per quarter). They are provided with an indication that prerequisites are met and must determine that access is still appropriate. This is completed through electronic compliance audits, and these audits help companies meet cyber and industry specific regulations such as NERC CIP. The software forces policy to be followed, mitigating risk of violation or inappropriate access. When used with an access control software system, auditing all access privileges allows companies to meet compliance requirements. To reduce risk and meet compliance, a policy-based web hosted software logs every step of the security process To reduce risk and meet compliance, a policy-based web hosted software logs every step of the security process: provisioning of access during on boarding of employees/contractors and the de-provisioning of access during off-boarding. The software easily changes access privileges due to changing responsibilities, roles or other reasons. It helps companies meet compliance through regularly scheduled (defined by company or compliance regulations) attestation of access privileges. All information is stored together, in secure, redundant, high security manner for easy and reliable retrieval for audit or reporting purposes. Security management made easy Providing evidence of compliance now becomes a few clicks of the mouse rather than rummaging through a file cabinet full of paper. The solution is designed to reduce effort, improve reliability, and overall simplify the compliance process. When a security management system and policy-based system are used together, it reduces the cost of managing and maintaining regulatory compliance while mitigating risk of fines, policy violations, or inappropriate access through a streamlined compliance management solution. When this streamlined approach is provided in a Software as a Service (SaaS) model, the solution is provided on a subscription basis, eliminating a heavy initial outlay of capital, thereby significantly reducing the cost of such a valuable function. There are no servers to maintain, no OS patching to be concerned with, and no information protection concerns. You really can have it all. Mitigate risk to the company and the facility due to not following security policies; achieve regulatory compliance; and reduce the cost of implementing the automated governance solution by eliminating manual processes, relocating physical assets to avoid the IT costs associated with maintaining an on-site solution, and only paying for the system based on actual use by means of a subscription service.
AMAG will demonstrate its security management system in collaboration with HID pivCLASS module and RK40/RKCL40 readers AMAG Technology will be demonstrating its FICAM compliant HSE Symmetry Security Management System in collaboration with HID Global’s pivCLASS® Validation Engine, Authentication Module and RK40®/RKCL40® readers at the SIA Government Summit, held June 8-10, 2015 at the W Hotel in Washington D.C. The SIA Government Summit brings together government and industry leaders in the area of physical and electronic security. AMAG Technology is a long time member of SIA and proud sponsor of the Government Summit. AMAG Technology is a security management solution provider that specialises in access control, and a complete suite of video management solutions and intrusion management options for the commercial and government markets. Senior Systems Design Architect, Adam Shane will be participating in the panel discussion, securing the Electric Grid; How Utilities are Meeting the New NERC Standard for Physical Security, on Tuesday, June 9 at 10:00 a.m. Representatives from the security and electric power industries will discuss expectations as compliance requirements drive physical security upgrades and substations and control centers in the United States. The SIA Government Summit attracts The SIA Government Summit attracts a diverse group of security professionals: executives, integrators, sales and marketing, and government relations professionals. Panels are focused on helping attendees do business with the government and gain a better understanding of the trends in the market. Featured speakers include U.S. Congressman John Ratcliffe, R-Texas, U.S. Senator Ron Johnson, R-Wis., Hennepin County Sheriff, Minnesota, Rich Stanek, and Dept. of Defense, Director, Defense Forensics and Biometrics Agency, Don Salo. Attendees will have one-on-one networking time with government and private sector professionals. Director of Government Systems, Ryan Kaltenbaugh sits on the Government Relations Committee for SIA, the committee that hosts the SIA Government Summit. The Government Relations Committee monitors pending regulations that impact the security industry.
AMAG Technology, a worldwide provider of complete end-to-end security management solutions for access control and video management announced recently that its Symmetry™ security management system has been approved as a Federal Identity Credential and Access Management (FICAM)/FIPS 201 compliant solution by the U.S. General Services Administration. Partnering with HID Global: AMAG Technology has partnered with HID Global® to provide a complete end-to-end physical access control system to government entities requiring GSA-approved (physical security) solutions. AMAG’s Symmetry Access Control software and Symmetry Intelligent Control panels along with HID Global’s pivCLASS® Validation Engine, pivCLASS Authentication Module and pivCLASS RK40®/RKCL40® readers met the rigorous testing requirements. Security manufactures’ products must be FICAM-compliant to meet specific security requirements mandated by the US government. “Achieving FICAM compliance guarantees government agencies that GSA-approved Symmetry products will meet all government requirements and standards, and support our existing customer base while expanding aggressively into other areas of the market,” said AMAG Technology, Director of Government Systems, Ryan Kaltenbaugh. Solutions for Federal government: “The addition of Symmetry to the Approved Products List is in direct response to our ability to develop solutions for our government customers as their demands change over time,” said AMAG Technology, Sr. Systems Design Architect, Adam Shane. “We quickly engineered a solution to meet the testing requirements for Federal ICAM compliance. The Symmetry product is flexible and we plan to continue to work with the GSA to get additional solutions approved.” AMAG Technology has been installing Symmetry in the federal government market for over 20 years and secures branches of the Department of Defense, Department of the Interior, most branches of the military and many other government agencies. Symmetry meets FIPS 201, FIPS 197, SP800-116 and HSPD-12 standards. “Our history demonstrates AMAG’s dedication to the federal government market, and receiving FICAM approval ensures we are committed to being a trusted partner,” said AMAG Technology, President, Matt Barnette. FICAM-compliance: Government entities are required to install FICAM-compliant products to meet their security specifications. Last year, the GSA realigned its Approved Products List requirements with the FICAM Roadmap. To be in compliance, products must meet rigorous APL testing requirements, and integrate with coordinating vendor products to establish an end-to-end security solution that meets government requirements FIPS 201 and SP 800-116. Symmetry software offers government agencies a security management solution that is easier to use, faster to implement and intuitive, providing faster response times and enhancing security.
AMAG Technology, a worldwide provider of complete end-to-end security management solutions for access control and video management, is pleased to announce that Samsotech International is now a member of the Symmetry™ Extended Business Solutions Program as a Certified Partner. Samsotech has certified its Passport Scanner with AMAG’s Symmetry™ V8 Security Management System. AMAG and Samsotech cooperatively tested and certified this integration. “Samsotech is a great addition to the EBS program. Their ultra-fast scanners come in a variety of form-factors and are compatible with a wide range of identity documents, making them an ideal partner because Symmetry also offers customers flexible, efficient green-field installations, as well as solutions for retrofit of current and end of life products from other manufacturers. Samsotech scanners and Symmetry security management software make a great combination for the front lobby, the HR office, or anywhere in between,” said Symmetry Extended Business Solutions Program Manager, Adam Shane. “We are excited to offer a fast, automated and accurate visitor management and access control solution with Samsotech’s Passport and ID Scanning Interface with Symmetry,” said Samsotech International, Senior Manager - Key Accounts, Sonali Deshpande. “Samsotech’s cutting edge technology is designed to eliminate manual data input by automating data intake. The result is enhanced accuracy, increased productivity and greater ROI.” The Samsotech Interface is used to scan and import personal details from valid identity documents of employees and visitors into the Symmetry access control system. Samsotech passport scanners can read the following ID documents: All international ICAO compliant passports and International ID cards type 1 & 2 Several local identification cards and driver licenses (6,500+) Machine readable VISAs This module will enhance visitor management through easy, accurate and automated entry of visitor ID details, thereby increasing the efficiency and speed of the visitor registration process. Furthermore, it can also be used by an authorised employee to enter personal information about visitors prior to their arrival. Samsotech Interface Module minimises errors associated with manual data entry and provides a complete automated experience to the user. On the access control side, this module will allow quick and easy capture of an authorised person’s data to offer access in a timely manner.
Key Systems has certified its GFMS integrator software with AMAG’s Symmetry V8 security management system AMAG Technology, an access control, IP video and intrusion detection (IDS) solution provider, is pleased to announce that Key Systems, Inc. is now a member of the Symmetry™ Extended Business Solutions Programme as a Certified Partner. Key Systems has certified its Global Facilities Management System (GFMS) Integrator software with AMAG’s Symmetry™ V8 Security Management System, which provides two-way data sharing between GFMS and AMAG’s newest version of Symmetry access control software. AMAG and Key Systems cooperatively tested and certified this integration. “We are happy to welcome Key Systems to the Symmetry Extended Business Solutions Programme and offer end users more product options for their access control needs,” said Symmetry Extended Business Solutions Programme Manager, Adam Shane. “Symmetry access control and GFMS Integrator software share data to better manage physical assets.” "We're excited to partner with Symmetry. It’s a product we know from experience helps our customers reach the high standard in physical security they expect. We've had successful integrations in the field for years and we're excited to continue and extend that with Symmetry V8," said Key Systems Inc.’s Integration Manager, Ben Morley.
AMAG Technology, a worldwide provider of complete end-to-end security management solutions for access control and video management, announced recently that its new Symmetry V8 software has been expanded to address the specific needs of end users in the federal government market. While Symmetry V8 meets the needs of many vertical markets, the latest V8 software is specifically designed to meet FICAM testing lab requirements for 128-bit credentials, and has been submitted to the U.S. General Services Administration (GSA) for final Federal Identity Credential and Access Management (FICAM) compliant testing and approval. “The latest version of Symmetry software as a FICAM-compliant, GSA-approved solution is an example of AMAG’s continued commitment to the federal government market. We are looking forward to the opportunity to partner with federal government agencies in their efforts to comply with current PACS standards,” said AMAG Technology, Director of Government Systems, Ryan Kaltenbaugh. AMAG Technology has partnered with HID Global®, a worldwide leader in secure identity solutions, to provide a complete end-to-end physical access control system to government entities requiring GSA-approved solutions. The AMAG Technology access control and HID Global PKI validation solution includes: AMAG Technology’s Symmetry access control software, Symmetry Intelligent Control panels, HID Global’s pivCLASS® Validation Engine, pivCLASS Authentication Module (PAM) and pivCLASS RK40®/RKCL40™ readers. New Symmetry V8 supports many features preferred by the federal government. End to end security management system for 128-bit identifiers to meet FICAM lab testing requirements Enhanced flexible access rights assignments Intuitive user interface and full featured base offering Unified Video Management solutions with leading VMS partner integrations ONVIF Profile S Plug-in for expanded HD camera support AMAG Technology has been installing Symmetry in the federal government market for over 20 years and supports all branches of the Department of Defense including numerous cabinet level agencies and departments around the globe. AMAG’s Symmetry Security Management System provides a powerful end to end security solution for government entities needing to meet FIPS 201, FIPS 197, SP800-116 and HSPD-12 standards. “We are committed to developing products that meet our customer’s expectations and beyond. We continue to enhance our Symmetry product line and partner with best of breed manufacturers to bring advanced technology solutions to the market in support of government and other markets that value the ICAM roadmap proposition,” said AMAG Technology, Senior Systems Design Architect, Adam Shane. Government entities are required to install FICAM-compliant products to meet their security specifications. Last year, the GSA realigned its Approved Products List requirements with the FICAM Roadmap. To be in compliance, products must meet rigorous APL requirements, and integrate with coordinating vendor products to establish an end-to-end security solution that meets government requirements FIPS 201 and SP 800-116. This latest Symmetry software release will offer government agencies a security management solution that is easier to use, faster to implement and at the same time enhances security response.
AMAG Technology, an access control, IP video and intrusion detection (IDS) solution provider, is pleased to announce that Verint®, a longtime member of the Symmetry™ Extended Business Solution (EBS) Program, has certified its latest version of Verint Situation Management Center™ (SMC) software with AMAG’s Symmetry™ v7.0.1 Access Control Software. AMAG and Verint cooperatively tested and certified this integration. “Verint’s participation in the Symmetry EBS Program demonstrates its commitment to providing customers valuable integrations to best secure their organisations,” said Symmetry Extended Business Solution, program manager, Adam Shane. “The situation management software also broadens our access control value proposition to our integrators and end users, and offers more security options.” "The certification of Verint Situation Management Center with AMAG’s Symmetry Access Control Software further enables mutual customers to experience more flexibility and greater choice in systems design, while taking full advantage of Verint’s Security Intelligence portfolio,” added Steve Weller, senior vice president and general manager, Verint Video and Situation Intelligence Solutions™. “As situation management capabilities continue to evolve at a rapid pace, this certification helps ensure AMAG Symmetry customers have the opportunity to experience all of Verint’s latest capabilities to help maximise situation awareness." The Verint Situation Management Center and AMAG Symmetry SMS integration provides such end user benefits as: Set connection and account information to AMAG Symmetry through easy to use interface Auto-discovery of AMAG Symmetry hardware devices Receive real-time AMAG Symmetry access events in the Verint Situation Management Center interface Verint Situation Management Center is a comprehensive software solution that provides a full range of capabilities for the various phases of situation management, including real-time situation awareness, efficient response and notification, investigation and debriefing, planning and compliance, and preventive intelligence. The solution is designed for efficient object identification, information correlation, and location analytics across data and sensors from integrated subsystems. It also can manage thousands of sensors and systems used for identity, security, life safety, CBRNE (Chemical, Biological, Radiological, Nuclear and Explosives), building management, communications, transportation and mobility, and environmental issues. It uses a GIS-based visual database to link sensors, maps and events together to provide users with a unified and easy-to-use interface for situation management. The plug-in is posted on Verint’s extranet for partners and customers to download. A tech note for installation instructions is also included.