Articles by Christian Morin
Adoption of the cloud is not slowing down. In fact, what’s happening is quite the opposite. According to IDC, worldwide spending on cloud computing is expected to reach $162 billion USD in 2020, growing at a compound annual rate of 19%. This isn’t surprising when you consider that more organisations are looking outside their own environment for solutions that will help them become more agile, maximise resources and save money. Yet, while this study and countless others show that more companies are embracing the cloud and its benefits, many are still hesitant to make the move. One of the biggest reasons why is security. Particularly in the physical security industry, there is a common misconception that on-premises systems on closed networks are more secure. Many still believe that connecting to a cloud-based application becomes a source of vulnerability that will put corporate data and systems at risk. In this article, we will explore why this belief is unfounded, and why more organisations are relying on cloud service providers to enhance their systems’ security. Why isolated on-premises systems are not immune to threats Everyone is working with the same security tools. It doesn’t matter whether it’s an IT team securing an on-premises network, server or system, or a cloud provider protecting its infrastructure and its clients’ applications and data. Essentially, anyone can implement multiple layers of security to reinforce confidentiality, integrity and availability. These can include many mechanisms such as firewalls, intrusion detection systems, multi-factor authentication, antivirus software, etc. While these security measures exist, the reality is that organisations either lack the expertise or the capital to build and maintain infrastructures with the utmost protection. This inevitably leaves their isolated networks and on-premises systems vulnerable to attack. The WannaCry and Petya Ransomware attacks are good recent examples of how these vulnerabilities can be exploited, causing catastrophic results. Specifically, WannaCry attacked vulnerabilities in the Microsoft Windows operating system, allowing the malware to quickly spread to neighbouring computers. The vulnerability was promptly patched by Microsoft as soon as they were made aware, but those that did not get around to updating their systems were left at risk. Within a day of the attack being launched, it was reported that over 200,000 systems around the world were infected, holding personal and corporate data hostage in exchange for bitcoin payments. All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers Four reasons why the cloud improves your cyber security posture As noted above, attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud. Therefore, mitigating system risks is not so much about where the infrastructure is physically located. Instead, it’s about how well the system and its infrastructure is managed from a physical and logical security standpoint. With this in mind, below are a few reasons why cloud applications can often be more secure than isolated on-premises systems that are managed internally by an organisation. 1. Cloud providers make layers of security more accessible Keeping systems safe from threats is costly and complex. To do it alone, and do it well, businesses must have dedicated resources and large budgets. This is why cloud providers have an advantage. They can use economies of scale to enhance their operations and provide high levels of security for their shared infrastructure. All the money, time and resources invested in building and maintaining a highly-secure cloud platform does not just benefit one company, but thousands or millions of customers. Therefore, these businesses can take advantage of multiple layers of security that they would not have been able to put in place themselves. 2. Cloud providers facilitate system updates and patches Ensuring systems are always up to date and minimising risk require constant attention. The landscape of cyber threats is evolving, and many vulnerabilities that hackers prey on are quickly identified and fixed by vendors in software version updates. Unfortunately, updating software is time-consuming, so when an organization is faced with budget constraints, it’s a task that often falls through the cracks. A benefit of using a cloud service is that system updates are facilitated by the cloud service provider. As soon as the latest versions and fixes are available, the organisation will have access to them. This helps to ensure that systems remain protected against known vulnerabilities. Attacks often happen when people tap into system vulnerabilities, regardless of whether the system is running in an isolated on-premises environment or in the cloud 3. Cloud providers take onus for the risk of threats Top-tier cloud service providers use more stringent security measures for their infrastructures than most businesses. This is because their product and core competency is at stake. In fact, companies like Microsoft have a global incident response team that works around the clock to mitigate against attacks. The company also builds security into its cloud platform from the ground up, embedding mandatory security requirements into every phase of the development process. Top cloud providers also go out of their way to comply with international and industry-specific compliance standards, and participate in rigorous third-party audits which test and verify security controls. 4. Cloud providers have strict policies to prevent unauthorised access Physical security plays an important role in safeguarding against cyber attacks. For instance, it is not uncommon to see access control servers sitting under a receptionist’s desk in the front lobby of an organisation. At any point in time, the data can be stolen or destroyed with a single USB key. For a cloud service provider, mitigating against internal threats is a critical component of what they do. From the policies and processes they outline to technologies they use, cloud service providers build datacentres with unprecedented levels of physical security. They also implement comprehensive incident response protocols, so that any breach is promptly detected and immediately dealt with. Why outsource the risk and costs to cloud providers? When it comes to cyber security, the stakes are high - and organisations are finding it more challenging to keep pace with the onslaught of new threats. This is why many are transferring the responsibility and risk over to cloud service providers. Cloud service providers are not only better equipped to manage and maintain these systems and keep them secure, but also make it more affordable for their customers to access the highest possible levels of security.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions, announced that Security Center Omnicast™, its video management system (VMS), has received the UL 2900-2-3 Level 3 cybersecurity certification for the second year in a row. The UL Cybersecurity Assurance Program (UL CAP) is a robust certification program that evaluates the security of network-connectable products and vendor processes. It features standardisd, testable criteria from the UL 2900 series of cybersecurity standards for assessing software vulnerabilities and weaknesses in embedded products and systems. UL 2900-2-3 Standard The UL 2900-2-3 Standard for Security and Life Safety Signaling Systems was created with three possible levels of certification, ranking with an increasing level of security for each tier, to specifically test physical security systems for cybersecurity robustness. Level 3, for which the Security Center Omnicast™ VMS is certified, is the most advanced. It includes a series of checks including fuzz testing, code and binary analysis, vulnerability assessment, penetration testing, and risk management methodology validation. Cybersecurity certification program “As a global safety science leader, UL is dedicated to promoting safe environments. As part of that mission, the UL Cybersecurity Assurance Program is a robust cybersecurity certification program for network-connectable products, which has to be renewed every year,” said Chris Hasbrook, UL’s vice president and general manager, Building and Life Safety Technologies division. “As a vocal proponent of cybersecurity best practices for many years, we have always given fastidious attention to our own processes and operations. Being awarded this UL 2900-2-3 Level 3 Certification for the second year is another testament to our continuous commitment to cybersecurity,” said Christian Morin, CSO at Genetec Inc.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions, announces that Security Centre Omnicast™, its video management system (VMS), has received the UL 2900-2-3 Level 3 cybersecurity certification for the second year in a row. Genetec is currently the only VMS vendor in the world to have achieved this certification. The UL Cybersecurity Assurance Program (UL CAP) is a robust certification program that evaluates the security of network-connectable products and vendor processes. Physical security systems It features standardised, testable criteria from the UL 2900 series of cybersecurity standards for assessing software vulnerabilities and weaknesses in embedded products and systems. The UL 2900-2-3 Standard for Security and Life Safety Signalling Systems was created with three possible levels of certification, ranking with an increasing level of security for each tier, to specifically test physical security systems for cybersecurity robustness. Level 3, for which the Security Centre Omnicast™ VMS is certified, is the most advanced. It includes a series of checks including fuzz testing, code and binary analysis, vulnerability assessment, penetration testing, and risk management methodology validation. Cybersecurity certification program “As a global safety science leader, UL is dedicated to promoting safe environments. As part of that mission, the UL Cybersecurity Assurance Program is a robust cybersecurity certification program for network-connectable products, which has to be renewed every year,” said Chris Hasbrook, UL’s vice president and general manager, Building and Life Safety Technologies division. “As a vocal proponent of cybersecurity best practices for many years, we have always given fastidious attention to our own processes and operations. Being awarded this UL 2900-2-3 Level 3 Certification for the second year is another testament to our continuous commitment to cybersecurity,” said Christian Morin, CSO at Genetec Inc.
The first half of 2020 has been full of surprises, to say the least, and many of them directly impacted the physical security market. The COVID-19 pandemic created endless new challenges, and the physical security market has done our part to meet those challenges by adapting technology solutions such as thermal cameras and access control systems. In the second half of 2020, we can all hope for a return to normalcy, even if it is a “new normal.” In any case, technology will continue to play a big role. We asked this week’s Expert Panel Roundtable: Which technologies have the greatest potential to disrupt the security industry in the second half of 2020?
As security professionals and manufacturers prepare to participate in ISC West, the largest security industry trade show in the United States, Genetec, a technology provider of unified security, public safety, operations, and business intelligence solutions, is urging North American security directors to get ready for the European Union’s General Data Protection Regulation (GDPR). While the initiative is led by the European Union, the territorial scope of the GDPR is global. As of May 25, 2018, any business that is collecting or storing personally identifiable information (PII) of EU citizens (including surveillance video, cardholder information and activities tracked by an access control system, and license plate numbers captured by an automatic license plate recognition (ALPR) system) will be held accountable, regardless of where the organisation is based. This includes any business with offices, stores, warehouses, websites, employees or customers in the EU.Big multi-national retail chains to small and medium-sized businesses are seeking strategies for complaince across all their data collection processes Simple and cost-effective compliance Should a security breach occur that impacts personally identifiable information, companies will be mandated to report it within 72 hours. Failure to comply with these new regulations could result in up to 20 million Euros in penalties (US$25 million), or 4% of the company’s global annual turnover, whichever is higher. “With the deadline nearing, and heavy penalties looming, North American organisations, from big multi-national retail chains to small and medium-sized businesses, are seeking strategies that will make them compliant across all their data collection processes, as simply and cost-effectively as possible. At ISC West, we will be engaging our customers and partners in discussions about how to best achieve compliance,” said Christian Morin, VP Cloud Services and Chief Security Officer at Genetec. KiwiVision Privacy Protector module At ISC West, Genetec will showcase on-premises and SaaS end-to-end solutions that can help organisations achieve GDPR compliance with regards to processing operations of video surveillance data. As a trusted partner, Genetec can provide organisations with valuable insight into the extent of their GDPR obligations and on how best to design and develop their video, access control, and ALPR systems to meet compliance requirements. Of particular interest to ISC West attendees, will be the latest version of Security Centre which now comes with the KiwiVision Privacy Protector module, to enable organisations to automatically blur and mask video surveillance footage, and anonymise people to protect their privacy. Privacy Protector was recently certified for the fourth consecutive term with the European Privacy Seal (EuroPriSe), and is rated 'GDPR-ready'. Privacy Protector is the only privacy protecting video solution to hold this certification.
Hanwha Techwin America has announced that several of its WiseNet III and Wisenet Lite Series cameras have been certified on the Stratocast Cloud Integration for the Genetec Inc. cloud-based video-surveillance-as-a-service (VSaaS) solution. Building on the two companies’ already strong partnership, this seamless integration allows end users to benefit from the combined strengths of the Stratocast cloud-based video surveillance service and Hanwha’s WiseNet III and cost-effective WiseNet Lite cameras to deploy high-reliability video solutions without incurring the costs associated with on-premises storage, software updates and ongoing maintenance. The seamless integration allows end users to benefit from the combined strengths of the Stratocast cloud-based video surveillance service and Hanwha’s WiseNet cameras IP and cloud-based video security solution “Genetec is an industry leader in IP and cloud-based video security services, and the combination of WiseNet III and WiseNet Lite cameras with Stratocast VSaaS delivers increased ROI and reduced total cost of ownership,” said Tom Cook, Vice President of Sales, Hanwha Techwin America. “As a result, many smaller and medium-sized end users are able to deploy high-quality video surveillance systems that fit within their budgets.” "The video surveillance market is continuing to adapt and realise the advantages of cloud technology in IP security—for services like Stratocast, and ‘hybrid’ options for on-premises and cloud storage. End users are becoming much more comfortable with all of these solution choices,” said Christian Morin, Vice President of Cloud Services, Genetec Inc. “With growing adoption and comfort level in hosted cloud computing and storage, requests for VSaaS solutions are naturally increasing. Genetec and Hanwha are delivering this VSaaS and camera integration, so customers with a focus on the SMB market can benefit from an affordable, hassle-free and easy-to-use cloud-based solution that delivers enterprise-grade quality and reliability." WiseNet III Series cameras Featuring the most advanced functions from Samsung, the WiseNet III Series includes 1.3MP and 2MP cameras for exceptional high definition images. Designed to meet and exceed market needs, WiseNet III cameras set the standard for professional security systems. Delivering many of the same functions of the WiseNet III Series, WiseNet Lite cameras offer essential feature sets at an extremely competitive price point.
Users of Genetec Security Center will be able to automatically view live video and audio captured on an Edesix VideoBadge BWC Edesix, provider of body worn camera (BWC) solutions, has announced its relationship agreement with Genetec Inc. (Genetec), a provider of open-platform, unified IP security solutions at IFSEC 2016. The integration relationship will enable Edesix BWCs, and associated VideoManager software, to integrate seamlessly with Genetec™ Security Center, which will offer streamlined wearable security management, support and storage for city wide surveillance and law enforcement. Integration facilitates large-scale deployment and estate management Users of Security Center will be able to automatically view live video and audio captured on an Edesix VideoBadge BWC. Edesix’s Open API’s will also allow storage of high definition video, either in VideoManager or Security Center, for maximum flexibility and control of storage. Features currently found within the Edesix solution, such as RFID touch-assign, video encryption and evidence sharing, will be accessible through the Genetec system, allowing for effective large-scale deployment and estate management. Richie McBride, Managing Director at Edesix, commented: “Body Worn Video has become a key component within the security sector, providing a greater awareness and accountability of events for its users. However, we understand that a stand-alone system can be inefficient for larger security outfits, which is why we have worked closely with Genetec to integrate our Body Worn solution to Security Center.” “With the emergence of Body Worn Cameras, end-users will need to rely on a unified, open-architecture platform to manage, analyse and archive BWC video data,” said Christian Morin, Vice President of Cloud Services at Genetec Inc. “Genetec™ Security Center offers seamless integration, encryption and management of security data with the Edesix VideoBadge, removing the multiple silos of data that the security and law enforcement sectors currently have to deal with,” added Morin. VB-300 VideoBadge The VB-300 VideoBadge represents the first generation of WiFi enabled VideoBadges from Edesix. With a 150-degree horizontal field of view, day & night recording capability and integrated pre-record function, VB-300 VideoBadges are able to record secure, unrivalled footage of incidents. Edesix will be exhibiting at IFSEC 2016 from the 21st-23rd June, on booth C1530.
Genetec will discuss its hybrid-cloud solutions at the upcoming TechSolutions conference Genetec™, a leading provider of unified IP security solutions recently announced it will support the newly introduced Microsoft Cloud for Government. This new government-community cloud enables U.S. federal agencies and state and local governments to leverage Genetec cloud services, including Security Centre Cloud Archives, with the assurance that information stored in Azure Government meets the stringent security and compliance requirements of government agencies including FedRAMP and the Federal Bureau of Investigation Criminal Justice Information Service (CJIS). In November 2014, Genetec unveiled its new Hybrid Cloud Archiving Service, which takes advantage of Microsoft Azure to provide a highly flexible solution for organisations to easily scale the available storage capacity of their surveillance system, and eliminate the need to invest in additional servers. With the ability to continue leveraging their existing on premise storage equipment, this hybrid cloud service provides a cost-effective solution for U.S. public sector customers that need to extend their video retention period or implement off-site recording for complete redundancy of their local system. With compliance to FBI Criminal Justice Information Services (CJIS) policies, U.S law enforcement agencies will be able to leverage Azure Government to maintain recordings and data from their video surveillance systems. "Genetec is a leader in managing unified video surveillance systems for select U.S. government and law enforcement agencies and Microsoft is excited to partner with them to provide cloud storage that supports compliance with the FBI's CJIS Security Policy,” said Richard Zak, Director of Justice & Public Safety Solutions, Microsoft State & Local Government. "By working closely with Microsoft, we are able to immediately bring the benefits of the new Azure Government community cloud platform to our public sector customers" "By working closely with Microsoft, we are able to immediately bring the benefits of the new Azure Government community cloud platform to our public sector customers, giving them access to secure and highly flexible cloud-based services," comments Christian Morin, Vice President Cloud Services at Genetec. Christian Morin will discuss Genetec’s hybrid-cloud solutions, cloud archiving and partnership with Microsoft Azure and Microsoft Cloud for Government at the upcoming TechSec Solutions conference, February 3rd-4th at the Delray Beach Marriott near Ft-Lauderdale, FL. The panel session titled “Get off my cloud: key questions about cloud-based security systems” is scheduled for Tuesday, February 3rd at 11:00am.