Security by Design - Experts & Thought Leaders

Two of the pioneering physical security veterans, Ed Chandler and Jason Ouellette, have drafted a document, “What is PKOC,” to provide a detailed understanding of the Public Key Open Credential specification developed by the Physical Security interoperability Alliance (PSIA).  The PKOC specification has been gaining significant traction in the market and is now a beyond specification or idea, but a more secure and a real viable option for physical and mobile-based credentials. PKOC legacy credentials PKOC is not only one of the most secure credential choices, but it is also fully open, and the specification is freely available to everyone without members, fees, royalties, etc. This has made PKOC an attractive alternative to some of the legacy credentials where security, encryption, and cost have undermined their viability. Prior roles of Ed Chandler Ed Chandler is one of the most recognised consultants in the physical security industry Ed Chandler is one of the most recognised consultants in the physical security industry. He is the founder of Security by Design and is regarded as an expert in systems integration for access control.  Ed is routinely architecting security systems that span many countries. He is well-known as a futurist for the security industry, he has advised many of the manufacturers of large security infrastructure systems and constantly pushes the industry to grow and innovate. Review of the emerging PKOC specification Jason Ouellette has more than 30 years of experience in the physical security industry and is also the Chairman of the PSIA. Jason is a regular speaker on issues relating to credentials and is considered a thought pioneer on related technologies with experience in pioneering innovations for Johnson Controls formally and now for the ELATEC Group. The “What is PKOC?” document is structured to provide high-level one-page information and then allow them to drill into the more specific technical details if desired or needed. It provides a comprehensive review of the emerging PKOC specification.

The PSIA announced that two of its members actively supporting the PKOC specification will be speaking at the CONSULT 2024 Symposium. Since its inception, eight years ago, CONSULT has emerged as one of the premier and most unique events in the security industry. The symposium fills a largely unmet need in the security industry for manufacturers and consultants to interact with each other, to better understand security technologies, trends, and techniques as they impact security consultants, and to create an environment for the development of valuable relationships. Security by Design Ed founded Security by Design over 50 years ago and has built it into an international powerhouse Jason Ouellette, a 30-year veteran of the security industry and the Chairman of the PSIA will be joined by Ed Chandler, one of the most respected consultants in the industry.  Ed founded Security by Design over 50 years ago and has built it into an international powerhouse, serving an impressive list of enterprise customers. Latest development in PKOC “We look forward to having Ed Chandler and Jason Ouellette explain the latest development in PKOC at CONSULT 2024. Past years’ presentations have not only increased the understanding of PKOC, but have added to the enthusiasm behind it,” said Ray Coulombe, Founder and Managing Director of Security Specifiers, the sponsor of CONSULT 2024. “I envision that this year will be no different. Congratulations to PSIA for making PKOC a reality and valuable resource to the industry,” noted Coulombe. Commercial and security advantages At Consult, Jason and Ed will be providing participants an update on the PKOC specification, its capabilities and opportunities. “The session offers a chance to dig in to the details of PKOC: how it works, why it makes sense, how to specify it, what is available from the manufacturers to create a fully functional PKOC environment. We are looking forward to seeing all of you,” noted Chandler. PKOC creates truly secure and interoperable credentials. The commercial and security advantages of the asymmetric key based credential over traditional symmetric keys which they have been using for decades is finally attainable with the PKOC standard. A public key-based solution can not be underestimated in its value over traditional credential solutions. PKOC Bluetooth 3.0 specification The 3.0 spec features enhanced cryptography, which keeps all Bluetooth hardware The PSIA recently introduced the PKOC Bluetooth 3.0 specification at GSX 2024. The 3.0 spec features enhanced cryptography, which supports all Bluetooth hardware. In addition, the spec has been optimised to reduce the time it takes to authenticate. The PKOC specification leverages the concept of PKI without the need for the typical complex, expensive identity Infrastructure necessary for PKI. Private-public key handshake PKOC uses the device itself to generate the private & public key pair (known as Keygen) enabling the private-public key handshake to authenticate the credential. The beauty of PKOC is that the private key never leaves the device, and the public key becomes the “badge #” which can be easily shared with any system or device used to control access.  With PKOC the USER literally “owns” the encryption keys and does not require any complicated process for managing or sharing keys. Furthermore, PKOC enables you to “Bring Your Own Credential” (BYOC).

A new large scale social housing complex, developed by Metroman Ltd, has joined forces with Videx UK to install a state-of-the-art door entry system for its residents. The London based development is split into 11 apartment blocks - Anika House and Jasleen Court - and fitted with Videx’s flagship VX2200 door entry system along with Videx MiAccess access control and hands-free video monitors. Suitable entry system Installer Dave Abrams, who owns DA & Son, was asked to recommend a suitable entry system that not only provided first rate security but was also easy for residents to use and convenient too. As well as meeting residents’ needs, the system also had to meet specific regulations, including Secured by Design (SBD), a police initiative for designing out crime to improve the safety and security of where people live. SBD’s product-based accreditation scheme - the Police Preferred Specification - provides a recognised standard for all security products that can deter and reduce crime. The Videx VX2200 system is one product that has the accreditation. Convenient door entry The VX2200 panel is also fitted with Videx’s standalone offline proximity system The VX2200 panel is also fitted with Videx’s standalone offline proximity system, MiAccess which enables the use of remote management of the access control system including adding and removing access key fobs, for example if a fob stops working, needs replaced or a new user needs to be added, a visit to the development isn’t needed. Dave Abrams said: “I recommended the Videx VX2200 as I have installed the system several times before and it’s a great kit for secure and convenient door entry. Being SBD accredited also means that it’s a system that actively deters and reduces anti-social crime such as vandalism. Videx has a long-standing reputation of providing first class products with lifelong support. I know if there’s any issue with the system, it will be quickly and easily resolved through the Videx tech team. The post installation customer support really is second to none.” Maximum-security benefits The VX2200 is a preferred choice for a wide range of residential developments across the UK including social housing because of its ease of use and maximum-security benefits it provides. The VX2200 is a preferred choice for a wide range of residential developments It can cater for a wide range of buildings from 1-way systems to much larger systems that include up to 1,000 apartments making its flexibility a very attractive choice for secure and convenient entry on a large range of projects. Mabs Alam, Regional Sales Manager for London and South East at Videx UK, said: “Not only is the VX2200 a highly versatile entry system, it’s also accredited by Secured by Design, a key police initiative for designing out physical crime meaning it has been tested to the highest of security standards.” Ensuring maximum security “Because of the integrated MiAccess, residents simply need a programmed fob to gain access to their home and if they lose or misplace a fob, it can be reprogrammed remotely with another one easily and quickly by a management team.” “This means the system requires minimum maintenance and there’s no routine software upgrades needed either. What’s more there’s no moving parts, just the video handsets in each of the individual apartments. It’s such an easy to use and effective system and one of our most popular entry choices for residential developments in particular. The addition of MiAccess makes the system even more easy to use and maintain while ensuring maximum security.”

Close collaboration with customers has been a hallmark of the physical security industry for decades. And yet, less ability to collaborate face-to-face to discuss customer needs has been a consequence of the COVID-19 pandemic. “True innovation, which comes from close collaboration with customers, is more difficult to achieve remotely,” said Howard Johnson, President and COO, AMAG Technology, adding “Not being able to visit in person has not been helpful. Kurt John, Chief Cyber Security Officer at Siemens USA, adds “We need to plan intentionally with a strategic approach for collaboration and innovation.” Securing New Ground virtual conference Security experts from three manufacturers reflected on the impact of COVID-19 on the physical security industry Security experts from three manufacturers reflected on the impact of COVID-19 on the physical security industry at a ‘View from the Top’ session, during the Securing New Ground virtual conference, sponsored by the Security Industry Association. Their comments covered business practices during the pandemic and the outlook for technology innovation in response. “We had to pivot quickly on business models and create a cross-portfolio team task force to discuss how we can leverage technologies to help customers [during the pandemic],” said John, adding “We are having outcome-based conversations with customers about their businesses and operations, and how we can combine short-term benefits with long-term growth and flexibility.” But some of those conversations are happening from a distance. Results-oriented approach in remote work environment After the pandemic took hold, Siemens shifted rapidly to remote work and embraced other infrastructure changes. “We had to refocus and lead with empathy, flexibility and trust,” said John, adding “We gave our staff flexibility to set their hours and used a results-oriented approach.” There is also a social element missing in the work-from-home model. “Virtual coffee machines do not replace being there in person,” said Pierre Racz, President and CEO, Genetec, adding “Small talk about the weather is important psychological elements.” Positives in using multi-factor identity management He predicts that, in the future, office hours may be reduced, but not floor space, with space needed for in-person collaboration and long-term social distancing. Employees will come to the office to do collaborative work, but can work from home to accomplish individual tasks that may be ‘deferred’ to after-hours, when the kids have been fed. When the pandemic hit, Genetec had resumed 95% of their operations within 36 hours, thanks to their use of multi-factor identity management. They did not suffer from malware and phishing issues. “Multi-factor is really important so that well-engineered phishing campaigns are not successful,” said Pierre Racz. Shift to ‘Zero Trust’ model All three panelists noted a coming skills gap relating both cyber security and systems integration Remote working technologies are shifting to a ‘zero trust’ model, in which access to systems is granted adaptively based on contextual awareness of authorised user patterns based on identity, time, and device posture. For example, an office computer might have more leeway than a home computer and a computer at Starbucks would be even less trusted. The approach increases logical access security while providing users their choice of devices and apps. Skills gap in cyber security and systems integration A growing skills gap has continued throughout the pandemic. “Where we have vacancies, we have struggled to find candidates,” said Howard Johnson. All three panelists noted a coming skills gap relating both cyber security and systems integration. New technologies will clearly require new skills that may currently be rare in the workforce. Cyber security will become even more important with growth in new technologies such as AI, machine learning, 5G and edge computing. A workforce development plan is needed to address the technologies and to enable companies to pivot to new business needs, said John. Adoption of temperature sensing solutions From a technology viewpoint, Johnson has seen attention shift to the reception area and portal, away from touch technologies and embracing temperature sensing as a new element. There have also been new requests for video and audio at the portal point, to create methods of access and egress that do not require security personnel to be present. “Some customers are early adopters, and others are waiting for the market to mature before investing,” Howard Johnson said. “Security companies have been faced with the need to respond rapidly to their customers’ needs during the pandemic, but without seeming like ‘ambulance chasers’,” said Pierre Racz. In the case of Genetec, the company offered new system capabilities, such as a 'contamination report', to existing customers for free. Move to a hybrid and flexible work environment In the new normal, the pendulum will swing back to the middle with more flexibility and a hybrid approach" An immediate impact of the pandemic has been a reduction in required office space, as more employees have worked from home, raising questions about future demand for office space. “The pendulum tends to swing to the extremes,” said Kurt John, adding “In the new normal, the pendulum will swing back to the middle with more flexibility and a hybrid approach.” “Users will be much more careful about letting people into their space, which requires more policies and procedures,” said Lorna Chandler, CEO, Security by Design, who participated in a panel at Securing New Ground about how the pandemic is changing commercial architecture and access control. “Users should also be careful in the rush to secure premises from COVID-19 that they don’t violate HIPAA laws or create other potential liabilities,” adds Chandler. Continuum of mechanical and electromechanical devices Mark Duato, Executive Vice President, Aftermarket, ASSA ABLOY Opening Solutions, said a “Continuum of mechanical and electromechanical devices is needed to protect premises and ensure convenient operation of an access control operation.” “First and foremost, the immediate reaction to the impact of COVID-19 is to rush to educate and invest in technologies to increase the ability to analyse people,” said Duato, who also participated in the access control panel. Shift to touchless, frictionless access control “The move to touchless, frictionless access control “is really a collaboration of people, process and technology,” said Valerie Currin, President and Managing Director, Boon Edam Inc., adding “And all three elements need to come together. Touchless and frictionless have been in our market for decades, and they’re only going to become heightened and grow. We’re seeing our business pivot to serve markets we have not served in the past." More and more data is a feature of new systems, but is only helpful when it is analysed. “We all live in a world of data, or IoT and sensor technology,” said ASSA ABLOY’s Mark Duato, adding “But we don’t want to be crushed by data. Data is only helpful when you can reduce it to functional benefits that will help us innovate. We have to take the time to squeeze the value out of data.”