Articles by Don Campbell
At the end of last year, we anticipated that data gathering and analysis would continue to be a strong trend, and that certainly proved to be the case in 2016. More and more organisations are seeing the value of the intelligence provided by diverse systems’ data. The number and variety of networked systems and devices – both security and non-security – continued to grow steadily in the last year, and the data these disparate sources create has proven highly useful in identifying statistical patterns and trends that may indicate the likelihood of incidents occurring. More data leads to more complete intelligence, allowing organisations to more easily identify threats or business opportunities, make more informed decisions and create better outcomes in general. Another key trend we anticipated in 2016 was the growth of security as a critical component in an organisation. This also proved to be the case in the last year, as the role of security teams continued to take on more relevance related to overall operations. This has largely been possible thanks to the ready availability of strong tools and solutions that allow security departments to lower costs, increase compliance and reduce the risk of insider threat. Identifying insider threats Increased adoption of predictive analysis to identify potential threats and opportunities will continue to be a strong trend in 2017, as will the transformation of security from reactive cost centre to proactive business partner. Additionally, the coming year will see even greater emphasis on the convergence of physical and cyber security, which should come as no surprise given the ever-increasing number and sophistication of cyberattacks we have seen in recent months. Nearly every organisation’s business strategy includes the critical need to secure networks and digital assets with technologies that apply intelligence to their infrastructures to detect vulnerabilities and improve network security. While these are vital measures, they overlook the role of physical security in protecting digital assets. Consider that many data breaches are actually perpetrated by individuals from within an organisation who are authorised to access sensitive areas of networks or facilities. Many other data breaches are the result of physical break-ins to steal a laptop or backup server. Organisations are beginning to understand the need for strong physical security and identity management to complement cybersecurity programmes. In considering solutions to bridge the gap between the two, many find that the most effective practices are those that include physical and logical security working in tandem to thwart data breaches from inside and outside of an organisation. There is still a long way to go in making organisations aware of this reality, but we anticipate that education will expand awareness in the coming year. Mobile PIAM solutions offer the ability to connect systems that use mobile devices, access control and offline locks Increasing mobile capability Another key trend in the security industry for the last several years is mobile capability, which will see even broader and deeper adoption and integration in 2017. A main area of growth will be mobile PIAM (physical identity and access management), which allows organisations to extend their infrastructure to areas that may otherwise be difficult or time-consuming to secure. These include locations such as outdoor or temporary venues, where deploying a traditional solution would be cost-prohibitive and where identity is often verified by consulting physical lists and checking photo IDs. Mobile PIAM solutions offer the ability to connect systems that use mobile devices, access control and offline locks to deliver strong identity authentication, allowing organisations to more easily control access and extend control wherever there is a need. Given the flexibility, ease of use, effectiveness and cost savings these mobile PIAM solutions, will likely see steady growth in terms of both maturity and adoption in the coming year. Closing out another strong year Following up on a strong 2015, Quantum Secure experienced another high-growth year in 2016. Since becoming part of HID Global in 2015, we have seen a rise in the volume and range of opportunities to deploy SAFE software solutions. Most notable was Quantum Secure’s involvement in the recent International Sporting Event held in Rio de Janeiro, Brazil, where SAFE Sports and Events Manager was deployed to manage and track the identities of approximately 500,000 credentialed individuals to reduce the risk of unauthorised intrusions and prevent potential threats. Using a mobile app, security staff were able to quickly and effectively validate individuals by simply swiping their credentials on handheld peripherals, while also performing an on-site visual verification via a workstation and/or mobile device. Quantum Secure has led the way in software for identity management, compliance and access provisioning within physical security infrastructures, and we will continue our tradition of innovation in 2017 and beyond. We are continually looking to expand our SAFE portfolio to deliver solutions that simply physical identity and access management and generate actionable intelligence that can identify and eliminate potential risk for growing number of vertical markets and applications. See the full coverage of 2016/2017 Review and Forecast articles here Save Save
Access levels of individuals based on their roles can be cross compared with their normal access patterns, it is also useful to look for anomalies in device behaviour Threats to an organisation’s physical and logical security are increasing in number and financial impact, according to several recent surveys. To combat this problem, security and IT professionals are fighting back with system upgrades and software solutions including advanced analytics. Using the analytics software, management is better able to answer the “what” questions related to their security infrastructure. Unfortunately, without also answering the “why” question, the analysis can result in an outcome where operations are managed by assumptions rather than measurable facts. Contextual analytics Contextual analytics can help answer the why questions – and provide a deeper understanding of threat and operational efficiencies -- by making sense out of the “what”, derived from mountains of data generated by multiple authoritative and security systems and devices. It does so by examining the three key indicators that define context for security decisions: access, process and behavioural changes. Within each of these factors are a number of red flags that contextual analysis can use to detect potential risks to an organisation. Predictive analysis solutions gather and correlate data from multiple sources, which is then analysed using a predictive engine to apply statistical algorithms and machine learning Understanding access patterns When we take a look at access, there are many areas within the spectrum that may give us a deeper understanding of what is happening at the site. For example, access levels of individuals based on their roles can be cross compared with their normal access patterns. It is also useful to look for anomalies in device behaviour. Additional sources of data to pull from for access may incorporate audits, including any indicators that may present a red flag. These include the same person requesting and approving an access request, delays in conducting an audit, expiration of training, failed or missing background checks or other data missing from prerequisites for access privileges. Any of these factors when looked at alone may not seem like a red flag, but once you begin to look at the data across multiple systems, you are able to get a better contextual landscape of typical and atypical access patterns. Automated tracking process This is an area that may seem difficult to accurately track and monitor and apply to this contextual based analysis. Here the key is to leverage technologies that help automate and track processes in a meaningful way across a global organisation. For example, contractors are a way of life for many organisations. While they may act like employees while on the premises, there are some clearly differentiated processes that must be followed before provisioning access for them. Contract companies must have the proper documentation on file, along with insurance requirements, training pre-requisites, and complete background checks. Depending on the industry, any violation in these policies and processes leads to costly fines and delays in work. Without an automated system tracking the efficiency of an organisation’s policies and processes, it would be extremely difficult to detect anomalous behaviours. Observing behavioural changes These indicators are equally challenging to properly track. Using security systems alone may not be enough to get a full view into behavioural changes. This is where organisations need to start looking at other key indicators of compromise with the ability to make note of changes of behaviour in a meaningful way. Perhaps the organisation’s policy is for security to alert HR of an employee’s unusual patterns of behaviour, thereby elevating the risk profile of individuals and monitoring their activity across an additional set of data points. To take it one step further, if individuals with an elevated risk score continue to access areas outside of their usual patterns, or if they begin accessing shared directories, printing more than normal or other anomalous behaviour, any one of these indicators can lead to an automated response from security with immediate action. This could include disabling their badge and/or access to IT infrastructure, dispatching security, or any other number of actions deemed appropriate given the severity of the situation. The key is to put actions into context so that it is possible to pull insights from the data. Organisations need to start looking at other key indicators of compromise with the ability to make note of changes of behaviour in a meaningful way Key to transforming security with predictive analysis Contextual analytics allows organisations to make more informed decisions based on facts and patterns rather than instinct, but it’s only half the solution. Predictive analytics solutions are the important other half and the key to transforming security into a context-based process. Predictive analysis solutions gather and correlate data from multiple sources, which is then analysed using a predictive engine to apply statistical algorithms and machine learning to make sense of the vast amount of data and generate reports and/or automated actions. This analysis looks for anomalies and potential areas of improvement (including operational efficiencies) to provide a baseline that is used to identify the likelihood of future outcomes based on historical observation. Identifying unexpected patterns and insider threat These patterns provide valuable contextual history, indicators of compromise and risk analysis to increase the accuracy of the statistical findings many organisations already employ. As an added benefit, predictive analysis solutions are capable of learning and improving over time, meaning they are often capable of identifying patterns that may never have been expected and most likely wouldn’t have been uncovered without that level of contextual analysis. Contextual and predictive analytics are proving to be vital in the fight against insider threat, which is an increasingly prevalent security concern for organisations Contextual and predictive analytics are proving to be vital in the fight against insider threat, which is an increasingly prevalent security concern for organisations. Given the complex psychology behind it, insider threat can be incredibly difficult to understand and predict. An event such as a bad performance review, a missed promotion or something similar may be the trigger that precedes an insider breach, and therefore can serve as an indicator. Tracking effective policies and safeguarding organisation These solutions can also identify and forecast which policies are effectively enforced and which are ineffective within the current systems. For instance, the number of visitors who enter a facility during specific time periods, the time it takes to process those visitors and how that affects wait-time can be combined to measure the effectiveness of lobby staffing levels. Whether the organisation is a large multi-national enterprise with a complex business structure or an SMB, contextual and predictive analysis of logical and physical data can help identify red flags and potentially save the organisation from financial and reputation losses.
PIAM solutions ensure that credentials are onboarded to all the right systems The number of credentials people are carrying is on the rise. At any given time, an individual may be carrying badges, cards or other ID devices for their office, the gym, public transit and more, not to mention credit cards and government-issued identification. The more credentials people carry, the greater the challenge of managing and tracking these credentials poses, and the more likely that they will be lost, stolen or misused. The way organisations handle lost badges contributes to the high number of active credentials. When an individual’s card or badge is reported as misplaced, they are typically issued an inexpensive credential that is meant to be active only until the original badge is found. If it is not found, and has not been deactivated, there are two active credentials associated with that particular identity. Smartphones as mobile credentials Utilising smartphones as credentials greatly reduces the probability of this happening. Given the key role they play in everyday life, people are likely to notice right away if they have lost their phone – and the mobile credentials it contains – and will quickly attempt to find it. Additionally, if a phone cannot be located, it is more likely to be (correctly) reported as lost and deactivated almost immediately. Additionally, the ability to network phones allows security to better control and manage identities in a single location, enabling stronger reporting, easier management and greater clarity into how credentials are being used. PIAM benefits The use of smartphones as mobile credentials is greatly facilitated with the adoption of a Physical Identity Access Management (PIAM) solution. With the ability to tie together multiple disparate security and non-security systems into a single platform, PIAM solutions ensure that credentials are onboarded to all the right systems, including access control, mobile, human resources and other disparate networked security and non-security systems. PIAM solutions streamline the processes of issuing or reissuing credentials to make sure lost badges are deactivated immediately. Policy updates and changes can be automated to maintain consistency and reduce time and effort required. Organisations can capture and monitor data relating to how badges are used, to reduce badge sharing and other misuse. This misuse is further reduced since it is far less likely that an individual will loan or share mobile phone credentials than a redundant or temporary badge. Because the solution also captures data from access control and other systems, the organisation can apply predictive analysis to mobile devices to provide that larger picture necessary to ensure better management of identities and control of access. PIAM solutions streamline the processes of issuing or reissuing credentialsfor lost badges, and monitor for credential sharing PIAM with predictive analysis capabilities With PIAM, any and all assets are associated to one identity record. Meaning, even though John Doe has a mobile credential and a badge, the two will be associated with his single identity within the system. Should both credentials be used in different locations simultaneously, predictive analysis can determine whether this is an acceptable occurrence based on a job change, special project or other factor – or if it is an anomaly that must be investigated and/or mitigated. In this case, the system can automatically deactivate both identities and alert management, security staff and other appropriate parties. The quick response this enables will reduce the organisation’s overall risk posture while still providing excellent customer service and providing end users with the mobile capabilities they desire. We live in a mobile world and have come to expect mobile capabilities in virtually every facet of life. Access control is no exception, as the day is coming when mobile credentials will become standard for many organisations. To date, the challenges of mobile access control have limited its adoption but that is no longer the case thanks to PIAM solutions with predictive analysis capabilities. When deployed through a PIAM platform, mobility is brought to a higher level of intelligence by provisioning access based on each individual identity and the person’s authority and access privileges within the organisation. By extending predictive analysis from enterprise systems to mobile devices, organisations gain improved management and greater control and awareness of credentials, resulting in stronger security and significantly reduced risk.
The Internet of Things (IoT) raises many new issues for security professionals. Attendees who register for ‘The Pros and Cons of the Internet of Things’ seminar at ISC West 2017 will come away with insights on new developments in networked solutions for the security industry and how they are impacting today’s systems. The assembled panel of thought leaders, representing nearly every category within the industry, will discuss the ins and outs of networking technologies and cybersecurity, as well as the role of the IoT for professional security applications. Armed with the best practices these experts will provide, security professionals will be well-equipped to provide their customers with even greater value from their security solutions. The seminar will be moderated by Ron Hawkins, Manager of Special Projects and Partnerships, Security Industry Association Efficient data security “New surveillance and security technologies are capturing volumes of information with greater detail and efficiency than ever before,” said Tom Cook, Senior Vice President of Sales, Hanwha Techwin America. “Video surveillance technology is a prime example, with new image capture devices delivering unprecedented levels of performance and intelligence that makes them invaluable for business applications that transcend traditional security.” The seminar will be moderated by Ron Hawkins, Manager of Special Projects and Partnerships, Security Industry Association (SIA). Panelists include Ronnie Pennington, National Sales Engineer, Altronix Corporation; Rick Caruthers, Executive Vice President, Galaxy Control Systems; Tom Cook, Senior Vice President, Sales, Hanwha Techwin America; Chris Camejo, Director of Product Management – Threat Intelligence, NTT Security; Ken LaMarca, Vice President, Sales and Marketing, OnSSI; Don Campbell, Vice President, Products, Quantum Secure; and Bud Broomhead, Chief Executive Officer, Viakoo.
Campbell will continue to drive growth and momentum of Quantum secure's PIAM solution Quantum Secure, a provider of enterprise software to manage and streamline security identities, compliance and analytics across disparate physical security systems, has promoted Don Campbell to Vice President, Product. Campbell had served as the Company’s Director of Product Management since 2014, playing a key role in driving the momentum of Quantum Secure’s Physical Security and Access Management (PIAM) software. Track record of success “Don has been integral to building awareness of the value of PIAM within the industry and driving Quantum Secure’s rapid growth over the last two years,” said Ajay Jain, Quantum Secure’s President and CEO. “In his new role, Don will leverage his experience and track record of success to continue his work in expanding the widespread acceptance of our SAFE Predictive Security Software.” Prior to joining Quantum Secure in 2014, Campbell pioneered some of the first PSIM products to arrive on the Market, first at VistaScape, sold to Siemens in 2006, and later at VidSys where he was Vice President of Product Management. He began his career as an officer in the U.S. Marine Corps, where he led a 13-member team whose responsibilities included managing a 35-building network. Campbell earned a B.S. in Electrical Engineering from Duke University and is one of three inventors of a patented method for surveillance system peering. Quantum Secure growth The biggest development for the company in 2015 was its acquisition by HID Global, a provider of secure identity solutions Campbell’s promotion follows Quantum Secure’s earlier announcement that 2015 was the best year in the company’s history, spurred by the introduction of new technologies, record sales levels, strong partnerships and significant growth in a number of key vertical markets. The biggest development for the company in 2015 was its acquisition by HID Global, a provider of secure identity solutions. With its SAFE software managing more than 5.5 million identities worldwide, Quantum Secure is now the largest PIAM software vendor in the world. “As a market leader and creator in the PIAM space, Quantum Secure is ideally positioned for continued growth, and for more than two years I have enjoyed being part of the overall value proposition of addressing corporate physical security risk and compliance initiatives,” Campbell said. “As Vice President, Product, I look forward to continuing to help drive growth of our SAFE software suite’s ability to provide tangible results and ROI for customers by effectively managing the lifecycle of physical identities and compliance across security infrastructure.”
Chip Epps and Daniel Bailin will present on “Enabling Compliance for Physical and Cyber Security in Mobile Devices” HID Global®, a worldwide leader in secure identity solutions, recently announced that company executives will conduct workshops and present across a range of topics at next week’s ISC West and the Connected Security Expo in Las Vegas from April 6-8, 2016: Speakers for the ISC West workshops Chip Epps, Vice President, Product Marketing, IAM Solutions with HID Global and Daniel Bailin, Director of Strategic Innovation with HID Global will conduct workshops on “The Future of Physical Access in a Digital World” on Tuesday, April 5 from 1:30 to 3:00p.m. and 3:30 to 5:00 p.m. in room 307. Don Campbell, Director of Product Management, Quantum Secure, will present “End-to End Best Practices in Systems Integration” on Wednesday, April 6 from 11:15 a.m. to 12:15 p.m. in room 309. Vik Ghai, Chief Technology Officer, Quantum Secure, will present “Are Physical and Virtual Doors Now the Same” on Thursday, April 7 from 2:30 to 3:15 p.m. in Casanova 603. Vik Ghai with Quantum Secure will present “Making Sense of Security Without Data Demarcation” on Thursday, April 7 from 10:45 to 11:30 a.m. in Casanova 601. Chip Epps and Daniel Bailin will present on “Enabling Compliance for Physical and Cyber Security in Mobile Devices” on Thursday, April 7 from 11:15 a.m. to 12:15 p.m. in room 307. Live demonstrations of HID Global solutions Visit HID Global in booth #11063 for demonstrations of the company’s broad solutions for creating managing and using secure identities.
The seminar will deliver insights and ideas on seamless integration and improved functionality in networked systems Attendees who register for the End to End Best Practices in System Integration seminar at ISC West 2016 are sure to come away with new insights and ideas on how they can better ensure delivery of seamless integration and improved functionality in networked systems. Impact of the Internet of Things The seminar panel, composed of some of the industry’s best and brightest, will discuss best practices and product protocols that can ease integration and provide new, and improved cross-functional capabilities. The relationships between various systems will be examined with insight about how they can each be more effective when combined. “The Internet of Things and how it impacts system integrations for professional security system applications is surely one of the hottest trends being discussed across our industry,” said Alan Forman, President, Altronix Corporation. “This presentation will help resellers get a good sense of how the IoT is impacting our industry, and what is involved in meeting new challenges as more advanced integration technologies continue to enter the marketplace.” Expert panellists The seminar will be moderated by Ron Hawkins, Manager of Special Projects and Partnerships, Security Industry Association (SIA). Panellists include Don Campbell, Director of Product, Quantum Secure; Rick Caruthers, Executive Vice President, Galaxy Control Systems; Mark Clifton, President, Products and Solutions Division, and Vice President, SRI International; Tom Cook, Vice President, Sales, Hanwha Techwin America; Ken LaMarca, Vice President, Sales and Marketing, OnSSI; Ronnie Pennington, National Sales Engineer, Altronix Corporation; and Dale Tesch, Director of Professional Services, NTT Com Security. The seminar is scheduled to take place on Wednesday, April 6, 2016 from 11:15 am to 12:15 pm.
Campbell will deliver a presentation on growing trend toward proactive risk & threat identification Quantum Secure, part of HID Global, a worldwide leader in secure identity solutions, recently announced that Don Campbell, Quantum Secure’s Director of Product Management, will take part in two informational sessions to be held at IFSEC International 2015, which takes place from June 16-18 at London ExCel. At 2 p.m. on Tuesday, June 16, Campbell will be part of a panel discussion titled “State of the Nation – Current & Evolving Security Threats.” He will be joined by James Kelly, Chief Executive of the British Security Industry Association, and Jim Swift, Head of Security Engineering for consulting firm BB7. Benefits of Big Data Analytics in Security – Helping Proactivity & Value Creation Following the panel discussion, at 4 p.m. Campbell will deliver a presentation titled “Benefits of Big Data Analytics in Security – Helping Proactivity and Value Creation”. During this educational session, Campbell will discuss the growing trend toward proactive risk and threat identification and the benefits of analysing the virtual mountains of data available from multiple disparate systems to generate valuable security intelligence. This session will take place in the Keynote & Convergence Theatre. “In today’s world, the necessary data organisations need to improve security, identify threats and streamline policies, processes and overall operations is available; it’s just a matter of collecting and analysing that data to discover potential risks,” Campbell said. “By connecting the dots between identities and security and other systems, predictive analysis has the power to turn raw data generated by multiple systems into actionable intelligence that allows organisations to initiate preventative action and thwart potential incidents, transforming security departments into proactive enterprise resources.” SAFE product line analyses identity & security data With its SAFE Predictive Security Software, the latest addition to its SAFE Security Intelligence Portfolio, Quantum Secure continues to set new benchmarks in predictive analysis solutions and physical identity and access management (PIAM) solutions. The SAFE product line analyses identity and security data and applies both operational and risk-based analytics to provide a clear understanding of security operations and risks. To further support analysis, SAFE Predictive Security includes automated, actionable responses which can help reduce costs, reduce insider threat and enhance compliance. Quantum Secure’s SAFE Security Intelligence Portfolio provides web-based solutions that detail an executive-level, graphical dashboard view of a global physical security infrastructure. In addition to SAFE Predictive Security, the portfolio also includes SAFE Security Reporter 5.0, which provides real-time monitoring and event correlation of physical security activities and a custom report creation wizard.