Articles by Ian Lowe
The unprecedented global impact of COVID-19 has taken its toll on all of us, but as cases of the virus thankfully recede, employers are now forced to confront how they can enable a safe return to work for employees. For many employers, this means they will have to carry out a COVID-19 risk assessment, redesign workspaces to maintain social distances, carry out more frequent cleaning, manage the transmission risk and find alternatives to touch-based security devices. Protecting workplace occupants in any emergency requires preparation and clear communication. This is especially critical in a health crisis involving an infectious disease. These are some of the essential best practices that could help organisations reduce the impact on their employees and operations during this pandemic. 1. Use a visitor management system With a visitor management system, organisations have a single source of real-time and historical insights into who is, or was recently, in the workplace. This is especially important because of the need to perform contact tracing should anyone in the organisation show symptoms of COVID-19, meaning everyone they have been in contact with needs to be contacted and asked to isolate. Yet still, first impressions are made at the front desk or lobby, where the visitor experience needs to be a positive one. At the same time, though, any emergency event requires that there be strict control over who is entering the workplace. This policy also needs to be clearly communicated to visitors. Doing this minimises risk to visitors as well as the workforce. In addition to delivering a high-quality visitor experience, the ideal visitor management system must: Enable organisations to meet regulatory compliance mandates and facilitate check-in at a self-service kiosk to minimise wait times. Customise the visitor experience to support specific security needs, such as accelerating and simplifying check-in or requiring additional security pre-checks. Automate compliance as it relates to visitor access rules with historical visit reports. 2. Pre-check questions at visitor registration kiosks Organisations can strengthen security at the registration kiosk using a flexible, enterprise-grade visitor management system to add visitor sign-in steps. This has proven successful in the past when used to control the spread of infectious disease during an outbreak. An example of this is a U.S. children's hospital which managed to reduce facility infection rates by 25 percent over a two-year period using a commercial, off-the-shelf physical identity and access management (PIAM) solution from HID Global. The solution provides two particularly important capabilities that can be used by organisations to protect their workplace from the uncontrolled spread of an infectious disease: Enhance visitor registration policy with additional mandatory questions to help identify any visitors who may need other screenings. Extend the visitor registration kiosk with a mandatory pop-up asking further questions during visitor check-in. 3. Understand who has visited your workplace Successful controlling the spread of infection throughout a facility requires the ability to automatically maintain an auditable trail of activity. This can be done using an enterprise-grade visitor management system that makes it easy to retrieve historical visit reports. This provides a timeline of who was in the workplace, and when they were there. Key features include: A single dashboard providing useful visitor insights at your fingertips. Historical reports that provide visitor details including location and contact information, all in compliance with General Data Protection Regulation (GDPR) and other privacy regulations. 4. Clearly communicate how infection risks can be reduced Global organisations must actively communicate with visitors and employees on the outbreak of infectious diseases and follow best practices outlined by the World Health Organization (WHO). Here are several things organisations can do in this area to help maintain a safe and healthy workplace: Re-enforce and communicate WHO best practices with guideline posters in the front lobby and throughout the workplace. Add posters that also encourage regular and thorough washing of hands. Encourage everyone to cough or sneese into their shirt sleeve in their flexed elbow or cover their mouth and nose with a tissue. Encourage everyone to keep a relatively safe distance from each other and use alternatives to handshakes when saying hello. Organisations must contend with a variety of workplace challenges during the outbreak of an infectious disease. These challenges can be solved with best practices that include a comprehensive visitor management system that automates critical check-in policies and maintains an auditable trail of visitor activity.
Secure payment card technology at the point of sale and a strong authentication are effective defences against data security threats Data security is one of the top concerns to a retailer’s reputation and its customers’ privacy. The fall-out can be catastrophic, and organisations must understand the threat and take all necessary steps to protect their assets and customers. The challenge has become more complex with the explosive growth in mobile device usage throughout the retail enterprise and on the store floor, including notebooks, tablets and smartphones that increase vulnerability to ever-evolving threats. An effective defence against these threats requires numerous elements, including more secure payment card technology at the point of sale (POS), strong authentication that balances security with a convenient user experience, and a layered security strategy in the enterprise IT infrastructure that ensures appropriate risk mitigation levels when and where required. Securing retail payment operations – magstripe vs. EMV cards In its 2015 Global State of Information Security Survey (GSISS), consulting firm PwC reported that “... assaults on major retailers reached epic levels in the past year, resulting in the theft of hundreds of millions of customer payment card records, a rash of litigation, and a rush to adopt a new payment card standard in the U.S.” There are numerous threats to large retail payment operations. One of the most glaring is the use of magstripe payment cards at the point of sale. Magstripes contain a static card-verification value (CVV) that is easily intercepted by malware-infected POS systems and cloned with cheap readers. In contrast, Europay Mastercard Visa (EMV) cards store all payment information in a secure chip, use issuer-specific personalisation keys, and authenticate using cryptographic standards. They also replace the magstripe’s static CVV code with a dynamic security code that cannot be used to create a counterfeit card. With widespread adoption around the world, EMV cards are now making their way to the U.S. Seven in 10 respondents to a survey by HID Global said increased mobile use by employees and customers significantly or moderately raised their risk profile Multi-factor authentication systems for data security Moving deeper into enterprise operations, another big security risk arises from the reliance on simple passwords. When hackers steal an employee’s user name and password, they can then often move through the network undetected and upload malware programs to a retailer’s POS system, where it has been relatively easy to steal/capture card data and create cloned payment cards. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows (passwords.) There should be at least one other authentication factor, such as something the user has (i.e., a computer logon token) and/or is (i.e., a biometric or behaviour-metric solution). Layered IT security strategy for real-time threat detection Retailers also expose themselves to risk when they don’t employ a layered IT security strategy. Best practices start with authenticating the user, then authenticating the device, protecting the browser and application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an anti-virus solution, provides the highest possible security against today’s threats. To make this strategy work, however, user authentication must not only move beyond passwords, it also must be as convenient as possible while simultaneously addressing the threats posed by mobile devices. Now, with the advent of a mobile “tap-in” strong authentication model, retailers can solve the mobile security challenge while providing a faster and more seamless and convenient authentication solution than possible with dedicated hardware, one-time passwords (OTPs), display cards and other physical devices. If tap-in authentication is used responsibly with secured mobile devices, they can access everything from inventory control to payment systems, with a simple tap of their ID card Maximising retail security with policies & best practices for mobile device usage Mobile devices have become one of the most dangerous security assault vectors. HID Global recently released a study it commissioned on the increased security risks of escalating mobility usage. In this survey of 140 registered members of the TechTarget Web communities for IT professionals, 87 percent said they have Bring Your Own Device (BYOD) policies but only 54 percent said this policy is formalised, with the rest using an ad hoc mix of user-driven practices and a loose collaboration between users and the IT team. Seven in 10 respondents in HID Global’s survey said increased mobile use by employees and customers significantly or moderately raised their risk profile. It was noted that many users brought jailbroken phones into the workplace, leaving IT staff with the struggle to ensure security with best practices are in place - or perhaps any security at all. These issues are echoed in a PwC GSISS survey, which discovered that 29 percent of retailers experienced security threats as a result of mobile devices – but only 51 percent have a dedicated mobile security strategy in place. The report said this challenge is further compounded by the jump in BYOD policies which – if unmonitored – pose further threats to corporate networks. It is critical, then, that mobile devices be used in a secure manner, which can only happen if security does not preclude a convenient user experience. Mobile users seek to maximise their productivity wherever they are, and this is especially true on a busy retail floor. Any security procedure that hampers this productivity makes mobility less useful or, worse, might be bypassed, leading to dangerous security exposure. Effective retail security solution - tap-in authentication This all changes with the tap-in authentication model. With tap-in authentication, retailers improve service and enhance security by enabling sales staff and other employees to access the information they need by tapping a smart card to their laptop, tablet, smartphone or other Near Field Communications (NFC)-based mobile device. With this approach, users can access everything from inventory control to payment systems, directly from the store floor, all with a simple tap of their ID card. A PwC GSISS survey discovered that 29% of retailers experienced security threats as a result of mobile devices – but only 51% have a dedicated mobile security strategy in place Tap-in authentication makes it easier for retail and other organisations to secure corporate cloud applications, data and servers without having to issue passwords or tokens every time someone needs to access the network. At the same time, the user experience is also improved – employees can get the information they need from the mobile device of their choice, using the same smart card that opens doors. Using tap authentication is a simple, three-step process. First, open a browser on the device, and type the URL to the desired application. Next, enter a corporate username and password. Finally, tap the access control card to the back of the mobile device or tablet to provide the second authentication factor. After the card has been tapped to one of these devices to authenticate to a network, the OTP is no longer usable. There are no additional tokens to deploy and manage, and users have only one item to carry – their smart card – and no longer need to remember or type a complex password. Retailers will continue to face increasing security challenges. The solution is a combination of more secure payment card technology, a layered enterprise security strategy, and secure user authentication solutions that embrace the convenience of mobility while eliminating its threats. With the latest tap-in authentication solutions, the same card or badge that opens doors for authorised users can be tapped to the mobile device of their choice for secure access to cloud applications, data and web services, without having to remember or type in passwords or codes.
Applications that reside in the cloud offer enterprises previously unavailable levels of agility, productivity and vital flexibility – all at a crucially lower cost than ever before. However, with many enterprise cloud deployments now successfully up and running, plus the integration of the Bring-Your-Own-Device (BYOD) culture into the workplace, the complex issue of data security and access control have leapt to the fore. Ian Lowe, Senior Product Marketing Manager, Identity Assurance, HID Global, explains that more and more organisations are still falling short of sufficiently extending their 'best practice' security policy to encompass their now sprawling corporate network. With data now living on the wrong side of conventional internal defences in cloud-based server farms, the ground has shifted and a one-size-fits-all approach to data protection is not sufficient. As such, it has become more critical than ever to hone in on the linchpin challenge of secure identity management. Traditionally, enterprises have focused on securing the network perimeter, and relied on static passwords to authenticate users internally, within the firewall. However, taking into account the multifarious nature of present-day threats – from Advanced Persistent Threats (APTs) to the internal risk the mass adoption of BYOD brings – it represents a considerable leap of faith to place complete trust in a singular perimeter defence. Moreover, the simple static password comes with its own challenges. For example, employees may lock themselves out of critical applications if they forget them or, more worryingly, they may reuse their passwords from personal web services for corporate applications. Intrinsic to cloud and mobile working practice, and further complicating security, is the diversity of the user population. To date, much of the security discussion has focused on securing the cloud-platform, but as enterprises continue to move applications into the cloud and take advantage of the Software as a Service (SaaS) model, it is increasingly important that enterprises resolve the challenges around provisioning and revoking user identities across their cloud-based applications, while also delivering secure, frictionless user login to those applications. As such, enterprises need to have an adaptive authentication solution in place that not only serves to manage users – based on their behaviour and risk profile – but also crucially addresses where sensitive data lives and considers the way in which users access information. Cloud and mobile security is complicated by user population diversity Two-factor authentication As a first step, enterprises should start by extending two-factor authentication measures beyond the brick and mortar locations of ‘the office’ to also cover cloud-hosted data and apps. Best practice already requires using strong authentication to secure remote access to corporate networks – therefore, enterprises must extend two-factor authentication to also cover cloud-hosted data and apps. Two-factor authentication measures have typically been confined to physical devices like one-time password (OTP) tokens and display cards, but thanks to a variety of technological advancements these are being replaced by ‘soft tokens’ that can be held directly on the user device such as a mobile phone or tablet, or alternatively as browser-based tokens. While OTPs have proved quite popular as an additional layer of security, users have found hardware OTPs and display cards for two-factor authentication to be inconvenient. As such, replacing the token with a soft token presents an obvious solution. These contactless OTPs operate in the same way as physical tokens, generating random passwords which cannot be re-used – and thus guessed. Given that the user typically accesses the corporate cloud application from a web browser or application on a mobile device, a multi-factor solution such as tokenless authentication with single sign-on begins by identifying the device in use. It does so by consulting the configurable device criteria that is pre-set by the organisation, and then assigns a risk score to the specific transaction. The organisation itself can therefore tailor the level of security based on the risk associated with specific types of transactions, and providing the device or transaction is verified as secure, the cloud application is enabled and the user begins their session. However, should the transaction not pass, the authentication solution can prompt users to further validate who they say they are by sending an SM, asking additional security questions or continuing authentication using a software token that is installed on a mobile device, reducing hardware and maintenance costs. This leap forward in technology provides greater security and better control of the cloud-based tools in use by employees, enabling organisations to take advantage of the substantial cost savings often associated with cloud technologies, without a bump in security costs to support it. Accessing cloud based applications on personal devises - challenges No single authentication method is going to address the diverse requirements for multiple devices and scenarios in today’s mobile enterprise Unsurprisingly, as BYOD continues to grow, many of these cloud based applications are being accessed from personal devices, bringing additional challenges. When tackling the issue of the multitude of devices in use in the workplace, whether employee-owned or corporate-issued by the organisation itself, implementing a secure ‘zoning’ policy creates an encrypted zone contained inside a personal device, allowing corporate data to reside separately to the rest of the device in use. This serves to establish a clear partition between personal and business information. By clearly demarcating the data available, ‘zoning’ data enables employees to securely and efficiently access the corporate information available through cloud applications without frustrating them or decreasing productivity through laborious authentication processes. Ultimately, it is important for enterprises to adopt a layered approach to security, recognising that no single authentication method is going to address the diverse requirements for multiple devices and scenarios in today’s mobile enterprise. Fortunately, the latest technologies ensure enterprises can continue to leverage their preferred two-factor authentication credential anytime anywhere, even when the highest levels of identity assurance and security are required. For example, the enterprise could combine risk-based authentication techniques with standard two-factor authentication tokens to help eliminate the risk of token sharing. How does this work? It’s simple really. The first time an employee registers their token for use, the authentication solution will take a fingerprint of the end-point device they are using. The next time the person uses their token for access, the authentication solution will conduct a check on the token and the end-point device and if both elements are validated it will allow access; if something is amiss the authentication solution can make a risk based decision to either allow access by asking for another authentication factor, such as an out of band SMS one time code, or deny access. This layered approach best addresses the evolving needs of corporate data protection and identity assurance.
Sooner or later (hopefully sooner), the novel coronavirus global pandemic will allow workplaces to reopen. But as we move into this recovery phase, there are many questions surrounding the transition. How can companies ensure facilities are in acceptable working order to reopen? How do they decide who is coming back and when? How will social distancing impact the operation of a company’s physical access control system? How can companies ensure that both visitors and employees are aware of the policy changes and extra controls? For answers to these and other salient questions, we called on Ian Lowe, Product Marketing Director of HID SAFE Identity and Access Management (IAM) solutions. “There’s no doubt about it: the global pandemic will change the way we live, work, and conduct business for some time,” says Lowe. “Over the past several weeks, we have been working with customers to enable a safe return to the workplace. We have observed that the number of challenges in the mid-to-long-term level and the associated complexity vary by location.” Lowe shares some of the proactive measures and best practices that can assist in a safe return to the workplace as we settle into a “new normal”. Challenge 1: Ensuring building readiness After being unoccupied for weeks or months, building readiness must be addressed completely before welcoming anyone inside. Even though employees may be eager to return, the workplace itself may not be ready. Companies may want to consider continuing remote work while facility operations are prepped. Challenge 2: workforce management There’s no doubt about it: the global pandemic will change the way we live, work, and conduct business for some time While it is dependent on location and industry, taking a phased approach is the best course of action when allowing employees, contractors and visitors back into facilities. First, facilities management will want to survey the property for readiness and then provide an estimate as to when employees may begin reporting back into the office. Next, it’s important to consider that office density needs are interrelated to the facility architecture. It is possible to accommodate a higher capacity of workforce in an airy, open office space than in a constrained one. A good rule of thumb is to start by introducing no more than 30% of employees back into the workplace at first. This could be a rolling group model in which the population total remains controlled and constant, but specific individuals vary from day to day. This option is good for a workforce that needs to be together in person but not necessarily all at the same time due to office density concerns. Welcoming visitors or customers into the office should be delayed as long as possible. If that’s not feasible, visitor numbers should be factored into the total density count. A cloud-based visitor management system can help with implementation. Challenge 3: Controlling access The ability to vet staff, employees, contractors and visitors before and during the return will vary greatly depending on the location. Policies should be implemented that require employees to be screened regularly — and for an extended amount of time. Look to answer the following questions: Where have you visited in the days since last entering the workplace? Have you come into contact with anyone else who has recently visited high-risk areas? Have you shown any symptoms of infection in the past xx number of days? Policies should be implemented that require employees to be screened regularly — and for an extended amount of time If there is cause for concern, refuse the visitor and/or supplement the screening process with additional steps. Temperature checking is mandatory in many organisations— often multiple times a day. This applies to interactions at delivery bays, too. A policy-based physical identity and access management solution integrated with existing physical access controls makes it possible to enforce, monitor and report this type of activity. Challenge 4: Social distancing and contact tracing plan Social distancing may continue within the office, which will impact restrictions and guidelines related to access control. The office layout may be reworked for proper distance between cubicles, workplace positions and employees. Specific entrances, exits and pathways may be designated as one-way-only. Assigning Bluetooth LE beacons to employees once they are inside the workplace will allow companies to monitor proximity to others and measure localised density in real-time by using location services, contact tracing, and surge response technologies. Challenge 5: Reduced physical touchpoints Contactless technologies can help enforce social distancing and reduce touchpoints on common surfaces Reducing the number of physical touchpoints is desirable throughout a workplace. Contactless technologies can help enforce social distancing and reduce touchpoints on common surfaces such as faucets, doorknobs, coffee pot handles, etc. While introducing additional security checks and screenings, it’s important to not increase touchpoints and further infection risks. There have been more requests for a contactless experience to secure workplace access, including automatic doors and turnstiles, contactless cards and mobile access. Challenge 6: Communicating for confidence Proactive communication is key to provide reassurance that appropriate safety measures have been taken and that both visitors and employees are aware of the policy changes and extra controls. Equally important is to communicate a policy change – and the reasoning behind it – before it happens. While there may not be an exact expiration date on these new policies, ensuring that impacted individuals will have a safer experience is universally appreciated.
HID Global, a global provider of trusted identity solutions, will showcase its portfolio of solutions that power trusted identities in HID booth #11063 at next week’s ISC West in Las Vegas. The company will also present in several Security Industry Association (SIA) educational sessions and local community events during the conference. HID Global collaborates with Mission 500 HID is participating in a number of charitable events within the Las Vegas community in partnership with Mission 500, a non-profit organisation that works closely with the security industry to provide aid to children and families living in poverty across the US. On Wednesday, April 11, HID will work with the organisation to assemble 500 Hygiene Care Packs that will be donated to the Children’s Health Fund. HID is also an Event Sponsor for the Mission 500 Security 5K Run and 2K Walk taking place on Thursday morning, April 12. All proceeds generated by the race will be contributed to Mission 500. HID presents on the connected workplace, mobility and secure access control systems: Wednesday, April 11, from 9:45-10:45 AM: Ian Lowe, Director of Product Marketing, Enterprise Physical Access Control, will present ‘How Advanced IoT Technology Can Create the Connected Workplace of the Future’ in Sands 304, Level 1. Thursday, April 12, from 2:30-3:30 PM: Matt Barnette, President of Mercury Security, part of HID Global, will host a panel discussion, ‘How to Deploy a Cyber 'Hardened' Access Control System for Enhanced Security’ in Sands 302, Level 1. Panel participants include Bill Bozeman, President and CEO of PSA Security Network, and Sal D'Agostino, Founder and CEO of IDmachines. Thursday, April 12, 2018, from 11:00 AM-12:00 PM: Neil Fallon, Manager, Government Sales Identity & Access Management, will participate in the ‘Using a Mobile Device as a Multipurpose Credential’ panel discussion in Sands 307 Level 1. Live demonstrations in HID Global booth Visit the HID Global booth #11063 at the Sans Expo and Convention Center for live demonstrations of the company’s solutions and services that address specific needs for issuing, authenticating, managing and monitoring trusted identities. HID will also feature partner solutions that represent a broad spectrum of applications and capabilities that are powered by HID technology.
HID Global, a worldwide provider of trusted identity solutions, is driving the connected workplace with new HID Location Services for workplace optimisation capabilities that help ensure the safety of building occupants, facilitate compliance and increase operational efficiencies. The company has added robust features to its HID Location Services portal to help organisations better understand who is in a building at any given time. The latest converged credential incorporates access control and a location services Bluetooth Low Energy (BLE) beacon in a single smart card for a more intuitive user experience. Accurate real-time capabilities HID Location Services for workplace optimisation now powers more reports and dashboards “Highly regulated organisations need to have appropriate access policies in place for managing who enters and exits the building, as well as what areas and information resources they can access--for what reasons, and when,” said Ian Lowe, Director of Product Marketing, Enterprise Physical Access Control. “Traditional time-and-attendance solutions cannot accomplish this as efficiently as HID Location Services. Its precise real-time and proximity location capabilities are the reason why customers with stringent requirements are early adopters of our innovative IoT technology.” HID Location Services for workplace optimisation now powers more reports and dashboards that provide deeper and broader building visibility, including immediate insight into the total number of people in a building or on a particular floor. It enables customers, especially organisations that need to comply with health and safety regulations, the ability to achieve extremely accurate timing of entry and exit of employees and visitors. Enhanced visitor awareness The solution also enhances visitor awareness by making it possible to know where visitors are in a building with a simple click, while also providing historical information about where visitors and others have been in the building in the event of an emergency, security breach or theft. Millions of HID Location Services credentials and gateway IoT devices have been deployed for workplace optimisation To date, millions of HID Location Services credentials and gateway IoT devices have been deployed for workplace optimisation by some of the world’s pre-eminent financial institutions and healthcare organisations. In addition, oil & gas companies and multinational construction and development firms are using the solution to improve safety and the overall efficiency of their workplaces. Tech giants are also piloting HID Location Services based on its ease of use, low cost for deployment and accuracy. ISC West 2018 participation See it in action during ISC West at the Sands Expo and Convention Center in Las Vegas: Ian Lowe will present “How Advanced IoT Technology Can Create the Connected Workplace of the Future” on Wednesday, April 11, from 9:45-10:45 a.m. in Sands 304 Level 1. Visit HID booth #11063 from April 11-12 for live demonstrations of HID Location Services for workplace optimisation at ISC West.
The combination of HID and Microsoft solution will help customers make it easier for their users to access corporate cloud applications HID Global®, a worldwide leader in secure identity solutions, recently announced that it is collaborating with Microsoft to make enhanced cloud app security as simple and convenient as tapping a smart card to a laptop, tablet, smartphone and other NFC-based mobile devices. HID Global hosted a webinar on mobile user authentication and how HID Global’s new solution, ActivID® Tap Authentication, can benefit users of Office 365 and other cloud-based applications in their daily work. The two companies will jointly host part two of the public webinar series later this year. This will build on the foundational meetings with key Microsoft ISVs at Microsoft WPC in Orlando that took place earlier this year. A new level of security-enhanced convenience industry “We are excited about our collaboration with Microsoft and the potential to take the industry to a new level of security-enhanced convenience and simplicity,” said Ian Lowe, senior manager of product marketing, Identity Assurance with HID Global. “Retailers will be able to use ActivID Tap Authentication to more easily access inventory control and payment systems from the store floor. Healthcare professionals and enterprise users who often log-in 20 or more times daily can now replace complex passwords with a more simple and security-enhanced tap-in experience. We continue to explore many new opportunities with Microsoft to bring ActivID Tap Authentication to a growing range of users and applications.” “Microsoft is excited to be collaborating with HID Global to offer our mutual customers a great new option when accessing Office 365 and other cloud apps and web-based services,” said Jen Field, Senior Program Manager with Microsoft. “The combination of HID Global’s ActivID Tap Authentication solution and Microsoft’s Active Directory Federated Services (ADFS) will help our retail and other customers make it easier for their users to access corporate cloud applications, data and services anywhere, at any time, from the mobile device of their choice, with the same smart card they use to open doors.” Introduced in April, ActivID Tap Authentication for Microsoft is powered by Seos® and tightly integrated with Windows Server 2012 R2 Active Directory Federation Services and the HID Global Authentication Cloud Service. It supports Microsoft Windows 7 laptops and desktops, Android™-based tablets and other mobile devices via NFC.
Automatic vehicle identification: State of the industry 2020Download
How analytics engines mitigate risk, ensure compliance and reduce costDownload
11 considerations for embedded system RFID readersDownload