Veracity CCTV Storage System / HDD

The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced approach to data security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The importance of data-at-rest encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring drives to be Common Criteria compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing an additional layer of security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries in need of data-at-rest encryption Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing every hardware and software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.

The use of facial recognition has become a highly debated topic recently, and has increasingly and misleadingly been criticised by some for being an unethical tool used to spy on the public. The reason for such criticism is however largely due to lack of information and regulation around the technology. Used proportionately and responsibly, facial recognition can and should be a force for good. It has the ability to do a lot more to increase security in the future – from street crime to airport security, all the way through to helping those battling addiction, the technology can take security and operations to new heights. The rise in knife crime Knife crime has dominated the headlines in the UK throughout the year. Recent statistics show the number of people being admitted to emergency care due to attacks by a sharp object to be up by nearly 40 per cent from two years ago, whilst the number of children under the age of 18 being admitted to hospitals with stab wounds is up by 86 per cent in only four years. This recent surge in knife crime has put police forces under immense pressure, and the intelligent use of facial recognition has a role to play in enabling more informed stop & search interventions. Currently UK police can stop and search an individual they suspect to be carrying drugs or weapons or both, or they can stop and search a person in a location where there have been or are considered likely to be “incidents involving serious violence.” In both cases they must do so with access to limited information, leaving themselves open to accusations of bias or discrimination. Knife crime dominated the headlines in the UK throughout 2018 Police systems benefiting crime investigations This is where facial recognition can offer up additional intelligence. These systems can memorise the faces of persons of interest, networks of gang members, wanted criminals and those suspected of involvement in serious violent crimes. Furthermore, these systems don’t need prior personal engagement to recognise an individual and see only data, not gender, age or race.  The technology doesn’t take the decision away from the human police officer. However, it does bring greater transparency and context to the decision-making process of whether a stop and search intervention is justified.  Similarly, the advanced technology can recognise and match an individual seen on a CCTV camera at a crime scene to someone the police encounters on the streets some time later, justifying a stop and search on that individual. Its ability to check in real time if a person is on a criminal watchlist adds an extra layer to the decision-making process prior to conducting a stop and search, lowering the likelihood of discrimination. Facial recognition thus helps eliminate both weapons and criminals off the streets and potentially prevent crimes before they have a chance to take place. Gambling addiction and how facial recognition can help There are an estimated 593,000 people in the UK currently battling a gambling problem, making it a serious public health issue in the country. Having understood the gravity of the issue, the UK gambling commission have set limits and advice in place to help those suffering this addiction; yet as with all addictions, gambling is a tough habit to beat. In order to put effective limitations in place and make a real difference, the gambling commission needs the right technology to protect those most vulnerable in the industry.   Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers   Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers to a higher degree. Monitoring those entering and moving around gambling areas is an extremely difficult task for human staff to do alone, especially in large crowded areas such as casinos. Facial recognition technology installed around the premises would be able to help the company and the staff to identify people who have registered as gambling addicts, and keep record of their day’s play in order to inform staff if and when it was time for them to stop. It would also be able to ensure effective self-exclusion procedures, by identifying a self-excluded individual via CCTV as soon as they entered the venue to then allow security staff to respectfully escort them out. Utilising facial recognition at airport security Facial recognition has by now become a normal sight at many airports around the world. Several people today hold a so-called biometric passport, which allows them to skip the normally longer queues and instead walk through an automated ePassport control to proceed to the gate faster without having to deal with control officers. Facial recognition used in this way has managed to significantly cut waiting times at the passport control, but it also has the ability to enhance security in and around airports. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces Earlier this year, facial recognition technology managed to catch an imposter trying to enter the US at the Washington Dulles Airport. The false passport may have been uncaught by the human eye, yet due to the accuracy of the facial recognition technology it managed to help officers catch the imposter and bring him to justice. Facial recognition thus allows officers to identify an individual faster and more accurately than the human eye. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces, which have been collected from visas, passports and other sources.   Facial recognition allows officers to identify an individual faster and more accurately than the human eye Whilst some critics may worry about issues of privacy related to the technology, at airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-in and, in the future, even boarding proceedings. At airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-in If used correctly and proportionately, facial recognition can help safeguard the public and improve national security on several fronts. Whilst the many benefits of facial recognition are evident, the lack of regulation and understanding of the technology has led to misconception around how it works and what it is used for. Facial recognition technology can match faces in crowded public places against criminal watch lists, and register faces that match with those on criminal watch lists – whilst ignoring everyone else.

Terry Gold of D6 Research has been giving “cyber in physical security” presentations at a variety of conferences, including ISC West and the Cyber:Secured Forum. We caught up with him for some insights about the intersection of cybersecurity and physical security. Q: Tell us a little bit about your background, specifically in the context of its relevance to cyber security in physical access. Gold: I started out in information security and then got involved in physical security along the way. I started really focusing on physical from a cyber standpoint about 10 years ago. I got into ethical hacking about 8 years ago, and then worked on putting it all together. There wasn’t a roadmap, so I had to build a methodology which I now share with other hackers, end users and law enforcement. I spend all my time either in the lab building success models, methods, and testing them out in some of the largest customers or agencies in the world for validation and improvement. Also, a chunk of my time is spent re-engineering security assessment and controls for end users or validating vendors on their behalf from a unique viewpoint that’s not (yet) typical in the industry.  Q: How well prepared is physical security overall against cyber threats? Gold: Not well at all. While security is imperfect anywhere, much of the practices and designs have critical defects and overlook either best practice or fundamental application security principles. I’d say that the industry is very wide open for exploitation that doesn’t take much sophistication to execute. Breach disclosure laws are focused on mandatory reporting for personally identifiable information (PII)  Q: What things stand out to you along your journey regarding the changes that you are seeing on this topic? Gold: Culture. Over the years, the industry (and most end users) have been dismissive of my findings. Industry culture hasn’t been aligned to embrace the topic and make requisite improvements that are needed to achieve “good security.” However, I’m finally starting to see that change – quickly and at scale. It doesn’t mean that we’re close to “good,” but rather reached the inflection point of change – and I’m rather pleased about it.    Breach disclosure laws has resulted in IT getting a lot of media attention in comparison to hacks made against physical security    Q: D6 does a lot of research in this area. What is the analysis behind the recent push for cyber security in physical security? Gold: First, it must be recognised that the threat isn’t new, but rather that the industry is only now coming to the table on it. Industry sentiment has been that breaches in physical security don’t happen or that there’s little impact.It must be recognised that the threat isn’t new, but rather that the industry is only now coming to the table on it Both are false. Mainly, IT gets all the media attention with breaches for two reasons; 1) breach disclosure laws are focused on mandatory reporting for personally identifiable information (PII), and 2) there is really poor detection (mostly non-existent) against hacks in physical security, so they go unrecognised.  On the other side, as physical security systems increasingly resemble an IT architecture, so does their risk profile. As it expands to mobile, cloud, IOT and intelligence - InfoSec and auditors are taking a look and are alarmed at what they’re seeing. Before you know it, the scrutiny is cutting pretty deep, pressure for alignment becomes intense, and vendors feel the pinch on the sales cycles. It’s not a comfortable position for anyone.   Q: What will be the projected impact? Are practitioners seeing the whole picture? Gold: No, and this area is probably the most important takeaway of this interview. The industry is where InfoSec was about 15 years ago in their journey, except we have an additional headwind to deal with – culture change. This industry tends to rely more on trusted relationships than validating the recommendations are being provided. There are too many prevailing misconceptions, that unless remediated, investments won’t be as effective as expected.   Q: What do you believe are the top misconceptions? Gold: Well, this is a longer topic, but here’s a sampling that cuts across different areas.   Regarding hackers: A misconception is that they’re generally not interested. Hackers are increasingly very interested. When I teach a workshop at a hacker conference, it’s usually the quickest to fill up and go to wait list (within a couple hours). Regarding attacks: A misconception is that attacks are executed directly against the target system. Example, their goal is to get into VMS and attack it directly. The reality is that they’re more commonly dynamic where physical is part of a larger attack and its role is an easier gateway to another system (or vice versa, with many hops). Regarding protective measures. The most prevalent mistake that the industry is currently making is too much focus and reliance on air-gapping networks or locking ports. This is only a slice of the attack surface and there are various ways to get around it. There’s a heavy price to pay for those that that rely too much on this strategy since its often accompanied by few mechanisms to deal with actors once they do get in (and they definitely will). Regarding the value of exploiting physical security. Too often perceived as low value. In our white paper we review many of the things that hackers can do, what they gain, and how it can impact the overall organisation. It’s far broader and deeper than most.  Q: What are the top things that need to change in the industry? Gold: First, culture. This can be answered by adopting the same principles as InfoSec. From an execution standpoint, the industry needs to change how they perform risk assessments.At D6, we’ve developed a stepwise methodology from ground up and it’s a huge difference Industry practices, including certifications, are significantly outdated and don’t reflect a methodology that accurately considers cybersecurity, actors, methods, and proactive remedy. At D6, we’ve developed a stepwise methodology from ground up and it’s a huge difference. End users that don’t re-engineer their practice, will be very limited for meaningful cybersecurity improvement.  One of the changes needed in the industry includes how risk assessments are performed   Q: Generally, what advice do you give to clients on steps to move their cyber security to the next level?  Gold: Don’t operate like a silo anymore. Transition from industry “common practices” to best practices that can be validated. Rely less on previous relationships and more toward domain competence. Collaborate with the CISO to a principled, goal-oriented and metrics-based approach. Embed an InfoSec person on the physical team. Present priorities and risks jointly to the board within an overall risk portfolio. Invite scrutiny from auditors. Get a red team performed once a year. Until you do the last step, you don’t really know where you stand (but don’t do it until the other things are done). Last, set the bar higher with vendors to support these improvements or their products will just end up being weak link.  Q: What type of challenges do you see and any advice on how end user and integrators can overcome them? Lessons learned? Gold: There are too many specific domains across cybersecurity – it’s not just a network security resourceFeedback I get from integrators is that they’re struggling to figure out how to deliver expertise to their clients in their area. They’re somewhat overwhelmed with the complexity, becoming an expert or how expensive it is to hire and maintain those skilled resources. My best advice is not to do either. There are too many specific domains across cybersecurity – it’s not just a network security resource. Not even the large integrators have the right bench, and unfortunately, they’re just further down a doomed path than smaller integrators. Form a partnership with boutique cybersecurity firms that have multiple specialists. Negotiate rates, margins, scope, and call on them when needed. It won’t come out of your bottom line, the results will be better, and the risk will be extremely low. You’ll learn along the way too.   Q: Anything notable that your research is uncovering in this area that might not be on people’s radar yet? Gold: Yes, quite a bit. Our Annual Industry Assessment Report goes through every segment. We’re making pretty bold statements about the future and impact, but we’re confident. One thing that stands out is how intelligence (and the swath of subsets) will impose stringent demands on physical security due to attribute and data collection (for analysis) which will absolutely require privacy compliance, integrity, and controls. It will even shape organisations that might not care about cybersecurity but are prioritising function.  Q: Where can readers learn more about your perspectives on this topic? Gold: Blogs on the D6research.com website. Our annual report. Val Thomas of Securicon and D6 have collaborated on a three-part cybersecurity in physical white paper series. It goes into all of this in detail, as well as remedy.

To support the ongoing demand for its video data storage solutions and sophisticated integrated command and control systems, which serve the global video surveillance and security industry, Veracity UK Ltd has recruited Scott Harrison as Systems Sales Manager, focusing on new business opportunities in the UK. Right technology solution Welcoming Scott to the organisation, Alastair McLeod, Veracity’s CEO, says “We are delighted to have Scott joining our existing team of industry experts here at Veracity. With a successful career in our industry of over 25 years, primarily on integrated video management systems, Scott’s brings great knowledge and experience of understanding the security challenges and risks faced by customers, and how the right technology solution can help organisations manage and mitigate such risks.” Scott’s career, working within other major security industry groups including ADT and Honeywell, brings significant experience in developing systems through a hybrid approach, in combining old and new technologies onto a single cost-effective platform. Scott also brings his expertise in offering single site, multi-site, large networked systems and global system solutions to the Veracity group.

Revader Security has agreed a strategic partnership with Dynamic CCTV, a trade supplier of professional CCTV to the security industry. Revader Security’s range of products include Transit rapid redeployable cameras which are straightforward to install in virtually any location and can be rapidly repositioned to respond to changing security demands. Powered by battery or mains, footage can be viewed and downloaded over wireless and mobile networks. Remote monitoring solutions The company also produces a range of mobile power solutions (PowerPaks) and a range of accessories to interface with the redeployable CCTV products. Revader Security has also developed a range of diesel and battery powered rapid deployment CCTV towers which are proving increasingly popular with end users and the security trade as a rental opportunity. Dynamic CCTV will promote, supply and support Revader Security’s range of products As complete surveillance, recording and remote monitoring solutions, they are ideal for deployment into situations where little or no existing infrastructure is present. Dynamic CCTV will promote, supply and support Revader Security’s range of products with trade customers across the UK, drawing on over 25 years’ experience in the marketplace as one of the suppliers of CCTV to the security industry. Digital recording systems Dynamic CCTV is a Hikvision UK authorised distributor, providing the latest innovative CCTV equipment at very competitive pricing - including Digital Recording Systems, IP Cameras and CCTV monitoring equipment, along with products from other manufacturers such as TP-Link, GJD, Iiyama, TOA, Ubiquiti and Veracity. Stuart Caldecourt, Managing Director at Revader Security commented: “We are delighted to be partnering with Dynamic CCTV, who have an outstanding track record in the supply of professional CCTV products across the UK – and an impressive engineering and support capability proven over many years.”

A substantial focus of the security industry is on the selection and installation of security systems, and there is no doubt that this is a critical element of the process. However, in order to ensure that security systems such as access control, video surveillance, intrusion detection and panic alarms deliver on ‘game day’, an equal if not greater emphasis has to be put on the actions that are taken after the installers have closed the doors on the truck and driven away. This article covers some important issues that were covered at the 2019 International Association of Professional Security Consultants (IAPSC) annual conference in Miami, Florida, where Frank Pisciotta, CSC, Business Protection Specialists, Inc. and Michael Silva, CPP, Silva Consultants, facilitated a discussion among security professionals on the topic. Backwards compatibility in access control solutions David Barnard of RS2 security highlighted the importance of backwards compatibility in access control solutions David Barnard of RS2 Technologies LLC highlighted the importance of backwards compatibility in access control software solutions. Reputable manufacturers are constantly evolving software products and it is critical that software continues to work with all installed hardware or owners will find themselves purchasing equipment a second time, which is never good news. An example, a case study with a client where the video management software upgrades were not backwards compatible through the mobile app and a small manufacturing site was looking at a US$ 75,000 price tag to upgrade cameras to make them compatible with the ‘updated software’. Risks of failures in door hardware products Jim Primovic from ASSA ABLOY cautioned about the risks of failures in door hardware products resulting in a failure to attention to detail in the selection and, in particular, the installation process. He explained the importance of using certified installers to avoid operation problems. In light of constantly evolving software revisions, how often does one see any additional training provided to end users when software updates are released? Charles Johnson of Open Options raised this important point and it is an excellent one. As organisations think about structuring maintenance agreements, it might be wise to consider ongoing training to cover software updates and ensure that end users can continue to optimise the features and benefits of software revisions. Software Support Kim Kornmaier of Honeywell mentioned another element of security system lifecycle consideration, which is ‘Software Support’. Maintenance agreements are available and will likely be offered from every installer and come in a variety of flavours. However, care needs to be exercised to ensure that whatever services and support are included, in the scope of a maintenance agreement, have a clear correlation between service and software upgrades versus the fee charged. Software upgrades and system testing Maintenance agreements should be avoided that simply guarantee the free replacement of parts (which may or may not ever get used, even after you pay for it). Services that should be considered include software upgrades, system testing and replacement of consumable parts, like back up batteries. Another key issue ties directly to periodically measuring and ensuring the risk reduction results of security systems, for example, with an access control system, there are several actions recommended for system owners, including: Conduct periodic door and alarm testing - This presumes users have installed all of the necessary parts to enable alarm monitoring). These tests should include the mechanical testing of doors and confirming door-held-open-too-long and forced-door alarms are properly reporting to the alarm client. Importance of harnessing door alarming capacity Excessive door alarms are an indication of either a user or system problem Excessive door alarms are an indication of either a user or system problem or all alarms should be investigated to determine root cause and corrective action needed. Organisations who fail to harness door alarming capability are giving away up to 50 percent of the system's potential benefit. Ensuring the integrity of the access control database is of prime importance. The failure to manage this can lead to unauthorised access and serious security incidents. This can be achieved in a variety of ways, but in the majority of risk assessments they have conducted over the years, it is common to find separated employees and contractor records with active credentials in the database. Ways to mitigate this risk include: Integrating your access control database with active directory (works for employees, not so well for contractors); Utilising expiration dates on contractor credentials; Periodically manually auditing contractor and employee active badge reports for anomalies, which may indicate process weaknesses in the change management process; Utilising the ‘use it or lose it’ feature in many software programs that automatically disable a credential after a set period of non-use (e.g., 90 days); and Establishing processes to limit the removal of certain badges from the site (e.g., those issued to contractors or temporary employees). ‘First Card Unlock’ feature Irregular schedules, holidays and natural disasters can result in access vulnerability. For instance, if access-controlled doors at a site are programmed to open on a timer and something prevents persons from arriving at work (e.g., snowstorm), a site may be left exposed. A mitigation technique against this type of risk would be to employ a concept called ‘First Card Unlock’. Under this feature, a lobby entrance to an office, for instance, would not enter into an unlocked state, until the first authorised employee presented a card and entered the workplace. Changing holiday programming in security systems Holiday programming in some systems needs to be changed on an annual basis Holiday programming in some systems needs to be changed on an annual basis. Managing holidays in an access control system results in doors staying secure which would otherwise be unlocked on a normal business day. Similarly, intrusion detection, duress devices and video surveillance systems can let users down without the proper care and feeding. Examples would include: A panic device fails to communicate an emergency situation because it was not properly reset or the wiring has been damaged due to poor installation. Panic devices should be regularly tested and ideally the activation during testing should be by a person who would be required to use the device in an actual incident. The objective here is to build competency in the persons who may need to activate a device discretely. Similarly, intrusion detection systems should be carefully tested to ensure that all devices are properly reporting to the panel and that the panel is communicating properly to the central station. If there are redundant communications channels, each should be verified. In the same way someone would conduct audits of active credentials in an access control system, it is strongly recommended that users perform a similar review with PIN codes, which have been assigned and would allow for an unauthorised person to disarm a system. Utilising the failure-to-close feature to ensure that through collusion or negligence, if the last person out of a restricted area fails to arm the panel, the central station will notify a responsible party about the omission. Further, reviewing opening and closing reports might well detect inappropriate entries by authorised personnel which are indicative of suspicious or illegal activity. These features and reports will likely be at an additional cost, but they are important insurance to protect against insider threat. It is not uncommon to hear about an incident happening and during the investigation, the owner of the system discovers that the needed camera was not recording. Where video is not under routine observation, it is recommended to determine if your video management system can send an alarm in the event of video loss. This would allow for rapid remediation before the video loss is discovered in the course of an investigation. Avoiding degraded video quality over time In almost every case, degraded video quality is directly related to resource saturation With respect to video surveillance, as systems grow and evolve over the life of the system, organisations may experience degradation. Darren Giacomini of BCDVideo has studied this issue extensively and concludes that in many cases, installers or others are simply putting too many devices on a VLAN, which results in latency and other conflicts. Degraded video quality has a finite number of potential root causes. In almost every case, degraded video quality is directly related to resource saturation. The resources on a surveillance network consist of IP cameras, network switches, network uplinks, viewing stations, database management and archives. Resource depletions According to Giacomini, each of the resource shares a common thread. And, at the basic level, each of those items is nothing more than a purpose-built computer with limited CPU, memory and network capacity. When any of these resources exceed their capacity, the quality of service delivered will degrade. The following are common resource depletions that can degrade video quality and require a much deeper dive, but are included here as a starting point: IP camera CPU utilisation is in excess of 85 percent; CPU elevation in the decoder or workstation decoding the video; and Network congestion or CPU elevation in the network switch. Maintaining the integrity of archived video data Giacomini indicated that the majority of the time degraded video is associated with resource depletion Giacomini indicated that the majority of the time degraded video is associated with resource depletion in one of these key components. Investigation of the potential causes can save time and effort, and prevent a video management software application from unduly being blamed for poor performance during its lifecycle. Also, on the topic of video, John Kampfhenkel, Director of Technical Sales at Veracity discussed the challenges that organisations face when video management system storage is undersized and the need to carefully plan for video retention of existing recorded data when the video system has to be expanded. This can be a problem organisations face and when they do, it is best to involve a video storage expert to determine options, costs and potential legal requirements for maintaining the integrity of archived video data. Selecting the right security technology Dependent on the level and type of integration between various systems, another challenge may be to preserve the integration between the two systems. System owners will need to coordinate carefully with installer(s) to ensure that a software revision to one system will not result in a disruption to a software level integration. This type of integration may require a delay in being able to upgrade one or the other application software versions until the integration can again be certified. Selecting the right security technology is an important element of an organisation's security risk management. However, experts would argue that in terms of getting measurable results from technology, there needs to be a keen focus on sustaining activities after the installer closes the doors and drives away. By adhering to the consultant and manufacturers' guidance in this article, organisations can substantially reduce the risk to people, assets and information, and prevent criminal and terrorist incidents in the workplace.