Ping Identity, a provider of Identity Defined Security, announced that Kevin Sellers has joined the company's leadership team as the global chief marketing officer. Sellers leads all aspects of the company's marketing function, with a focus on accelerating expansion in the enterprise market and growing Ping's brand globally. An accomplished business leader with a strong track record of scaling global brands, Sellers brings more than 20 years of global marketing leadership experience in the te...
Ring, whose mission is to make neighborhoods safer, announced Ring for Business to provide business owners with the ability to protect their companies with Ring Alarm and Ring Video Doorbells and Security Cams the same way that homeowners have been doing for years. Small businesses are an integral part of our communities and, thanks to Ring, they now have access to smart, DIY security that’s free from long-term commitments, hidden fees and professional installation. With Ring for Business...
A video analytics system that provides ‘behavioural understanding’ can yield more meaningful and actionable data for a range of applications. In public safety and security, such a system can alert on violent or suspicious behaviours, such as people fighting, vandalism, people with weapons, etc. In advanced traffic surveillance and monitoring, it can provide alerts to vehicle collisions (accidents), traffic hazards or vehicle that aren’t using the road properly, such as a car...
Digital Defense, Inc. and The University of Texas at San Antonio (UTSA) Department of Computer Science jointly announced a partnership that will provide students and faculty with access to an award-winning cloud-based information security platform to further enrich the students’ cybersecurity education. UTSA students and faculty will be able to utilise Digital Defense’s flagship Frontline.Cloud platform to evaluate the security posture of applications, systems and networks in classr...
Most enterprises today deploy a multitude of touchpoints where consumers can interact and access the information they require. For many organisations, APIs (Application Programming Interfaces) are the bread-and-butter for enabling inter-enterprise process automation, IoT devices and mobile applications. Even though they are working behind the scenes, APIs are ubiquitous. They help to deliver sports updates, post online messages, order food – enabling everything online. To stay competitive...
Cobalt Iron Inc., a provider of cloud-based data protection, is simplifying the task of managing multiple storage and data protection technologies with the company's Adaptive Data Protection™ platform. Through automation, continual analytics-based optimisation, and orchestration of technologies and operations, the Cobalt Iron Adaptive Data Protection platform delivers a unified enterprise data protection experience. Cost-effectively leverage Vendors in the competitive storage and data p...
Niagara Networks, the Open Visibility Platform pioneer, and L7 Defense, a cutting-edge cyber security vendor, announces that they have formed a partnership to bring Zero Trust security to API communication running across an organisation’s network. The L7 Defense application runs directly on Niagara Networks Open Visibility Platform which provides it full access to network traffic. The Open Visibility Platform offers enterprises, for the first time, on-demand deep cyber defense into their visibility layer. Network performance monitoring Open Visibility Platform is the only solution to offer network visibility and agility Ammune™ API Defense by L7 Defense monitors and evaluates the risk of requests made through an API exchange regardless of their identity or source, establishing a dynamic Zero Trust model adapted to the transient nature of APIs and North-South or East-West traffic flows. The L7 Defense solution utilises unsupervised machine learning to determine anomalous behaviours within API communication. The Open Visibility Platform from Niagara Networks utilises its Packetron™ powered Network Packet Broker and hosts best-of-breed applications to create an intelligence-driven visibility layer. Open Visibility Platform is the only solution to offer network visibility and agility for security and network performance monitoring by marrying the best of switching fabric speed and functionality with scalable, high-end intelligent processing. Critical cyber security foundation This unique joint solution ensures full packet visibility integrated with L7 Defense, providing automated mitigation response against API-based vulnerabilities and ensuring a more efficient and simplified security infrastructure. Unprotected APIs have been an open loophole for attackers to gain a foothold in a network" “Unprotected APIs have been an open loophole for attackers to gain a foothold in a network and carry out an attack by having a conduit for undetected command and control communication, exfiltration or the use of the API for reconnaissance or lateral movement,” said Yisrael Gross, Co-Founder and Vice President of Business Development at L7 Defense. “This exciting partnership with Niagara Networks offers a critical cyber security foundation providing customers with a new level of visibility, transparency and management.” API-based applications Ammune’s API Defense involves three key capabilities: Discover - Auto-discovery of the web, mobile and API-based applications that provide the potential attacking surface for API attacks. Detect - Auto-detection of outliers in API behaviour using the Ammune multi-profile model, which is adapted to protect from the main attack-category threats. Defend - Ammune™ can be installed in-line for proactive responses or in a monitoring mode to alert security organisations to take action. “We are delighted to announce our strategic partnership with L7 Defense and help address a critical security gap,” said Yigal Amram, Vice President of Business Development and Sales Engineering at Niagara Networks. “L7 Defense joins a growing list of partners who see the new paradigm offered by our Open Visibility Platforms, to offer customers a new advanced and flexible security posture.”
Style, intelligence and robustness come together in the new SMARTair Knob Cylinder from ASSA ABLOY. Part of the SMARTair access control system, this intelligent device with integrated RFID reader is now more resistant to attack. It comes in elegant, contemporary finishes and colours, upgrading aesthetics and functionality in equal measure. It quickly upgrades almost any existing regular door to an access-controlled door — without any drilling. The new Knob Cylinder fits seamlessly and flexibly into a SMARTair system, providing advanced, user-friendly access management designed to make any workplace work better. If users need to monitor and control who goes where, and when, they need the new SMARTair Knob Cylinder. Works with SMARTair access management The Knob Cylinder is battery-powered and works with every SMARTair access management option, so users can choose between online (‘real-time’), offline, update-on-card and standalone management — or combine more than one system at the same site with the same software interface. Upgrading to the new Knob Cylinder is simple: just replace an existing mechanical cylinder with the new device Upgrading to the new Knob Cylinder is simple: just replace an existing mechanical cylinder with the new device. No complex installation or drilling stands between users and safe, reliable, flexible SMARTair access control. Glass, wooden or aluminium doors — Scandinavian, Euro and many other profiles — present no problem. SMARTair Openow mobile app The Knob Cylinder works with all standard proximity technologies, including MIFARE, DESFire and iCLASS, and also offers another new way to open the doors — with the SMARTair Openow mobile app. With Openow, users no longer carry separate credentials; just their smartphone with secure virtual keys stored inside. There’s no longer any need to collect or validate an access card to open authorised doors locked with the new SMARTair Knob Cylinder. With Openow, if users have their phone, they are already carrying their keys. Modern and mobile-ready, the SMARTair Knob Cylinder is built to make the building smarter. Its robust design, redefined aesthetics and easy installation are perfect for securing offices, business headquarters, conference and meeting rooms.
Mobile cybersecurity pioneer, Trustonic, announced that it has joined the PCI Security Standards Council (PCI SSC) as a new Participating Organisation. Trustonic will work with the PCI SSC to help secure payment data worldwide through the ongoing development and adoption of the PCI Security Standards. The PCI SSC leads a global, cross-industry effort to increase payment security by providing flexible, industry-driven and effective data security standards and programs. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process and preventing, detecting and mitigating criminal attacks and breaches. Improving payment security worldwide As a Participating Organisation, Trustonic adds its voice to the standards development process and will collaborate with a growing community of more than 800 Participating Organisations to improve payment security worldwide. Trustonic will also have the opportunity to recommend new initiatives for consideration to the PCI Security Standards Council and share cross-sector experiences and best practices at the annual PCI Community Meetings. PCI Security Standards and resources help organisations secure payment data and prevent, detect and mitigate attacks"“In an era of increasingly sophisticated attacks on systems, PCI Security Standards and resources help organisations secure payment data and prevent, detect and mitigate attacks that can lead to costly data breaches,” said Mauro Lance, Chief Operating Officer of the PCI Security Standards Council. “By joining as a Participating Organisation, Trustonic demonstrates they are playing an active part in improving payment security globally by helping drive awareness and adoption of PCI Security Standards.” Protecting payment apps, data from hackers “Standards are the foundations for cyber resilience and the delivery of simpler, richer and more secure payment services,” said Ben Cade, CEO of Trustonic. “Our technology has always been built on open standards, making it easier for financial services providers, developers and merchants to protect payment apps, data and IP from hackers and malware. “Using smartphones as contactless mPOS terminals is one of the most exciting and disruptive trends in the payment technology space, but it presents new security challenges that can only be adequately resolved with a Trusted User Interface (TUI) secured by a hardware-based Trusted Execution Environment. As leaders in mobile app protection, we are perfectly placed to support our partner banks and fintechs with insight into challenges like this and how PCI standards are working to address them.”
42Crunch, API security pioneer and creator of the industry’s first API Firewall, announces the latest release of its API security platform with full support for Kubernetes environments. This new solution allows organisations to easily automate API security across Kubernetes environments – enabling the zero-trust architecture needed to protect each microservice, and scale without risk. The rapid adoption of microservices architectures and Kubernetes lead to proliferation of APIs exposed by these microservices. Developers employ agile practices to quickly iterate on these microservices. Combined, these trends lead to hundreds if not thousands of rapidly changing APIs that modern enterprises often host and need to secure. Fully automated platform Traditional solutions such as Web Application Firewalls (WAF) and API Management tools rely on static rules and policies, and edge protection. While these solutions provide some security functionality within your environment, they still leave the individual microservices vulnerable to API attacks. 42Crunch extends security beyond the edge of the enterprise to each individual microservice Through a fully automated platform, 42Crunch extends security beyond the edge of the enterprise to each individual microservice, protecting them with an ultra-low latency micro API firewall that can be deployed at scale. 42Crunch API firewall is merely 20 MB in size and when deployed in sidecar proxy mode in Kubernetes pods enforces API security with sub-millisecond overhead. This eliminates the manual process of writing and maintaining individual API security policies, and enforces a zero-trust security architecture. Discover potential vulnerabilities “Since the initial launch of the 42Crunch API Security platform our customers have informed us that edge protection is no longer enough,” says Jacques Declas, CEO and founder of 42Crunch. “We are excited to make our Kubernetes-native API protection commercially available. Now the teams working on large numbers of microservices can be sure that each and every one of them automatically stays secure throughout its lifecycle.” In addition, 42Crunch’s unique approach integrates with companies’ DevSecOps pipeline and delivers automated API security across the whole API lifecycle: AUDIT: Run 200+ security audit tests of the OpenAPI specification definition with detailed security scoring to help developers define and strengthen API contract. SCAN: Scan live API endpoints to discover potential vulnerabilities and discrepancies of the API implementation against the API contract. PROTECT: Launch service to protect APIs and apply policies that can be deployed in our lightweight, low-latency micro API firewall. 42Crunch will be participating in RSA Asia Pacific & Japan 2019 as both an exhibitor and speaker. Join Matthieu Estrade, CTO, on Thursday for his talk: ‘API Security: Learning from the 20 Years of AppSec Failures,’ located in Orchid 4203. Visit the 42Crunch team at booth 1708 to learn more about how we can help you automate API security in your microservices environment.
Eagle Eye Networks, the provider of cloud video surveillance worldwide, announced a new partnership with Salto Systems, a global provider of access control systems. In the new and improved Salto KS application, the Eagle Eye Cloud VMS Surveillance product has been integrated via cloud to provide Salto KS customers a more cyber-secure video experience connected to access control events. Within the Salto KS mobile app, a user can confirm a person’s identity before remotely granting access to any door, and share the video footage with offsite, cloud back-up. These and other features delivered by the Salto KS / Eagle Eye Networks Cloud VMS integration, provide considerable benefits to end users in various verticals that need a seamless integration between video and access control. Additionally, the partnership showcases the continuous expansion within the Cloud ecosystem of security products manufacturers. Benefits of cloud integrations “It is great to be able to provide this integration with what we perceive is our twin in the industry for CCTV. Twins because our companies are almost the same age, we share the Cloud vision and both share core values like security, reliability and both sell and support through a global network." - Rick Voogt, MD SALTO KS. SALTO KS provides a flexible access control management system that requires no software to be installed Through secure, restful APIs, cloud integrations are superior to on-site integrations in terms of speed, security and the redundancy of valuable customer data. For system integrators, this new partnership enables valuable opportunities to gain stickier customer relationships with monthly recurring revenues on both video and access control products. Cloud-based wireless access control system SALTO KS provides a flexible access control management system that requires no software to be installed. The modern cloud-based, wireless access control system is simple to use and the configuration with an Eagle Eye Cloud VMS customer account can be quickly accomplished in a few easy steps with the appropriate Eagle Eye Networks’ customer account credentials. “We are pleased to work alongside Salto Systems globally to provide a better user experience for both end users and channel partners,” says Dean Drako, CEO and Founder of Eagle Eye Networks. “Cloud systems are rapidly becoming the better option in physical security and we are determined to continue leading the transformation with strong partnerships like this one with Salto Systems.”
NTT Security, the specialised security division and centre of excellence in security for NTT, announced that it has completed the acquisition of WhiteHat Security, an application security provider committed to securing applications that run enterprises’ businesses. The acquisition will strengthen NTT Security’s ability to address modern enterprise security needs that range from IT infrastructure to critical business applications, covering the full lifecycle of digital transformation. Importance of application security As part of the NTT Security family, we are well-equipped to provide global solutions"As part of the completed transaction, WhiteHat Security will continue to operate as an independent, wholly-owned subsidiary. NTT Security is one of 28 remarkable companies to be brought together to become a global leading technology services provider, NTT announced on 1st July 2019. Formed to work with organisations around the world, NTT enables its clients to shape and achieve outcomes through intelligent technology solutions and champions a more secure and connected future. “With the cyberthreat landscape constantly growing and applications being central to digital businesses, application security is more important now than ever before. As part of the NTT Security family, we are well-equipped to provide global solutions to meet the rising demand for application security,” said Craig Hinkley, CEO, WhiteHat Security. “The WhiteHat Security team looks forward to the next phase of our journey. Our customers, partners and the market continue to appreciate the strategic nature of this acquisition and the combined cybersecurity solutions we can now offer.” Cybersecurity solutions to protect businesses We look forward to formally welcoming the global WhiteHat Security team and its impressive customer-base to NTT Security"“At NTT Security, our goal is to provide comprehensive, game-changing cybersecurity solutions that address the broad needs of digital transformation. With the acquisition of WhiteHat Security, we are now able to offer the full spectrum of cybersecurity solutions to protect digital businesses,” said Matthew Gyde, CEO, NTT Security. “We look forward to formally welcoming the global WhiteHat Security team and its impressive customer-base to NTT Security.” Recent accolades for WhiteHat Security include being recognised as a Bronze Stevie Award winner in the Most Innovative Tech Company of the Year category for the 17th Annual American Business Awards; being named a finalist in the White Hat category of the inaugural Channel Partners Excellence in Digital Services Awards; receiving a 5-Star rating in CRN’s 2019 Partner Program Guide; and earning top recognition in three categories from Cyber Defense Magazine’s 2019 InfoSec Awards: Best Product, Web Application Security; Most Innovative, Software Security Tools; and Best Product, Application Security Testing.
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced approach to data security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The importance of data-at-rest encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring drives to be Common Criteria compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing an additional layer of security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries in need of data-at-rest encryption Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing every hardware and software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
As a security service provider with a rich history in manguarding, Allied Universal is launching a new technology platform to increase productivity and accountability of security officers and to transform guard service operations from an ‘observe and report’ mission to a ‘detect and respond’ function. Mark Mullison, Allied Universal’s Chief Information Officer (CIO), says the new Heliaus platform also uses artificial intelligence (AI) to analyse data, predict outcomes, and prescribe optimum responses. The platform includes a smart phone app that guides security officers to ensure post orders are followed and provides a ‘virtual’ coach or supervisor to guide security officers throughout the day. “The walls between technology and people need to come down in the future,” says Mullison. “We need an ecosystem in which people and technology can cooperate well and respond to threats and drive outcomes.” Real-time situational awareness Technology plays an increasing role in security and safety, but it will never replace humans"Heliaus is a step in that direction. It has two components – the mobile app used by security officers; and a cloud-based portal, like a command and control centre that compiles information from the app and other inputs and performs AI analysis of data. Heliaus is an add-on for Allied Universal customers and is offered for a per-device subscription fee of $199 per month. A customer company’s managers can also access the portal for data visualisation tools and real-time situational awareness, or to input data such as ‘approving’ an incident report or action. “Technology plays an increasing role in security and safety, but it will never replace humans,” says Mullison. “It will augment and enhance the workflow and make people more effective.” “We are focussing on delivering better outcomes for safety and security,” he adds. “The impacts are as broad and diverse as the clients we serve.” Customisation of forms enables the system to collect and use any information that was previously collected on paper. Monitoring and Response Center (MaRC) A system is effective only to the extent that it is used, and Allied Universal has engineered the user experience to make the mobile app easy – almost fun – to use, says Mullison. Elements of ‘gamification’ drive greater user adoption. “It is designed to support the work [security officers] do and make information collection a by-product of people doing their jobs.” The system brings together rich data, AI, location-aware workflow automation, and friendly user experience design Effective AI depends on data, and Heliaus pulls data from Allied Universal’s Monitoring and Response Center (MaRC), where a cloud server integrates the company’s managed security services, including access control, video surveillance and video analytics. It also incorporates current weather information and forecasts, and information specific to the industry segment. Additional data is generated as officers enter data through the mobile app. The system brings together rich data, AI, location-aware workflow automation, and friendly user experience design. It provides insight into the drivers of risk, makes recommendations about how to reduce incidents, and, through dynamic workflow automation, ensures that those recommendations are implemented. Location awareness is a combination of the global positioning system (GPS), Bluetooth beacons, and near-field communication (NFC) tags. Improves the accuracy of responses AI understands the data and applies reasoning capabilities to predict an outcome and prescribe a response“Information is organised to facilitate AI analysis. If you have the right knowledge representation then problem-solving is easy,” says Mullison, echoing a common principle of artificial intelligence. AI works to analyse data and make predictions and recommendations to guide responses by security personnel. AI understands the data and applies reasoning capabilities to predict an outcome and prescribe a response. The AI system also learns and improves the accuracy of responses with more data and over time. Responses come much faster than older ‘trial and error’ models of analysis. Another element of Heliaus is a ‘robust workflow engine’ that ensures recommendations are carried out, either by a security professional on site or by the client. Mullison says implementation of the system can result in a 20% reduction of security and safety incidents. Multiple applications of Heliaus Heliaus is already being used by some Allied Universal customers. For example, a major Hollywood production studio is using it to identify and address workplace hazards such as stray electrical cords, dripping water hoses, etc., across a 50-acre area. In the logistics sector, Heliaus is being used to facilitate checking delivery vehicles in and out of a truckyard A manufacturer created a custom compliance application using the platform to track more than 140 unique incident types, such as monitoring elevated temperature in a truck trailer or drivers without proper identification. In the logistics sector, Heliaus is being used to facilitate checking delivery vehicles in and out of a truckyard. The flexibility of the platform can enable expansion to incorporate other technologies in the future, too. For example, sources of data for the system could include robots, drones or various Internet of Things (IoT) sensors; or workflow engines could be used to dispatch a robot or drone to handle a situation (rather than a human).
Nexkey says its mission is to disrupt the access control market and ‘change the way people experience access to physical places’. The startup is embracing the latest buzzword for access control – frictionless – while also enabling electronic access control for doors currently protected by mechanical locks. The system is simple with only three components – a controller, an electronic replacement lock core, and a smart phone app. The ‘controller’, a combined reader and access control panel, is used to connect to existing electric strikes, mag locks, electronic push bars and other hardware components at the door. It also communicates via Bluetooth with a smart phone credential. Users approach a door, choose the door they want to open in the app, and wait for the app to say ‘unlocked’. Replacing key cards and fobs with app Access rights are customised for each user, and doors can be unlocked remotely to allow a delivery guy or guest to enterThe electronic ‘core’ device can be switched out with existing mechanical lock cores to provide electronic access control in locks such as deadbolts, mortise locks, Euro-cylinders, levers and camlocks. It is compatible with 95 percent of mechanical locks, using a changeable tail piece to adapt to various configurations. The core communicates via Bluetooth with a smart phone credential that links to a cloud system. Users approaching a door open the app, tap the core, and wait for the app to say ‘unlocked’. A Nexkey goal is to ‘replace all keys, key cards and fobs with one app’. The Nexkey app recognises which ‘key’ goes to which door and reveals the right key as you approach. ‘Keys’ are created and access rights are assigned from a smart phone, using email addresses and phone numbers to verify identity. Temporary codes can be texted for one-time entrance for cleaning crews or contractors. Access rights are customised for each user, and doors can be unlocked remotely to allow a delivery guy or guest to enter the building. The Nexkey Portal provides a snapshot of system operation, who enters which door at what time, and logs that can be reviewed and downloaded for audit reports. Affordable access control systems for SMBs Nexkey is targeting the small- and medium-sized business (SMB) market, basically companies with 20 to 500 employees, which are looking for access control systems that are affordable and easier to manage. The Nexkey controller costs $999, and the core is $499. Monthly fees start at $15 to $29 per month per door, but the prices go down as additional doors are added. Nexkey is targeting the SMB market, which are looking for access control systems that are affordable and easier to manage Larger enterprises tend to want out-of-the-box integration with alarm systems and video, which Nexkey does not offer, so SMB is their “sweet spot,” says Eric Trabold, CEO. There is an API (application programming interface) that integrates with third-party applications. According to Nexkey’s customer surveys, 30 percent of customers say they bought Nexkey to have a simpler access control credential (a smart phone instead of a key, card or fob). Another 30 percent favour simplified management and quick access through the app. Some 17 percent like the ‘unified’ experience to manage shared, single and multiple workspaces using smartphone credentialing and a cloud-based system. Involving security dealers and integrators Nexkey announced a ‘dealer program’ at the recent ISC West trade show in Las Vegas, and interest was highIn the early days, Nexkey looked to work directly with businesses to foster communication and to gain understanding of how the product can best be deployed. Having gained that insight, the ‘next level’ is to engage security dealers and systems integrators to install the system, says Trabold. Nexkey announced a ‘dealer program’ at the recent ISC West trade show in Las Vegas, and interest was high. Trabold says 134 integrators/dealers sought to engage. In coming weeks, the company will be finalising that program, enhancing the dashboard to enable dealers to manage the system on behalf of their customers, for example. “We will be looking at how we can go from that amazing level of interest to being actively engaged with partners in the channel,” says Trabold. Using NPS to measure product quality Nexkey uses the Net Promoter Score (NPS) as a benchmark for how well the product is accepted in the marketplace. NPS measures the quality of a product by analysing how likely customers are to recommend it to a friend or colleague. As an example, Apple currently has an NPS of 65%. In comparison, Nexkey has achieved a score of 60 percent, and is looking to improve it even more. “A year from now, we want to get the same positive feedback from our dealer/integrator community,” says Trabold. “That’s the challenge, engaging with partners and scaling the business forward. We still have work to do.”
In today’s technology-driven markets, a platform is a business model that connects producers and consumers in an interactive ecosystem. Some examples of platforms are Uber and Airbnb, which have disrupted and transformed traditional markets. Isn’t it time to deploy the platform model in the physical security industry? That’s the goal of the Open Security & Safety Alliance (OSSA), a non-profit organisation. Interactions and exchange The book ‘Platform Revolution’ defines a platform as ‘a business based on enabling value-creating interactions between external producers and consumers.’ The description continues: ‘The platform provides an open, participatory infrastructure for these interactions and sets governance conditions for them. The platform’s overarching purpose is to consummate matches among users and facilitate the exchange of goods, services, or social currency, thereby enabling value creation for all participants.’ Platform for security and safety solutions OSSA’s plan is to build a common standardised platform for security and safety solutions. Founding members are Bosch Building Technologies, Hanwha Techwin, Milestone Systems, Pelco and VIVOTEK. Anyone can join the alliance, which is growing rapidly and gaining traction as the Internet of Things (IoT) expands. OSSA’s plan is to build a common standardised platform for security and safety solutions OSSA members could be found throughout the recent ISC West show in Las Vegas, and a social event after hours at the show brought them together and set the tone for development to come. A Technology Stack “We want to create an ecosystem, define a common market approach and open new market opportunities,” says Johan Jubbega, OSSA President. “We want to go from a product business to a platform business. It’s better for us and better for the end-users.” OSSA seeks to develop a specification for a common Technology Stack to cater to innovation and reduce fragmentation within the security and safety market, according to OSSA. Its mission is complementary to organisations like ONVIF. Video information and low friction The video surveillance industry creates vast amounts of information in the form of video, but typically less than 1 percent of that data is used by today’s video surveillance systems – think about that one or two frames of video among thousands that might be used to solve a crime, for example. The rest of the data remains unused, and yet the potential value of the data is huge. OSSA seeks to create a platform to leverage the value of the data. “If we don’t unlock that value in our industry, someone will do it for us,” says Jubbega. OSSA is developing a vendor-agnostic operating system that simplifies low-level device integration and standardises elements such as cybersecurity and security update patches Among the important elements in developing the platform are to create a level of trust among all the stakeholders involved, and to lower the ‘friction’ involved in participating in the platform. “We want to make it easy and fun to do business with anyone who joins the platform,” says Jubbega. “By taking away the friction, we will create scalability.” System-on-chip Development of customisable system-on-chip (SoC) components in today’s video cameras provide the capacity to host a variety of ‘apps’ to expand system functionality and leverage the value of data. OSSA is developing a vendor-agnostic operating system that simplifies low-level device integration and standardises elements such as cybersecurity and security update patches. Building on top of that operating system, vendors can create new levels of differentiation. “Our purpose is to start from a common business model to spur innovation and add value for users,” according to OSSA. Cybersecurity and data protection SAST is creating the operating system and setting up the IoT infrastructure to make apps available Simply speaking, app developers can use the standard operating system to build new functionalities that can easily be ‘loaded’ on cameras and sold in an ‘app store’ scenario. Security and Safety Things (SAST), a Bosch startup and member of OSSA, is creating the operating system and setting up the IoT infrastructure to make the apps available. Development of these elements is happening concurrently with the evolution of OSSA. “We offer you an opportunity to come with us on this journey,” Jubbega told attendees at the ISC West social event. “We want to have a common approach to tackling cybersecurity and data protection – to raise the bar in the industry. You can still differentiate, but from a higher base.” OSSA members who exhibited at ISC West included Anixter Inc., Bosch Building Technologies, Hanwha Techwin, Milestone Systems, NetApp Inc., Pelco, SAST, Socionext Inc., United Technologies and VIVOTEK Inc.
Ping Identity, the provider of Identity Defined Security, announces its successful completion of the Financial-grade API (FAPI) conformance testing, as part of the process defined by Open Banking Ltd. This builds on Ping Identity’s previous success as the first identity platform to pass all 70 technical security tests, as set by Open Banking Ltd., with zero warnings. The most recent set of FAPI conformance testing evaluated the latest versions of the Ping Intelligent Identity platform, including PingFederate, PingAccess and PingDirectory, within a mock banking environment. Additional technical requirements It switches to an API model with structured data that utilises a token model such as Open Authorisation The inclusion of FAPI within the Ping Identity solution for Open Banking helps allow banks to overcome insecure practices such as screen scraping by using stored user credentials. Instead, it switches to an API model with structured data that utilises a token model such as Open Authorisation. FAPI is a technical specification developed as a multi-industry standard by the FAPI Working Group of OpenID Foundation (OIDF). It leverages OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, FAPI provides various advantages. This includes enabling applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings. Secure identity requirements In concurrence with the specification, OpenID Foundation maintains a cloud-based testing suite for conformance testing by banks, certified third-party security providers and platform vendors—such as Ping Identity. The Ping Intelligent Identity platform is used by hundreds of financial services enterprises, including many of the CMA 9 and Open Banking Ltd. itself. Additionally, FAPI is of increasing relevance to the growing number of new fintech start-ups in areas such as investment, wealth management, insurance, payments and even real estate. “This is significant beyond the Open Banking and financial services sector,” explains Rob Otto, EMEA Field CTO, Ping Identity. “Other digitally-focused sectors, with similar secure identity requirements, now have a proven template that can allow them to quickly deploy their own security controls, which have been stringently tested by the largest financial institutions in the UK.”
Everbridge, Inc., the global pioneer in critical event management, announced that it has been awarded a multi-year contract to support the deployment of Australia’s next-generation national early warning system. In combination with Australia’s major telecommunications companies, the Everbridge Public Warning solution will be used to power Emergency Alert in Australia, providing population-wide alerting to help reach the country’s over 25 million residents and approximately 9 million annual visitors. If residing within an area where a sudden, critical event occurs such as fire, extreme weather or a terror attack, residents and visitors to Australia will receive location-based SMS notifications on their mobile phones, in addition to smart phone mobile app notifications and fixed line voice alerts, among other modalities. Supports first responder communications Everbridge Public Warning leverages telecom infrastructure to reach everyone within a geographic area Everbridge Public Warning leverages existing telecom infrastructure, with no opt-in required, to reach everyone within a geographic area to reduce disaster risk, support first responder communications, and analyse disaster communication effectiveness for subsequent mitigation activities. “Our Public Warning solution enables government organisations and public safety agencies to immediately connect with every person in an affected area during a critical event regardless of nationality, residency or mobile telephone handset type,” said Jaime Ellertson, Chief Executive Officer and Chairman of Everbridge. “Australia has served as a model example for population-wide alerting and emergency preparedness over the past decade, and we are honoured to support them on the evolution of their national system.” The next-generation system is scheduled to become operational in 2020.
Everbridge, Inc., the global pioneer in critical event management software that helps keep people safe and businesses running, announced that its mass notification solution will be used to power alerts for Nashville and Davidson County, Tennessee in times of emergency. The Metro Emergency Alert & Notification System (MEANS) will deliver safety instructions via cell phone, landline, and SMS for localised emergencies such as flooding, public health emergencies or active shooter situations. “This is an important way for us to keep the community updated on incidents happening in Nashville and Davidson County,” said Chief William Swann, Director, Nashville Fire Department. “The Everbridge system will be leveraged by Metro Government to communicate directly to the public. Residents and visitors can feel confident that when they receive alerts, they are getting accurate information straight from a Metro public safety agency.” Everbridge Mobile App delivers alerts to cell phones based on a user’s physical location during emergency Receiving alerts on cell phones Metro officials also urge residents to download the Everbridge Mobile App, which brings the added security of delivering alerts to cell phones based on a user’s physical location at the time of an emergency. “The Everbridge app provides Metro with a key alerting capability because it enables us to send safety instructions to residents who happen to be in the vicinity of an emergency in real time,” said Department of Emergency Communication’s Director Michele Donegan. Nashville joins a growing list of America’s largest cities, counties, and entire states that have rolled out the Everbridge platform including the cities of New York, Philadelphia, New Orleans, Atlanta, Houston, Phoenix, San Francisco, Tampa, and Washington, DC; hundreds of counties including Napa, Sonoma, Ventura, Miami-Dade, Palm Beach, Cook, Harris, and Maricopa; and the states of Florida, Connecticut, Vermont, and New York.
Mobile-device and application-security technology company Trustonic announces that Hyundai Motor America will demonstrate its new Digital Key app, secured by Trustonic Application Protection, at the New York International Auto Show 2019. The Digital Key will launch with the all-new 2020 Hyundai Sonata in the fall. Hyundai’s Digital Key is a downloadable smartphone app that can replace a traditional car key by leveraging Near Field Communication (NFC) to detect an authorised smartphone. An NFC antenna is located in the driver’s door handle for locking and unlocking while a second antenna for starting the engine is located in the wireless charging pad in the centre console. Seamless vehicle sharing The Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication Once authorised, the Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication. A user can lock and unlock the vehicle, activate panic alert and start the engine within a range of about 30 feet of the car. The new Digital Key can be utilised by up to four authorised users, facilitating seamless vehicle sharing. Users’ preferred settings are also stored in the car, meaning that when a user is recognised, the vehicle automatically adjusts settings for side mirrors, radio presets, sound settings, and seat positioning. Hyundai is using Trustonic Application Protection (TAP) to secure the Digital Key. TAP ensures that Digital Key transfer requests are securely displayed to and approved by a real, authenticated user on a trusted device. Cybersecurity approach TAP utilises a multilayered industry-recognised security approach for communication to and from the customer’s phone. “Hyundai has been a leader in connected car technology for a long time now, with new features like Apple CarPlay, Android Auto, Smartwatch and Smart-speaker integration into our vehicles,” said Manish Mehrotra, director of digital business planning and connected operations, Hyundai Motor America. “Digital Key adds convenience for 2020 Sonata owners and allows us to be ready for future shifts in the mobility space, such as car sharing. We chose Trustonic because of their multilayered, industry recognised cybersecurity approach.” Vehicle-function permissions Hyundai’s Digital Key will enable easy car sharing and improved user experiences" Car owners have a deeper level of access than other authenticated users, enabling them to set vehicle-function permissions and the duration of access for each shared user. This enables uses beyond car sharing, such as enabling couriers to access the trunk within a pre-agreed window of time to deliver a package. Future uses that the app could enable include car rentals, triggering an alarm when a vehicle travels outside a designated area and remote control of features, such as autonomous parking. Ben Cade, CEO, Trustonic, adds, “Consumers expect to be able to manage their lives on their smartphones, and this includes their vehicles. Hyundai’s Digital Key will enable easy car sharing and improved user experiences for drivers—and as international leaders in app security, it’s up to us to ensure this can happen in a scalable and secure way.”
Boon Edam Inc., a provider of security entrances and architectural revolving doors, announces that RagingWire Data Centers has installed Boon Edam’s Tourlock 180+90 security revolving doors as part of its integrated access systems that protect their data centers in Ashburn, Va. and Sacramento, Calif. Founded in 2000, RagingWire was one of the first companies that helped to build the multi-billion dollar global data center colocation industry. Now, RagingWire is the North American data center platform within the portfolio of NTT Communications, which operates 140 data centers in 20 countries worldwide, making RagingWire one of the largest and most financially solid data center companies in the world. Demanding hyperscale cloud RagingWire is recognised as an industry leader in data center security and overall customer experience" RagingWire uses Tourlock security revolving doors at its Ashburn VA3 Data Center, which features 245,000 square feet of space and 16 megawatts of critical power, and its Sacramento CA3 Data Center, which is a 180,000 square foot facility with 14 megawatts of critical power. VA3 and CA3 are part of RagingWire’s portfolio of data centers in Ashburn, Northern California and Dallas, Texas. “As the colocation data center of choice for some of the most demanding hyperscale cloud and enterprise companies, RagingWire is recognised as an industry leader in data center security and overall customer experience,” said Mark Borto, CEO of Boon Edam Inc. “We are proud to provide an important part of RagingWire’s sophisticated, multi-layer, integrated security system.” Provide efficient passage Boon Edam’s security revolving doors provide efficient passage for hundreds of people daily at RagingWire’s data centers. The doors prevent piggybacking and tailgating during both entry and exit by using a combination of sensors to recognise shapes, size and volume in three dimensions, and then stopping the door when a violation occurs. Our customers expect our security entrances and anti-tailgating technologies to be extremely fast and accurate"The state-of-the-art system also generates an accurate picture of exactly who is in the building at all times. “Our customers expect our security entrances and anti-tailgating technologies to be extremely fast and accurate,” said Eddie Ankers, Director of Corporate Security at RagingWire. Analyse suspicious behavior “By adding these doors to our defense-in-depth security strategy, we are providing the best possible protection system for our customers’ mission critical equipment.” In addition to Boon Edam’s Tourlock security revolving doors, RagingWire’s layered security approach features highly trained, 24x7 security staff, biometric scanners, badge readers, intelligent high-definition video cameras that analyse suspicious behavior, anti-tailgate mantraps, a building-within-a-building design, anti-climb perimeter fencing, concrete bollards in front of building entryways, and an anti-ram security gate.
Vicon Industries Inc. (VCON: OTCQB Venture Market) ("Vicon"), designer and manufacturer of video surveillance and access control software, hardware and components, announced today that Louisa County Public Schools, in Northern Virginia, has completed installation of a district-wide Vicon Valerus video management solution that encompasses its six school buildings and connects nearly 400 cameras. The system includes multiple application servers and NVRs running Valerus VMS software, as well as a wide range of Vicon IP megapixel camera models. The district has opted to share camera access with the Louisa County Sheriff’s Department, whose officers can use iPads and smartphones to immediately call up video through the Valerus VMS interface in case of an emergency. This allows them to visually assess any situation and locate the perpetrator before sending in officers. Vicon sponsored training class The Valerus solution was chosen by Louisa County Public Schools because of Vicon’s willingness to provide the district’s in-house electricians and technical team with as much autonomy as possible in setting up and managing the system. After participating in a Vicon sponsored training class, the district has been self-sufficient in its ability to install, program and troubleshoot Valerus. David Szalankiewicz, LCPS Facilities Director, says "Vicon’s technical team has supported our in-house guys directly with training and certification so that we feel completely in control." Ron Lapsley, Vicon’s Regional Sales Manager who worked on the project, explains, "Vicon understands that the technical capabilities and service needs are different for each customer, and we’re glad to provide the right level of support that makes sense. In many cases, the manufacturer relationship is as important as the product itself in making sure a customer is satisfied."
Round table discussion
Ethical hackers are familiar to the world of cybersecurity. As cybersecurity awareness increases in physical security, they are also playing a larger role to ensure the safety of networked and information technologies used in our market. We asked this week’s Expert Panel Roundtable: What is the role of ‘ethical hackers’ to ensure cybersecurity of networked products in the physical security market?
The new year 2019 is brimming with possibilities for the physical security industry, but will those possibilities prove to be good news or bad news for our market? Inevitably, it will be a combination of good and bad, but how much good and how bad? We wanted to check the temperature of the industry as it relates to expectations for the new year, so we asked this week’s Expert Panel Roundtable: How optimistic is your outlook for the physical security industry in 2019? Why?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?