SureCloud, a provider of IT governance, risk, and compliance (IT GRC) cloud-based solutions, has launched an innovative go-to-market approach for its customers to help simplify and de-risk their investment in IT GRC.
The new approach has been devised as a response to typical industry pain points, such as failed implementations and additional, unforeseen services costs, that make investments in GRC technology risk for customers who find it almost impossible to ‘futureproof’ their solution of choice.
Ongoing configuration changes
SureCloud, which has served the IT GRC market since 2014, has opted to completely remove the heavy up-front costs usually associated with GRC software implementation and ongoing configuration changes. Instead, customers will have the freedom to focus on what they want their solution to do rather than worry about how many professional service days to purchase.
Typically, a GRC software provider will charge an annual license fee and layer implementation and ongoing configuration services on top as an additional cost, often partnering with a third party to implement their solutions. This approach can put pressure on customers to get the implementation right ‘first time’, leading to a tendency to overload the initial project with functionality that ‘might’ be needed in the future. This can result in overcomplicated designs, which can have a high risk of failure in an operational environment.
Changing business environment
GRC solutions often need adapting over time to meet the changing business environment
Moreover, GRC solutions often need adapting over time to meet the changing business environment, and the requirement for ongoing configuration changes after the initial implementation can present unexpected and unbudgeted costs to the customer.
Recognising these challenges, SureCloud, which has its own in-house team of implementation experts, has opted to no longer charge customers for its implementation and ongoing configuration services. Over the course of their subscription, customers benefit from a fully configurable solution without having to secure budget increases or be blindsided by unexpected costs. And they get a fully aligned GRC technology partner incentivised to ensure a smooth and successful implementation.
Making right decisions
“Feedback from customers reveals that our new approach gives them the certainty of running costs, enabling them to demonstrate what a continual run rate looks like without unpredictable spikes in additional services,” says Nick Rafferty, SureCloud’s COO and Co-Founder.
“And by not charging for implementation services, customers can be driven by timescales that are closely aligned with the delivery of outcomes, rather than resource costs and a tendency to over-scope the initial implementation. This means that they can focus on the end game and make the right decisions for their business.”
ONVIF, the global standardisation initiative for IP-based physical security products, has announced that it will end its support for Profile Q early next year since it contains certain specifications that are no longer consistent with current cyber security best practices.
Profile Q was developed to provide an easy setup of a conformant device on an IP network. It requires a Profile Q conformant device to allow anonymous access to all ONVIF commands, during the setup process in the factory default state.
This does not follow current cyber security best practices, which recommend, among other things, that a network device require users to set passwords and other access rights before the device can be used. Since the specifications of a profile cannot be changed as it would impact interoperability between products that conform to a specific profile, Profile Q will be deprecated on March 31, 2022.
ONVIF conformant products
ONVIF conformant products are used in a wide variety of industries and geographies"
“ONVIF conformant products are used in a wide variety of industries and geographies, with different requirements when it comes to cyber security policies or best practices,” said Leo Levit, Chairman of the ONVIF Steering Committee.
Leo adds, “As these cyber threats evolve quickly, it’s important that users are aware of these best practices to ensure they are implementing cyber security measures that are appropriate for their organisation.”
ONVIF Network Interface Specifications
ONVIF recommends following industry best practices and local regulations, and staying informed about technology changes from the market.
The ONVIF Network Interface Specifications have defined network protocols that include security elements, such as TLS (Transport Layer Security), which allows ONVIF devices with that feature to communicate with clients across a network, in a way that protects against eavesdropping and tampering.
ONVIF Default Access Policy
ONVIF specifications also cover the ONVIF Default Access Policy, which specifies that there should be different access classes to services based on different user roles. Manufacturers can implement these ONVIF specifications regardless of whether the specifications are included in a profile or not.
Founded in 2008, ONVIF is a well-recognised industry forum driving interoperability for IP-based physical security products. The organisation has a global member base of established camera, video management system and access control companies and more than 20,000 profile conformant products.
IP interoperability solutions expansion
ONVIF offers Profile S for streaming video, Profile G for video recording and storage, Profile C for physical access control, Profile A for broader access control configuration, Profile T for advanced video streaming, Profile M for metadata and events for analytics applications and Profile D for access control peripherals.
ONVIF continues to work with its members to expand the number of IP interoperability solutions that ONVIF conformant products can provide.
Comelit Group, as a founder partner to The Security Event, is excited to return to exhibit with the launch of the latest integrated solutions, comprising an array of smart security and fire safety systems for residential and commercial premises.
On stand 3a/B10, Comelit will be presenting its new Logifire addressable panel, which has been designed to offer a simple to install, fire safety solution that is compliant with to latest standards. It is complemented with a new range of detectors, offered with award-winning designs to ensure systems blend with their surroundings.
Alarm management and home automation
Exclusively previewed at The Security Event is Comelit’s latest alarm management software, Horus, which presents an innovative platform that integrates intruder alarm, fire detection, video surveillance, and door entry into a single software capable of targeting alarm management.
Comelit will be showcasing its latest updated home automation systems, including Maxi Manager with Android, alongside smart integration with Amazon Alexa, Google Home, and Echo Show.
Smart security systems
Says Francesca Boeris, Managing Director Comelit Group UK, “Whilst we have been under enormous pressure as a result of the global pandemic, behind the scenes at Comelit, we have been working on some really exciting integration products and services that really go to the heart of fire safety and smart security design.”
“We are thrilled with the live opportunity at The Security Event to present our latest solutions. This is not only in their capability to seamlessly operate for the benefit of homeowners and business property owners, but also with due consideration to installers looking for simple ways to offer this smart technology. When combined with our mobile-first possibilities, we believe we have the perfect solution.”
Wireless intruder alarm system
Secur Hub operates a high-performance two-way radio link between the control panel and the sensors
Visitors to the stand will have the opportunity to see live demonstrations of Comelit’s latest wireless intruder alarm system, Secur Hub, which is designed to seamlessly operate with its inclusive app technology.
Natively connected to the Comelit Cloud, which includes both WiFi and LAN connectivity, Secur Hub operates a high-performance two-way radio link between the control panel and the sensors.
Door access solutions
Also on show will be Comelit’s renowned door entry systems, including its newest modular stylish panel, Ultra, alongside mini handsfree WIFI monitor, Icona, Switch, and 316 sense and touch entrance panels together with iconic interconnection systems VIP and Simplebus.
Comelit representatives will be on hand to demonstrate how each system can operate through Comelit’s new ‘My Comelit’ APP, allowing installers easier control over their installations.
Showcasing smart upgrades
Francesca concluded, “The Security Event is a perfect, long-awaited, platform for Comelit to not only present its all-encompassing product portfolio with integration capability but also demonstrate to visitors the ease of installation and smart mobile-first upgrade opportunities. This is all completed to the highest of industry standards and without compromising on the style and aesthetics that is synonymous with the Comelit brand.”
For more information on Comelit Group or its product range, please visit stand BA/310 at The Security Event, taking place between 7 – 9 September 2021 at The NEC Birmingham.
Aqua Security, the pure-play cloud-native security solutions company, has announced the availability of its new Aqua Platform, with a unified console to ease the journey from scanning and visibility to workload protection in cloud-native environments.
The new Aqua platform reduces administrative burden and allows security teams to start with scanning and cloud security posture management (CSPM) capabilities, then add in sandboxing capabilities and workload protection as needed. The experience is streamlined regardless of scale and is available as a SaaS or self-hosted deployment.
“Scaling our cloud native security needs is a priority for us,” said Thomas Ornell, Senior Systems Engineer at ABAX, adding “We have been working with Aqua to secure our cloud-based Kubernetes environments and improve visibility of our current risk. The tooling provided by Aqua is making it a lot easier to navigate our way through our cloud native security strategy.”
Cloud Workload Protection Platform capabilities
The unified approach lowers management overhead for advanced run time features
The unified approach lowers management overhead for advanced run time features, in an industry where scanning during development and CSPM are easier for teams to understand and deploy as a first step, but critical Cloud Workload Protection Platform (CWPP) capabilities are sometimes left behind.
It also enables customers to benefit from better context and prioritisation in identifying risks and threats, adopting a full-lifecycle approach to securing cloud-native applications. In a recent survey of cloud-native security practitioners, only 32% of respondents were confident in protecting against attacks in-progress in their cloud-native environments.
CNAPP integrates cloud security tools
In a recent report, Gartner notes that CNAPP is an emerging capability that brings together cloud security tools, including CWPP and CSPM. CNAPP tools will integrate information from both CWPP and CSPM, in order to provide more detailed insights into security behaviours in CIPS (cloud infrastructure and platform services) deployments.
Aqua is also seeing a growing trend within its customer base for the adoption of both CWPP and CSPM capabilities in a unified platform. “In the past year, Aqua has seen a 3x increase in CSPM customers who have also purchased Aqua’s CWPP capabilities,” said Amir Jerbi, Co-Founder and Chief Technology Officer (CTO) at Aqua Security.
Protecting workloads at run time
Amir Jerbi adds, “Organisations recognise the need to protect workloads at run time, and Aqua is keeping pace with that demand, bringing more unification without compromising scalability. While other solutions require multiple screens and consoles, or just provide visibility without options for workload protection, Aqua offers the industry’s only comprehensive unified platform.”
This recent release of the Aqua Platform also includes dozens of new features and capabilities, including:
Automatic discovery and onboarding of CSPM within GCP environments.
Scanning Google Cloud Functions for vulnerabilities and sensitive data, extending prior support for AWS Lambda and Microsoft Azure
Migrating from the now deprecated Kubernetes PSP (Pod Security Policy) to the new PSS (Pod Security Standard) using new assurance policies and Aqua’s open-source Rego
Enhancing run time protection with file integrity monitoring for containers, and threat response policies that specifically block reverse shell attempts and crypto-mining.
Defining custom severities for specific vulnerabilities to conform with the customers’ internal standards.
Finding, provisioning, and managing Aqua within AWS environments using AWS CloudFormation templates.
New certified RedHat OpenShift Operator to automate Aqua deployments and upgrades.
Have you ever stopped to consider the volume of new data created daily on social media? It’s staggering. Take Twitter, for instance. Approximately 500 million tweets are published every day, adding up to more than 200 billion posts per year. On Facebook, users upload an additional 350 million photos per day, and on YouTube, nearly 720,000 hours of new video content is added every 24 hours.
While this overwhelming volume of information may be of no concern to your average social media user posting updates to keep up with family and friends, it’s of particular interest to corporate security and safety professionals who are increasingly using it to monitor current events and detect potential risks around their people and locations—all in real-time. Meet the fast-paced and oft-confusing world of open-source intelligence (OSINT).
What is Open Source Intelligence (OSINT)?
The U.S. Department of State defines OSINT as, “intelligence that is produced from publicly available information and is collected, exploited, and disseminated promptly to an appropriate audience to address a specific intelligence requirement.”
The concept of monitoring and leveraging publicly available information sources for intelligence purposes dates back to the 1930s. The British Broadcast Corporation (BBC) was approached by the British government and asked to develop a new service that would capture and analyse print journalism from around the world.
Monitoring and identifying potential threats
Originally named the “Digest of Foreign Broadcast, the service (later renamed BBC Monitoring which still exists today) captured and analysed nearly 1.25 million broadcast words every day to help British intelligence officials keep tabs on conversations taking place abroad and what foreign governments were saying to their constituents.
OSINT encompasses any publicly accessible information that can be used to monitor and identify potential threats
Today, OSINT broadly encompasses any publicly accessible information that can be used to monitor and identify potential threats and/or relevant events with the potential to impact safety or business operations.
The potential of OSINT data is extraordinary. Not only can it enable security and safety teams to quickly identify pertinent information that may pose a material risk to their business or people, but it can also be captured by anyone with the right set of tools and training.
OSINT for cybersecurity and physical threat detection
Whether it be a significant weather event, supply chain disruptions, or a world health crisis few saw coming, the threats facing organisations continue to increase in size and scale.
Luckily, OSINT has been able to accelerate how organisations detect, validate, and respond to these threats, and it has proved invaluable in reducing risk and informing decision-making – especially during emergencies.
OSINT is typically shared in real-time, so once a situation is reported, security teams can then work on verifying critical details such as the location or time an incident occurred or provide the most up-to-date information about rapidly developing events on the ground. They can then continue to monitor online chatter about the crisis, increasing their situational awareness and speeding up their incident response times.
OSINT can help detect when sensitive company information may have been accessed by hackers
Severe weather offers a good example of OSINT in action. Say an organisation is located in the Great Plains. They could use OSINT from sources like the National Weather Service or National Oceanic and Atmospheric Administration (NOAA) to initiate emergency communications to employees about tornado warnings, high winds, or other dangerous conditions as they are reported.
Another common use case for OSINT involves data breaches and cyber-attacks. OSINT can help detect when sensitive company information may have been accessed by hackers by monitoring dark web messaging boards and forums. In 2019, T-Mobile suffered a data breach that affected more than a million customers, but it was able to quickly alert affected users after finding their personal data online.
OSINT is a well-established field with countless applications. Unfortunately, in an ever-changing digital world, it’s not always enough to help organizations weather a crisis.
Why OSINT alone isn’t enough?
One of the core challenges with leveraging OSINT data, especially social media intelligence (SOCMINT), is that much of it is unstructured and spread across many disparate sources, making it difficult to sort through, manage, and organise.
Consider the social media statistics above. Assuming a business wanted to monitor all conversations on Twitter to ensure all relevant information was captured, it would need to both capture and analyze 500 million individual posts every day. Assuming a trained analyst spent just three seconds analysing each post, that would amount to 1.5 billion seconds of labor—equivalent to 416,666 hours—just to keep pace.
While technology and filters can greatly reduce the burden and help organisations narrow the scope of their analysis, it’s easy to see how quickly human capital constraints can limit the utility of OSINT data—even for the largest companies.
Challenges with OSINT
OSINT data collection includes both passive and active techniques, each requiring a different level of effort and skill
Additionally, collecting OSINT data is time-consuming and resource-intensive. Making sense of it remains a highly specialised skill set requiring years of training. In an emergency where every second count, the time required to sift through copious amounts of information takes far longer than the time in which an organisation must take meaningful action to alter the outcome.
Compounding the issue, OSINT data is noisy and difficult to filter. Even trained analysts find the need to constantly monitor, search, and filter voluminous troves of unstructured data tedious. Artificial intelligence and machine learning have helped weed through some of this data faster, but for organisations with multiple locations tasked with monitoring hundreds or thousands of employees, it’s still a challenging task.
Adding to the complexity, collecting OSINT data isn’t easy. OSINT data collection includes both passive and active techniques, each requiring a different level of effort and skill.
Passive vs Active OSINT
Passive OSINT is typically anonymous and meant to avoid drawing attention to the person requesting the information. Scrolling user posts on public social media profiles is a good example of passive OSINT. Active OSINT refers to information proactively sought out, but it often requires a more purposeful effort to retrieve it. That may mean specific login details are needed to access a website where information is stored.
Lastly, unverified OSINT data can’t always be trusted. Analysts often encounter false positives or fake reports, which not only take time to confirm accuracy, but if they act on misinformation, the result could be damage to their organisation’s reputation or worse.
So, how can companies take advantage of it without staffing an army of analysts or creating operational headaches?
A new path for OSINT
Organisations can leverage the benefits of OSINT to improve situational awareness and aid decision-making
Fortunately, organisations can leverage the benefits of OSINT to improve situational awareness and aid decision-making without hiring a dedicated team of analysts to comb through the data. By combining OSINT data with third-party threat intelligence solutions, organisations can get a cleaner, more actionable view of what’s happening in the world.
Threat intelligence solutions not only offer speed by monitoring for only the most relevant events 24/7/365, but they also offer more comprehensive coverage of a wide range of threat types. What’s more, the data is often verified and married with location intelligence to help organisations better understand if, how, and to what extent each threat poses a risk to their people, facilities, and assets.
In a world with a never-ending stream of information available, learning how to parse and interpret it becomes all the more important. OSINT is a necessary piece to any organisation’s threat intelligence and monitoring system, but it can’t be the only solution. Paired with external threat intelligence tools, OSINT can help reduce risk and keep employees safe during emergencies and critical events.
Prices and delivery times for essential components in CCTV systems are being driven up as demand soars from other industries. Secure Logiq’s Robin Hughes explains the current state of the market.
Component shortages and supply chain challenges are a hot topic in just about every industry based on semi-conductors and silicon chips right now, and security is no exception.
It’s common knowledge that the global Covid lockdown caused a shutdown in the mining of silicon and spherites as large industries such as motor manufacturing cancelled or postponed their chip orders – this has caused a supply gap that every industry is feeling.
However, there is a second challenge that is hitting the security sector particularly hard, and it may not be one you are expecting – cryptocurrencies.
Cryptocurrencies and security
When people discuss cryptocurrencies and security, thoughts often turn to cybersecurity and ransomware payment tracking. But the issue for the majority of the security industry comes from crypto mining.
When it comes to cryptocurrencies, GPUs are intrinsic for ‘proof of work’ mining
GPUs (Graphics Processing Units) are a key component in CCTV, they decode images and display them onto screens. With the increase of video analytics, these have also become key to running the complicated algorithms required for creating the metadata and presenting it in a meaningful way for end-users. However, when it comes to cryptocurrencies, GPUs are intrinsic for ‘proof of work’ mining.
Demand for GPUs
When Bitcoin prices were relatively low, it was hard to justify the cost of a GPU and the associated power consumption for Bitcoin mining applications.
But as the price of Bitcoin has increased exponentially, demand for GPUs to do the number-crunching has grown dramatically causing a major shortage and huge price hikes. This rise in prices is not correlated with an increase in technological performance on the new GPUs, it is entirely a case of demand outstripping supply and a resulting bidding war.
To put this in context, cards are currently going new for around twice the original price and manufacturers simply cannot keep up with the demand.
On top of this, there is a new cryptocurrency creating a new threat to a different part of the CCTV industry.
A new ‘environmental’ cryptocurrency called Chia has dispensed with the processing power and electricity demands of traditional GPU mining, instead of utilising the spare storage space on hard drives (HDD) to verify blockchain transactions (‘proof of space’).
The demand for this particular cryptocurrency has to date called on 30 Exabytes of storage since May this year – that’s 30 Billion Gigabytes of data, and it’s not just HDDs, high-capacity SSDs are also in demand. This is causing massive hard drive supply issues globally, thus rocketing prices for those that are available.
The security industry sits comfortably in the ‘Big data’ category and with storage retention times running from 30 days to 6 months
Of course, this has a particularly large knock-on for the CCTV market. There is nothing more data-intensive than video, other than multiple streams of HD video.
With this in mind, the security industry sits comfortably in the ‘Big data’ category and with storage retention times running from 30 days typically up to 6 months and longer in some regions/applications, the CCTV market consumes more HDDs than many other markets.
Growth of data centres
While you would think that this would make security an important area for HDD manufacturers, our market is a relatively small player.
IT vendors will always focus on their core customers, and the rise of the gaming market, as well as the growth of data centres due to remote working in the pandemic, has created a more important sector to serve – and these customers will always come first. Imagine the daily storage space required if 5 Billion people uploaded just one image a day to ‘the cloud’!
These factors combined with the lack of raw materials leading to longer lead times for component manufacturers mean that the prices for hard drives and GPUs are likely to remain inflated well into 2022 while factories play catch up on the backlog.
The market for IT hardware is currently strong enough to continue even with the increase in component prices and the extended lead times for products. If you can get your hands on any HDDs, the delivery times from most distributors are around 6-8 weeks.
Increased delivery times
All of this has had a serious impact on the security industry. CCTV projects are now facing the combined issue of increased delivery times and higher costs. Many manufacturers, integrators, and distributors are doing their best to absorb the price increases where they can, but this is unsustainable over the long term. So what can be done?
Some people are getting more creative by purchasing from the second-hand market
Some people are getting more creative by purchasing from the second-hand market. However, it is unlikely that commercial applications will be willing to risk potential downtime or data losses by using second-hand components that have been pushed hard for months on end mining cryptocurrencies.
Making early purchases
While I can’t comment on what other manufacturers have done, at Secure Logiq we have been watching this market trend closely.
We always try to keep a close eye on anything that has the potential to significantly impact our manufacturing capabilities and try to offset any potential challenges with early purchases before the impact is fully felt.
As such, we have been able to secure enough products to continue manufacturing as normal for more than six months.
Increased demand as a challenge
While we have this existing stock to meet current and anticipated orders, we continue to scour the market for any available stock to make sure we are at the top of the list when any fresh products come on the market. This has meant that throughout our 10-year history we have never failed to deliver a customer order within 7-10 working days.
The delays with component manufacture and the ongoing increased demand will continue to present a huge challenge to the CCTV and wider security industry. However, good planning and intelligent design will allow projects to remain on track.
Security technology manufacturers are not alone in this challenge, but the dual-threat is perhaps unique. It will take a while for this threat to be overcome, but with robust planning and by paying close attention to the market forward-thinking CCTV manufacturers can still deliver projects for their clients.
Steven Kenny, Axis Communications, looks at the benefits of physical access control systems within smart environments, and how knowledge gaps and dated methods can inhibit adoption.
Physical security is becoming more dynamic and more interconnected, as it evolves. Today’s modern access control solutions are about so much more than simply opening doors, with digitalisation bringing multiple business benefits, which would simply not be possible using traditional models.
While the digital transformation of processes and systems was already well underway, across many industries and sectors, it is the transformation of physical security from a standalone, isolated circuit, to a network-enabled, intelligent security solution that brings many benefits to the smart environment.
Yet, with more organisations now looking to bring their physical security provision up to date, there are many considerations that must be addressed to maximise the potential of access control and video surveillance. Not least of which is that connecting physical security devices to a network presents risk, so it is increasingly important for IT teams to play a role in helping to facilitate the secure integration of physical and network technologies, as these two worlds increasingly converge.
Improved access control in smart environments
These urban constructs are capable of reducing waste, driving efficiencies and optimising resources
The smart city offers significant benefits, reflected in the US$ 189 billion that is anticipated to be spent on smart city initiatives globally by 2023. These urban constructs are capable of reducing waste, driving efficiencies, optimising resources and increasing citizen engagement.
Technology, which is increasingly being incorporated to protect access points within the smart environment, can take many forms. These range from simple card readers to two factor authentication systems, using video surveillance as a secondary means of identification, right through to complex networks of thermal cameras, audio speakers and sensors.
Frictionless access control
During the COVID-19 pandemic, frictionless access control has provided an effective ‘hands free’ means of accessing premises, using methods such as QR code readers and facial recognition as credentials to prove identity.
Frictionless access control brings health and safety into the equation, as well as the security of entrances and exits, minimising the risk of infection, by removing the need to touch shared surfaces. Such systems can be customised and scaled to meet precise requirements. Yet, an increasing integration with open technologies and platforms requires collaboration between the worlds of physical security and IT, in order to be successful.
Barriers to adoption
Traditional suppliers and installers of physical security systems have built up a strong business model around their expertise, service and knowledge. Network connectivity and the IoT (Internet of Things) present a constantly shifting landscape, requiring the traditional physical security vendor to learn the language of IT, of open platforms, IP connectivity and software integration, in order to adapt to market changes and remain relevant.
Many are now beginning to realise that connected network-enabled solutions are here to stay
Those who cannot adapt, and are simply not ready for this changing market, risk being left behind, as the physical security landscape continues to shift and demand continues to increase. With end users and buyers looking for smarter, more integrated and business-focused solutions from their suppliers, it is clear that only those who are prepared will succeed in this space.
Time will not stand still, and many are now beginning to realise that connected network-enabled solutions are here to stay, particularly within smart constructs which rely on such technology by their very nature.
The importance of cyber hygiene
Connecting any device to a network has a degree of risk, and it is, therefore, imperative that any provider not only understands modern connected technologies, but also the steps necessary to protect corporate networks.
Cameras, access control systems and IP audio devices, which have been left unprotected, can potentially become backdoors into a network and used as access points by hackers. These vulnerabilities can be further compromised by the proliferation of connected devices within the Internet of Things (IoT).
While the connection of devices to a network brings many advantages, there is greater potential for these devices to be used against the very business or industry they have been employed to protect when vulnerabilities are exploited.
Cyber security considerations
Cyber security considerations should, therefore, be a key factor in the development and deployment of new security systems. Access control technologies should be manufactured according to recognised cyber security principles, incident reporting and best practices.
It is important to acknowledge that the cyber integrity of a system is only as strong as its weakest link and that any potential source of cyber exposure will ultimately impact negatively on a device’s ability to provide the necessary high levels of physical security.
The future of access control
There is a natural dispensation towards purchasing low-cost solutions
There is a natural dispensation towards purchasing low-cost solutions that are perceived as offering the same value as their more expensive equivalents. While some have taken the decision to implement such solutions, in an attempt to unlock the required benefits, while saving their bottom line, the limited lifespan of these technologies puts a heavier cost and reputational burden onto organisations by their association.
The future of access control, and of physical security as a whole, will, therefore, be dependent on the willingness of suppliers to implement new designs and new ways of thinking, based around high-quality products, and to influence the installers and others in their supply chains to embrace this new world.
Cyber security key to keeping businesses safe
In addition, cyber security considerations are absolutely vital for keeping businesses safe. The integration of cyber secure technologies from trusted providers will provide peace of mind around the safety or corporate networks, and integrity of the deployed technologies.
As we move forward, access control systems will become data collection points and door controllers will become intelligent I/O devices. QR codes for visitor management and biometric face recognition for frictionless access control will increasingly be managed at the edge, as analytics in a camera or sensor.
The future of access control presents an exciting and challenging time for those ready to accept it, to secure it and to help shape it, offering a true opportunity to innovate for a smarter, safer world.
BIM (building information modeling) provides a process for creating and managing information during the building lifecycle and beyond. BIM is often equated with 3D modeling of construction projects, but the visual component is just part of the value of BIM.
Additional data, such as specifications and other documentation, is also part of the process, underlying the visual aspects, helping to drive decision making and providing immediate access to detailed information about all facets of the building process.
Incorporating BIM systems
For the last six years, ASSA ABLOY Opening Solutions has worked with specification writers and architects in Europe, the Middle East, and Africa (EMEA) to make it easy to incorporate ASSA ABLOY Opening Solutions doors, hardware, and security solutions into BIM systems.
Everyone on a project can work together in the interactive and information-rich BIM environment. BIM tools are also used by contractors, distributors, facility owners, and security consultants.
BIM information relating to doors, hardware, and security solutions is available in the cloud
BIM information relating to doors, hardware, and security solutions is available in the cloud with the company’s Openings Studio BIM software. This improves the process of door scheduling and visualisation and enables customers to focus on the design, installation, and management of openings.
“If you have up-to-date information inside the BIM model, you can reduce mistakes and misunderstanding in the building industry,” says Marc Ameryckx, ASSA ABLOY Opening Solutions’ BIM Manager for the EMEIA region.
“It helps to eliminate mistakes before they happen or as early as possible in the building process. The earlier, the less it costs. We provide data as soon as possible in the process.” (ASSA ABLOY Opening Solutions also has comparable systems available in other regions of the global company.)
Centralised data in BIM 3D model
Expanding the data available in BIM provides additional value compared to merely providing “BIM objects” that can be incorporated into a BIM 3D model. The combination of BIM modeling and the underlying specifications boosts the quality of the project and its key to success, says Marc Ameryckx.
Even after the building is complete, the BIM model is still valuable, providing a repository of “as-built” information that can be used by building managers and security professionals tasked with operating and maintaining the building.
For example, if a lock needs to be replaced, retrofitting is simpler because all the information about the lock and existing installation is available in a centralised data file.
Revit and ArchiCAD
A widely used BIM software is Revit from Autodesk, a program that brings architecture, engineering, and construction disciplines into a unified modeling environment to drive more efficient and cost-effective projects.
Another BIM software program is ArchiCAD, developed by the Hungarian company Graphisoft. Openings Studio™ added a plugin for ArchiCAD this year, in addition to Revit.
Tailor-made information security solutions
We provide tailor-made information security solutions with various hardware on projects with more doors"
“We can provide tailor-made information security solutions with various hardware on projects with more doors, adding more flexibility,” says Marc Ameryckx. “Customers do not need to be the experts on the products because we provide expertise as part of our specifications.”
For example, how often do building mistakes occur because of a misunderstanding about the electrical needs of a lock and the wrong cabling is installed? The problem is especially expensive if it is discovered only after the walls are complete. Providing complete data about the electrical lock as part of a BIM system avoids the snafu.
Another example is the specification of a deadbolt lock on a door that operates with an electric strike. The deadbolt undermines the intended operation of the electric strike and can interfere with escape routes in case of an emergency. The mistake becomes obvious in the BIM environment and can be rectified before consequences impact the real world.
Data addition to Opening Suites site
ASSA ABLOY Opening Solutions is continuously expanding the data it provides at the Opening Suites site, covering additional functionality and more components including the door, cabling, and electrical connections.
Hardware sets are linked to specific doors in the BIM models, including all the details of various components, including article numbers, technical sheets, electrical requirements, all depending on customer expectations.
Physical equipment includes QR codes that can be scanned by a smartphone to provide information on the door (A mobile app is in development).
More details and more data
Experienced BIM consultants work with the Openings Studio software on projects ranging from single doors to large buildings with many doors.
Data will be more and more important, and there will be more data inside BIM models
Adding more data and detail to the BIM process at the level of each door expands the usefulness of BIM, which has historically been focused on broader issues such as structural work and HVAC. “Openings Studio™ provides all the data to integrate doors and security in the BIM process,” says Marc Ameryckx.
The higher level of detail may be a new aspect even for customers who already use BIM software. “Data will be more and more important, and there will be more data inside BIM models,” says Marc Ameryckx. In the future, the use of “digital twins” could expand the capabilities even further; for example, the software could simulate escape routes in case of fire. More data makes more things possible.
When 150,000 video surveillance cameras get hacked, it’s big news. Even if the main reason for the hack was to make a point. Even if the major consequence is bad publicity for a video company (and, by extension, the entire video surveillance industry).
The target of the hack was Silicon Valley startup Verkada, which has collected a massive trove of security-camera data from its 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Previously, Verkada has been known for an aggressive sales approach and its intent to disrupt the traditional video market.
The data breach was accomplished by an international hacker collective and was first reported by Bloomberg. The reported reasons for the hack were “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it,” according to Bloomberg.
Tesla amongst those impacted
The “fun” included access to a video showing the inside of a Florida hospital, where eight hospital staffers tackled a man and pinned him to the bed. Inside a Massachusetts police station, officers are seen questioning a man in handcuffsA view inside a Tesla warehouse in Shanghai, China, showed workers on an assembly line. Inside a Massachusetts police station, officers are seen questioning a man in handcuffs. There are even views from Verkada security cameras inside Sandy Hook Elementary School in Connecticut, where a gunman killed more than 20 people in 2012.
In a “security update” statement, Verkada reports: “Our internal security experts are actively investigating the matter. Out of an abundance of caution, we have implemented additional security measures to restrict account access and further protect our customers.”
Hacking was possible due to built-in feature
The hacker group was able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code, reports Bloomberg. Obtaining this degree of access to the camera did not require any additional hackingUsing that access, they could pivot and obtain access to the broader corporate network of Verkada’s customers or hijack the cameras and use them as a platform to launch future hacks, the hackers told Bloomberg. Obtaining this degree of access to the camera did not require any additional hacking, as it was a built-in feature.
Elisa Costante, VP of research for cybersecurity firm Forescout, calls the Verkada security camera hack "shocking."
"Connected cameras are supposed to provide an additional layer of security to organisations that install them,” she says. “Yet, as the Verkada security camera breach has shown, the exact opposite is often true. [It is worrisome that] the attack wasn't even very sophisticated and didn't involve exploiting a known or unknown vulnerability. The bad actors simply used valid credentials to access the data stored on a cloud server.”
Super Admin account had access to all cameras
Hackers gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. They found a username and password for an administrator account publicly exposed on the internet, according to Bloomberg. The hackers lost access to the video feeds and archives after Bloomberg contacted Verkada.Hackers lost access to the video feeds and archives after Bloomberg contacted Verkada
The results could have been worse, says Costante. "In this case, the bad actors have seemingly only resorted to viewing the footage these cameras have captured. But they are likely able to cause a lot more damage if they choose to do so, as our own research team has discovered. We were able to intercept, record and replace real-time footage from smart cameras by exploiting unencrypted video streaming protocols and performing a man-in-the-middle attack. This effectively gives criminals a virtual invisibility cloak to physically access premises and wreak havoc in the real world.”
Impact on broader video surveillance industry
The impact of a well-publicised cyber-attack on the broader video surveillance industry is also a concern. “As an industry, and as manufacturers in physical security, we cannot take these hacks lightly,” says Christian Morin, CSO & Vice-President of Integrations & Cloud Services, Genetec. “The potential broad-reaching impact of these hacks on physical security systems, including providing a beachhead to facilitate lateral movement onto networks, resulting in data and privacy breaches or access to critical assets and infrastructure, cannot be overstated. It is our responsibility and duty to users of our technology to prioritise data privacy and cybersecurity in the development, distribution, and deployment of video surveillance systems.”
Widespread government and healthcare use
The Verkada cameras are in widespread use within government and healthcare, which are by far the company’s most dominant verticals. Lesser verticals for them are manufacturing, financial and retail.The Verkada website pledges to take privacy seriously
Verkada’s line of hybrid cloud security cameras combines edge-based processing with the capabilities of cloud computing. Cameras analyse events in real-time, while simultaneously leveraging computer vision technology for insights that bring speed and efficiency to incidents and investigations. Command, Verakda’s centralised web-based platform, provides users with access to footage they need. Motion detection, people analytics, and vehicle analytics enable searches across an organisation to find relevant footage.
The Verkada website pledges to take privacy seriously: “We are passionate about developing products that enhance the security and privacy of organisations and individuals. We believe that well-built, user-friendly systems make it easier to manage and secure physical environments in ways that respect the privacy of individuals while simultaneously keeping them safe.”
Convergint Technologies’ rapid growth has come through a combination of organic growth and acquisitions — they have acquired 35 companies since 2014. Growth has been a focus since day one when the founders started the systems integration company with 10 colleagues in a basement.
Today, the diverse company includes more than 5,000 employees globally. As technology has advanced and business practices have evolved, Convergint’s core values and beliefs have guided their path forward.
Convergint’s culture is a critical aspect of the company, from the executive level to frontline colleagues. “It is essential that the companies we look to acquire and develop partnerships with directly align with our people-first, customer-centric, inclusive culture centered on colleagues and customers,” says Mike Mathes, Executive Vice President, Convergint Technologies.
“This approach has allowed us to maintain and grow our number of colleagues across our acquisitions and enables us to continue being our customers’ best service provider.”
Many practices have to be form-fitted to each individual acquisition A simple but important consideration as Convergint grows through acquisitions is: No two companies are the same. While some integration practices can be standardised across the company, many practices have to be form-fitted to each individual acquisition, says Mathes. “Our objective is not to come in and immediately implement change. We want to build on what has already been successful within the local market and share our learned experiences. There is plenty we can learn from each other and create a much better organisation.”
Mathes says that Convergint’s view of a successful acquisition is that 1+1=3. “The end result is always much more impactful than what we anticipated,” he says. “Every acquisition brings with it an experienced leadership team, dedicated and skilled colleagues, vertical market and technological expertise. Most acquisitions are in geographies where we do not already operate, so with every acquisition, we increase our capability to serve our customers much better.” Also, the network of Global Convergint Technology Centres (CTCs) helps expand clientele, and the Convergint Development Centre (CDC) offers new support capabilities allowing acquisitions to grow at a very high rate.
Are there more acquisitions to come? Mathes says Convergint is always open to further expanding its footprint across the globe, improving its ability to service customers, deepening their technical expertise, and continuing to expand service offerings across the current and new vertical markets. However, the current focus remains on several key factors: service to colleagues, customers, and communities.
“While obviously, acquisitions fuel our growth, the addition of these organisations to Convergint has really improved our ability to service clients on a global basis,” says Mathes. Acquiring ICD Security Solutions in Asia, for example, made Convergint a pioneer in that market for U.S.-based multi-national companies.
Meeting customers demand
“Convergint does not weigh market conditions when making an acquisition decision,” says Mathes. Rather, they are primarily focused on meeting or exceeding their customer’s needs on a local to a global level. They see acquisitions as a potential way to extend their geographic reach so they can be closer to customers.
An acquisition might also expand technological or vertical market expertise. “The end goal is for us to enhance our service capabilities by attracting and retaining talented colleagues and leaders to better service our customers,” says Mathes.
Enhancing and expanding services
Convergint identifies how to leverage the expertise to further enhance and expand current service options “Economies of scale” have not been a consideration. They have never sought to acquire companies and restructure them in the process, for example. Rather, each company brings forth a unique skillset, is carefully vetted by the executive team, and provides purpose in the company's mission and vision for the future.”
“Frontline colleagues are Convergint’s most valuable assets,” says Mathes. Rather than restructuring and eliminating skilled, knowledgeable colleagues, Convergint identifies how they can leverage the expertise to further enhance and expand current service options for customers. “Our colleagues and their skill sets are our competitive advantage—they remain an essential element to our success,” says Mathes.
Demand for integrator services
“We continue to experience a growing demand for innovative solutions across electronic security, fire alarm, and life safety,” says Mathes. “As companies innovate further and rely on technologies such as artificial intelligence, cybersecurity, IoT, and cloud solutions, we expect to see an increased demand for integrator services. Our customers demand a local service provider who is responsive and can meet their needs, which is why Convergint aims to be its customers’ best service provider.”
This year, Convergint is celebrating its 20th anniversary. In 2021, they will continue to focus on the same critical components that have dominated since day one taking care of colleagues, customers, and the communities where they operate.
Hanwha Techwin a global supplier of IP and analog video surveillance solutions announced that We-Ko-Pa Casino Resort has selected Hanwha cameras for its new state-of-the-art video surveillance system.
First established as a bingo-hall style building by the Fort McDowell Yavapai Nation in the early 1990s, the facility received approval to be revamped into a fully-fledged gaming facility in 2017. To ensure the safety of staff and visitors, this also included a new video surveillance system.
When it came time to build the new facility, the Tribal Regulatory Agency, having learned from its earlier attempts, knew they had to find a vendor that wouldn’t let them down.
Explains Lee Brown, Lead Surveillance Technician for the Fort McDowell Tribal Regulatory Agency, “We were looking for a manufacturer that had a variety of camera offerings to give us what we wanted and that also had a good reputation for quality.” They found what they were looking for with Hanwha Techwin.
The cameras available from Hanwha Techwin enabled them to choose the right camera for every situation
The number of cameras available from Hanwha Techwin was a key differentiator for the We-Ko-Pa Resort as it enabled them to choose the right camera for every situation.
The range of options was especially important when it came time to design camera coverage for the slot floor in the new facility. This area proved to be challenging in part because it was designed to be flexible and modular.
The new design allows the Casino to be dynamic in terms of where they place machines. The challenge then was how to ensure coverage of every machine even as they move around daily.
Flexible 4k cameras
They initially considered attaching cameras to the ‘cloud’ ceiling so that they could be moved as the configuration changed. But, because it floats below a concrete ceiling, this was not possible. The Casino decided instead to use the higher resolution P series 4K cameras and place them strategically throughout the space.
Says Brown, “We had to give very careful consideration to where we placed our cameras. We wanted high quality and flexibility to avoid having to reconfigure and reinstall cameras all the time. The image quality with the Hanwha Techwin cameras gave us the edge we needed to work within our ceiling constraints.”
The new Casino has over 800 Hanwha Techwin cameras, including the XNV-8080R, PNV-9080R, and PNF-9010R models
The new Casino has over 800 Hanwha Techwin cameras, including the XNV-8080R, PNV-9080R, and PNF-9010R models. According to Brown, their favorite feature is the quality they deliver at low bitrates.
He says, “The majority of our cameras face intense and volatile lighting changes against a backdrop of complex scenery with many moving objects. Hanwha Techwin cameras and their advanced WDR (Wide Dynamic Range) technology can easily be configured to accommodate these conditions without sacrificing quality or producing obnoxious data streams.”
Wisenet wave VMS
While part of the interest in Hanwha Techwin was based on the build and image quality of the cameras and variety of the offerings, the Casino was also drawn to the Wisenet WAVE VMS (Video Management System).
Says Brown, “We were attracted to the WAVE VMS because our virtualised server and client operating systems are 100% Linux based, and the WAVE client and server applications are well supported on Linux. It works exceptionally well with the Hanwha Techwin cameras and other devices, like HDMI encoders and third-party cameras.”
Live central monitoring
WAVE also helps operators with live monitoring. As part of their daily routines, operators at the Casino have to actively watch a variety of events and occurrences, including deliveries and vendors on site.
Says Brown, “The layout system in WAVE makes it easy for us to organise our cameras into groups. So, when an operator follows someone through the Casino, rather than thinking in terms of which camera covers which machine or specific area, they think more in terms of the geography of the location.”
To reduce the storage requirements for video surveillance footage, they use motion-based high/low recording
Every casino must comply with strict retention requirements in part because forensic examination and maintaining a clear chain of custody are extremely important. At the We-Ko-Pa Resort, they have a one-week minimum retention rate with some cameras keeping video for 30 days.
Currently, We-Ko-Pa has 500 terabytes (TB) of redundant ZFS-based network storage. To reduce the storage requirements for video surveillance footage, they use motion-based high/low recording.
Explains Brown, “We use motion detection to save on storage. If no motion is detected in a frame, the camera is set up to record at very low quality and low frame rate. If the camera detects motion, then the recording automatically shifts to high-quality mode.”
Video surveillance system
Moving forward, the Casino is excited about future possibilities for their system, including people counting and using their WAVE VMS to make data-driven decisions.
The Casino and Tribal Regulatory Agency aren’t the only ones who recognise the outstanding features and functionality of their new Hanwha Techwin system. The Arizona Department of Gaming, which provides specific mandates for gaming operators in the state, is also impressed.
According to Brown, “We have even received compliments for our video surveillance system from the state inspector who was quite impressed with the image quality and the smoothness of the recordings.”
HID Global, a pioneer in trusted identity solutions announced that the Arcos Bosques Torre 1 (Tower 1) has deployed its access control solutions to heighten security and better manage visitor entry.
Located in the Bosques de las Lomas neighborhood of Mexico City, the center is comprised of six buildings. The complex includes two skyscrapers and is home to high-profile law firms, industrial, mining, media, and technology companies, and one of the city’s most recognised shopping centers.
HID readers and smart card technologies
With the help of system integrator Logen, Arcos Bosques Corporate Center chose HID Mobile Access® solutions as well as HID readers and smart card technologies for tenants and visitors to securely pass through its 16 turnstiles and use the 32 elevators that lead to their offices.
The HID solutions also give tenants the choice of using their mobile devices or physical smart cards for entry.
Touchless and safe entry
HID’s mobile access solution enables administrators to remotely manage credentials by cloud-based infrastructure “Accessing the building by simply presenting a mobile phone makes a lot of sense as we look for ways to eliminate touching things during the global pandemic,” said Santiago Morett, Project Manager at Servicon, facilities manager for Arcos Bosques.
“HID Mobile Access has given us touchless entry and safer building security, which is more important than ever for our tenants.”
Mobile access solution
HID’s mobile access solution also enables administrators to remotely create, issue, manage and revoke credentials through the cloud-based infrastructure.
Servicon, the facility management company for Arcos Bosques, now has continuous building access visibility through a unified, up-to-the-minute database of the tower’s tenant names, affiliated companies, and work locations.
"Building security today extends not only to who has access but also to how individuals can enter a facility,” said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global. “HID’s access control solutions provide the foundation for optimal oversight and control while also keeping people healthy and safe.”
London’s renowned landmark skyscraper, 30 St Mary Axe, more famously known as The Gherkin, has selected Forge, powered by Yardi, to provide an enhanced and efficient visitor management solution for the building.
The Gherkin, located in London’s primary financial district, welcomes over 2,000 visitors per week, including restaurant-goers who dine at the noted top-floor situated Helix Restaurant, which is managed by Searcy’s.
Cloud-based software solution, Forge Bluepoint also provides real-time data on visitors expected
To manage the experience of the visitors, The Gherkin will adopt Forge Bluepoint to provide fast check-in and check-out, and the ability to scan access cards or mobile QR codes in speed lanes for secure admission, to their designated meeting floor.
Cloud-based software solution, Forge Bluepoint also provides real-time data on visitors expected and allows for seamless integration with other building management technology solutions.
Efficient visitor management
“30 St Mary Axe has a number of different tenants who require a journey for their visitors that fits their needs and culture,” said Clare Jackaman, the Operations Manager at The Gherkin.
Clare Jackaman adds, “The Forge Bluepoint technology will provide our reception and security staff with an efficient solution, to provide the right level of service and ensure people in the building are visiting safely.”
Enhanced security of visitors
“We’re excited to add The Gherkin to the growing list of Forge Bluepoint buildings across London,” said Paul Speariett, the Regional Director at Yardi, adding “Working in partnership with The Gherkin team, we have built visitor journeys that provide them with the experience, security and efficiency they need.”
Calipsa, a provider of deep-learning-powered video analytics for false alarm reduction, announced that Edmonton, Alberta-based GPS Security Group is using its false alarm filtering platform.
GPS, which offers a complete range of security services across Alberta, British Columbia and other parts of Western Canada, is the third Canadian central monitoring station to adopt the cloud-based Calipsa technology.
Deep learning technology
Calipsa’s software uses artificial intelligence with deep learning technology to recognise genuine alarms caused by human or vehicle movement. More than 90% of notifications resulting from nuisance factors such as animals, lighting, weather or foliage are filtered out, helping operators reduce their response times to genuine threats.
We’ve engaged Calipsa as a strategic growth partner to assist with reducing false video alarms"
The GPS Security Group’s Fredy Ramsoondar, Corporate Senior Security Solutions Advisor and Private Investigator, said GPS is adopting Calipsa’s AI-powered video analytics across its video surveillance sites to support the sustained growth of its monitoring division. “We’ve engaged Calipsa as a strategic growth partner to assist with reducing false video alarms, allowing our operators to focus on only genuine alarms,” he said. “We anticipate widespread benefits, including improved customer service, operational efficiency and employee morale.”
Tara Biglari, Calipsa’s Regional Sales Director, Americas, said its false alarm reduction software is easily scalable, making it ideal for any growing video monitoring station. “This is an exciting time of growth for the GPS team and we’re happy to partner with them to provide the highest level of customer service,” she said.
“The installation of our cloud-based technology requires no onsite hardware devices and we keep our service always current with remote upgrades.” A platform dashboard enables station managers to monitor the software’s performance, including detecting idle cameras that may need replacement or moving to a better position.
The idea of touchless systems has gained new levels of prominence during the last year, driven by the global COVID-19 pandemic. Contactless systems have been part of the industry’s toolbox for decades, while technologies like facial and iris recognition are finding new uses every day.
We asked this week’s Expert Panel Roundtable: Which security markets are embracing touchless, contactless systems and why?
Adoption of General Data Protection Regulation (GDPR) by the European Union in 2016 set a new standard for data privacy. But adherence to GDPR is only one element, among many privacy concerns sweeping the global security community and leaving almost no product category untouched, from access control to video to biometrics.
Because privacy concerns are more prevalent than ever, we asked this week’s Expert Panel Roundtable: What is the impact on the physical security market?
Many of us take critical infrastructure for granted in our everyday lives. We turn on a tap, flip a switch, push a button, and water, light, and heat are all readily available. But it is important to remember that computerised systems manage critical infrastructure facilities, making them vulnerable to cyber-attacks.
The recent ransomware attack on the Colonial Pipeline is an example of the new types of threats. In addition, any number of physical attacks is also possibilities. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting critical infrastructure?