Leica Geosystems, part of Hexagon, is showcasing the Leica BLK247, a real-time reality capture sensor for building security and operations, that was announced at HxGN LIVE. Part of the BLK product line, a collection of reality capture, scanning, and photogrammetry hardware and software, the BLK247 uses LiDAR, 3D digital fencing and continuous scanning to monitor buildings and spaces 24 hours a day, 7 days a week. BLK247 real-time reality capture sensor The BLK247 is an intelligent device that...
Ping Identity, global provider of identity defined security solutions, has announced updates to its data governance solution, PingDataGovernance, to better manage data security and privacy requirements for APIs and user profiles. Today’s enterprises manage many different APIs on average, meaning sensitive consumer data like banking information and healthcare records are increasingly vulnerable. This rapid growth of APIs and third-party API traffic necessitates fine-grained data protection...
Digital Defense, Inc. has announced the availability of its Frontline.Cloud integration with Attivo Networks, the award-winning leader in deception for cybersecurity threat detection. Digital Defense’s Frontline.Cloud vulnerability management and threat assessment platform identifies high-risk/critical assets with business context that are highly vulnerable to exploits, remain unpatched, are unpatchable or have already been infected in real-time. Integration with Attivo Networks Frontlin...
From June 11th to 13th Gradiant has an important appointment in London. For a few days, the city is becoming the capital of identity recognition technologies to transact in a seamless, yet secure manner. Identity Week is the largest technology fair focused on the concept of identity in Europe and this year brings together more than 3,000 international industry actors in three world-class events: Digital:ID, Planet Biometrics and Security Document Week. Forensic and face recognition solutions I...
Inner Range’s access control system, Inception has been upgraded with a dedicated app and the ability to integrate with the Milestone Access platform. Inception access control system Inception is Inner Range’s powerful yet budget-friendly access control and security alarm system. New and existing customers can now use the Sky Command App to control access remotely. It allows interactive control and live status of areas, inputs, doors and outputs as well as simple or multimode area...
Craig Birch, Product Category Manager at UNION, outlines what the new grade 5 for BS 8607 includes, why it has been introduced and the benefits that it can help deliver. At present, mechanically operated push button locksets are not typically security products, but rather access control ones. For example, think about the last time you went to your local doctor’s surgery. No doubt there will have been a lock on the door behind the receptionist, protecting the sensitive information they hol...
Ping Identity, global provider of identity-defined security solutions, has announced its capabilities framework and practical guidance for adopting a Zero Trust security strategy. This framework provides reliable direction to companies in any stage of the Zero Trust maturity process to help enable a broad range of use cases and technology integrations. It also includes innovative ways to support secure access to anything, by anyone, from anywhere on any device. Zero Trust security strategy The Ping Identity model provides numerous starting points for architecting Zero Trust security within the realms of strong authentication, endpoint security, network security, workload security, data security and transaction security. In addition, Ping offers guidance ranging from advising security leaders on the transition process to Zero Trust, to providing security practitioners paths to configure key Zero Trust elements, starting with strong identification and authentication. Ping has established multiple partnerships to support its Zero Trust framework In fact, Ping has established multiple partnerships to support its Zero Trust framework and continues to develop this network of technology partners to serve the security needs of enterprise digital transformation projects, such as multi-cloud deployments, secure partner access and API first initiatives. Some of the companies that Ping Identity has partnered with to establish Zero Trust include ID DataWeb, iovation, a TransUnion company, and MobileIron: “Zero Trust is all about verifying that your users are who they say they are – both upfront, and on an ongoing basis,” says Matt Cochran, VP of product & operations for ID DataWeb. “The key to adoption is taking an approach that does not sacrifice user experience by finding the right balance of strong upfront identity verification, passive environmental risk analysis and adaptive MFA challenges. Ping Identity and ID DataWeb’s combined solution allows companies to establish a strong Zero Trust foundation on top of their existing identity investments, which is key for success.” When done right, Zero Trust security can minimise both risk and friction for good customers, and that’s just what the partnership between Ping Identity and iovation accomplishes,” said Jon Karl, EVP of corporate development and co-founder at iovation. “Our joint customers have the ability to leverage thousands of attributes to accurately recognise devices and assess their trustworthiness while also watching for mismatches and high-risk activity from specific time zones, regions and IP addresses.” “Our partnership with Ping Identity allows us to augment the single-sign on experience in a mobile-friendly way that brings Zero Trust security to all devices,” said Brian Foster, SVP of product management, MobileIron. “This mitigates the risk of corporate resources being accessed from mobile and desktop devices and ensures that all devices, applications, users and networks meet compliance requirements through zero trust principles." Adopting digital transformation initiatives The company recognises that organisations embarking on digital transformation initiatives are in various stages of Zero Trust maturity. This means providing different types of secure access, each of which has a distinct set of security requirements. To learn more about the Ping Identity Zero Trust framework, listen in to several upcoming webinars and recordings: The recording of ‘How to Broaden Enterprise Security with Zero Trust Access’ shares how Zero Trust adoption can benefit security and business leaders, while providing an overview of common challenges and where to get started on a Zero Trust journey. The recording of ‘Zero Trust and Building Identity for an Open Perimeter at Netflix’ provides a concrete example and discussion of how a cloud-first company has applied principles from the Ping Identity Zero Trust model toward making identity the new security perimeter. The recording of ‘How to Architect API Security for Zero Trust’ offers deep guidance on common API vulnerabilities and ways a Zero Trust approach can fill the gaps. The June 11 webinar ‘CIAM Assessments, Blueprints and Roadmaps for Zero Trust Security’ will explore the role of identity in Zero Trust deployments and how an assessment can help enterprises understand which capabilities are required to enable secure employee, partner and customer access.
Sepio Systems, which is disrupting the cyber-security industry by uncovering hidden hardware attacks, is gaining momentum in the U.S. after adding an important new customer and channel partner – the Integrated Security Solutions business unit of Johnson Controls, and strengthening its advisory board. Mitigating hardware-based attacks Sepio offers the world's first end-to-end solution that detects and mitigates hardware-based attacks, including rogue peripherals, invisible network devices, and manipulated firmware. The company’s Sepio Prime, which is a software-only solution, has been successfully deployed in over 20 mid-sized to large banks, insurance, and telecom companies in the U.S., Singapore, Brazil and Israel. The deal with Johnson Controls is bringing the technology to additional sectors. Sepio offers the world's first end-to-end solution that detects and mitigates hardware-based attacks Over the past months Tyco Integrated Security, now part of Johnson Controls, has been installing Sepio’s Rogue Device Mitigation solution on the premises of its customers. Sepio Prime helps Johnson Controls’ customers utilise sophisticated intelligence and hardware fingerprinting technology that is capable of rapidly and accurately detecting manipulated peripherals, transparent network devices and firmware vulnerabilities. Importance of cyber and data security The growing interest in Sepio’s product is the result of an unprecedented rise in cyber-attacks and data breaches caused by the ease of obtaining attacks tools that were until recently only available to governments. “Johnson Controls is a leading systems integrator in the security field and our connection with them will open up a new market for us,” predicts Yossi Appleboum, CEO of Sepio Systems Inc. Until recently Sepio had mainly focused on the finance and telecom sectors, but Appleboum notes that the “partnership with Johnson Controls and their network now exposes Sepio’s technology to hundreds of new clients in the North American market.” Intelligent solutions major Tyco Integrated Security was acquired and integrated into Johnson Controls Tyco Integrated Security was acquired and integrated into Johnson Controls, a global leader in the field of intelligent buildings, efficient energy solutions and integrated infrastructure. As part of Sepio’s effort to expand its U.S. presence, Suzan Zimmerman has joined the company’s advisory board. Zimmerman has worked in senior positions for numerous companies in the IT field including CACI International Inc., QinetiO North America Inc. and Science Applications International. “It is an honor to be part of an organisation whose focus is protecting our mission critical systems. As our cyber threats become more complex, we must become more vigilant in evaluating the severity of the consequences, should we not be able to detect the intrusion at the source.” said Zimmerman. “With Sepio's technology implemented into corporate and governmental cyber tool kits, the protection of the agencies’ information will increase exponentially.” Suzan Zimmerman is the President and CEO of Strategic Capture Group, which focuses on helping companies to market, capture and win business in the government sector.
Many Euralarm members and other interested people gathered on May 13th, 2019 in Madrid for the annual Euralarm Symposium. It was the moment that Euralarm presented its priorities and challenges for the upcoming years. General Director Paul van der Zanden introduced Euralarm’s new strategy document for 2019 to 2024 to the audience by putting it into perspective with the developments within Brussels. Fire safety and security industry There is so much going on in Brussels that is not communicated. Members of Euralarm are European citizens, whose profession in fire safety and security has made them leaders in their business based on knowledge. Their leadership is underlined by trusted and proven partners like Orgalim, CEN, CENELEC and key stakeholders from the EU, such as several Directorates General. The world in which Euralarm operates and especially the part that is involved in standardisation is complex. The world in which Euralarm operates and especially the part that is involved in standardisation is complex And apart from the complexity there are big changes going on in the field of technology and economy that shake up the world of standardisation. Think of cybersecurity or artificial intelligence and it will be clear that associations like Euralarm need to act in a swift and decisive way. Based on its current position and on the strategic objectives of the association a number of priorities and challenges have been defined for Euralarm in the new EU legislative period 2019 to 2024. They are based on Europe-wide cooperation and will enable Euralarm to maintain and further improve its position in Europe. The four priorities and challenges were topic of the opening presentations that were held by Lance Rütimann, Chair of the Fire Section, Peter Massingberd-Mundy, member of the Fire Section and involved in many of the standardisation activities of Euralarm, Jon Koenz, Chair of the Services Section and Dominique Taudin, Chair of the Advocacy Committee. Lance Rütimann’s presentation focused on Innovating through Research Fire safety solutions for life safety Lance Rütimann’s presentation focused on Innovating through Research. He opened his presentation with a philosophical view – the Socratic Paradox - that there's a wealth of knowledge in so many areas, but yet we have still so much to learn. That is what research is all about: helping us to understand things and see behind the curtains for new solutions. What has that to do with the association's priorities? Our industry wants to stay leader in our business. That requires research, collaboration and cooperation. Our industry wants to stay leader in our business, which requires research, collaboration and cooperation We have to stimulate others to bring their support to the table. Together, we can identify the opportunities and understand the risks of emerging technologies. It requires investigating common challenges in the application of fire safety and security solutions to gain new insights on protection of life and assets in buildings. Therefore, we should also examine which qualifications, skills and expertise are needed in our industry and act on the findings. In order to make that happen, Euralarm urges the EU institutions and research bodies to work together. By developing partnerships between industry, testing houses, universities and research institutes priority areas could be identified more easily, and efforts coordinate more seamlessly. It would enable all parties to maximise the potential of EU research programmes under Horizon 2020 and its successor. Fast, flexible products standardisation Peter Massingberd-Mundy took up the gauntlet of talking about fast and flexible standardisation. The title may seem to encompass both a contradiction and an oxymoron, but standards are at the core of everything we do. With a world that becomes more and more connected, standards need to allow for this connectivity as well as being well connected and clearly structured in themselves. Robust standards for products and services are at the heart of our industry’s success but to continue serving the interests of customers, society and the industry, a faster and more flexible standards-setting system is needed. Peter Massingberd-Mundy took up the gauntlet of addressing fast, flexible standardisation A system that is agile and accommodating of technical changes and innovations will help Euralarm members and other parties to respond rapidly to customers’ demands and deliver the highest levels of safety and security to citizens. This would put European companies on the best footing to serve global markets. Such a fast and flexible standards-setting system requires close cooperation between the key players — Euralarm, European Commission, standards organisations, approval bodies and other organisations — who together can write the standards that will deliver the highest quality products and services as efficiently as possible. Furthermore, Euralarm urges the EU institutions to work together to deliver an efficient system that responds to market needs. Among the areas where progress would be required over the next five years are the setting, improving or extending of standards; for interoperability between building systems, between remote services, for the residential market (e.g. combining security and home-assisted systems) and for the competency of personnel and the quality of the services they provide. Cybersecurity, IoT and AI Whether active in fire safety or security, the building and construction industry or process automation: digitalisation is all around us Whether active in fire safety or security, the building and construction industry or process automation: digitalisation is all around us. It has an impact on our industry but also offers opportunities and challenges. How to seize these opportunities of digitalisation was the topic of the presentation that was given by Jon Koenz. Digitalisation is already having a huge impact on our industry and this trend will continue to grow in the future. New technologies such as cybersecurity, the Internet of Things (IoT) and Artificial Intelligence (AI) will drive this trend to become more and more crucial for our sector. All participants in the value chain need to be sensitised to the importance of increasing resilience in the face of cyber-attacks. At the same time, the potential of AI needs to be carefully assessed to maximise opportunities this technology offers. That is only possible when knowledge partners such as Euralarm and EU institutions work closely together. That cooperation will allow them to make rapid progress on a Europe-wide voluntary certification mark (quality label) that shows that all reasonable protection measures against cyber-attacks have been taken. That cooperation is also needed to advance work on standards for cybersecurity, IoT for fire and security systems and Building Information Modelling (BIM). Last but not least, the parties involved should cooperate to promote education as an investment in the future. Dominique Taudin discussed the current landscape for testing and certification of fire products Fragmented certification landscape The fragmented landscape for testing and certification of their products and services was the topic of the presentation of Dominique Taudin. Since Euralarm members are facing this landscape they are charged with higher costs since they have to submit multiple applications in several countries for the same product or service. But there are more than just costs. There is also the risk of having an inconsistent approach to testing and certification across the EU. This situation could be improved by the introduction and use of pan-European testing, auditing and certification processes. Not only would it reduce administrative burdens but also save costs for fire safety and security companies, many of which are small- and medium-sized enterprises. It would also help achieving real EU’s single market for fire safety and security. But there is also another, perhaps more important aspect when it comes to the future of European companies. Euralarm calls on stakeholders to intensify work between leading laboratories on MTRA A European wide process would allow companies to avoid uncertainty and encourage investment if they only had to submit their products and services for testing and certification to a single authority. To turn this fragmented landscape into a uniform and organised environment Euralarm wants to cooperate closely with EU institutions, test laboratories and certification bodies. It should result in achieving consistent, objective and repeatable processes for testing across Europe and, over the longer term, developing a single testing and certification scheme for electronic security equipment. Multilateral Test Result Recognition Agreements In the short term, Euralarm calls on stakeholders to intensify work between leading laboratories on Multilateral Test Result Recognition Agreements (MTRA). Fore services, the transition process from a fragmented to a consistently organised environment will require a better exchange of information about national training and certification schemes for the personnel involved in planning and design, engineering, installation and hand over, maintenance and repair of fire safety and security systems. Keynote speaker during the Euralarm Symposium 2019 was Alberto Garcia-Mogollon, Head of Innovation Policy of BSI. He took the visitors on a 'tour' during his presentation on building confidence and accelerating innovation through standardisation. With a new generation of products and services requiring the integration of complex, digital technologies and new production processes that need to scale up at faster rates the role of standardisation is expanding rapidly. It fulfils the ever-increasing need to demonstrate confidence in performance. Alberto Garcia-Mogollon spoke about a strategic approach to reaping the benefits of standardisation Reaping the benefits of standardisation To maximise the benefits from standardisation, Alberto proposed to have a strategic approach. The type of standards may vary according to the maturity and nature of technology and the industry sector where it applies to. The standards process itself should be agile. With the right value proposition based on outputs and services a fit-for-purpose set of standards can be developed to be used across industries with different characteristics. Alberto proposed a process of fast iterations with faster development times and publication schedules To maximise the value from and creating value for the communities engaged in standards development there should be a collaborative approach toward the content development. And by creating a state-of-the-art environment for standards development, the efficiency, speed and ease of use are ensured. In relation to the needs of innovative industries, Alberto proposed a process of fast iterations with faster development times and publication schedules for each iteration, an output that is designed to elicit feedback and discussion and enhanced feedback from the user community to aid development, improving speed and quality. Self-regulating autonomous standards Important to remember: the future of standards is digital, with self-regulating autonomous standards fed in real-time by data from 'smart' devices, potentially connected to smart contracts, e.g. leading to continuous conformance or regulatory audit. For accelerating innovation through standardisation, it is important that both the technology landscape and industry needs are understood and that coordination across fragmented international knowledge networks is realised. Also, innovators should be educated on the role and value of standards while mechanisms should be developed to encourage participation of end users and SME’s and enabling public participation and oversight.
UK security fencing manufacturer Jacksons Fencing has expanded its hostile vehicle mitigation (HVM) range by adding the Impakt Defender temporary HVM barrier by Rosehill Security, renowned global provider of engineered rubber perimeter security products and ballistic solutions. Jacksons Fencing now has exclusive rights within the UK for both direct sales of the innovative barrier, as well as hire markets. Impakt Defender HVM barrier Impakt Defender is IWA-14 rated, capable of stopping a 7.2 tonne N2A lorry travelling at 30 mph Combining a large footprint and unique shape, Impakt Defender is IWA-14 rated, capable of stopping a 7.2 tonne N2A lorry travelling at 30 mph. The barrier is also accredited by Secured by Design. It’s the first HVM product in the Jacksons range that requires no foundations, enabling it to be quickly installed across all types of sites. Individual units weigh in at 430 kg and are manufactured from 100% recycled rubber bonded with polyurethane for strength. Steel security fence panels Additionally, Jacksons Fencing’s steel security fence panels can be mounted above the barriers to provide increased perimeter security. An ideal physical and visual deterrent, the combination can be rapidly deployed for temporary or permanent security installations, helping to protect people, buildings and infrastructure from hostile vehicle attacks. Cris Francis, Jacksons Fencing Security Consultant, says: “The UK and other parts of Europe are experiencing a worrying increase in vehicle-as-weapon attacks. Consequently, we’re seeing a growing demand for HVM measures as they become an integral part of physical security strategies. A high-quality and tested product, Impakt Defender is an excellent addition to our existing HVM range, offering our clients increased flexibility and versatility.” Securing public spaces Securing public spaces is a high priority for businesses and government organisations" Dalton Marshall, Sales Manager at Rosehill Security, comments: “Securing public spaces is a high priority for businesses and government organisations, with effective HVM solutions now more in-demand than ever. We are delighted to partner with Jacksons Fencing who are well known for their expertise in perimeter security. We’re confident that Impakt Defender will be a valuable addition to Jacksons’ extensive range of products, providing increased scope to protect people and places.” Impakt Defender joins a wide range of HVM products available through Jacksons Fencing, including bi-folding speed gates, static bollards and cable crash fences.
Paxton has launched a new web-based user interface for its market-leading access control system, Net2. Net2Online web-based interface Net2Online makes Net2 accessible from any device with an internet connection, giving users ultimate flexibility and ownership of the system – wherever they are. It comes as a free feature with Paxton’s Net2 Pro software. This ensures Net2 Pro is futureproofed, while making site access for users even easier. Five useful features will allow users to manage their building from any device, in any location – open doors, add and manage users, run roll call, monitor events and create reports. Key Net2Online features include: It’s quick and easy to get started - there is no need to install additional software if you have an existing Net2 Pro system. It has an improved layout – a smart, simple look and feel, with responsive interface and quick navigation. It now covers all major Windows operating systems and is compatible with Google Chrome, Safari, Microsoft edge and Mozilla Firefox. It’s included free of charge to new and existing Net2 Pro users. Net2 Pro software solution Net2 Pro is Paxton’s advanced version of its free Net2 Lite software Chris Wrench, Product Manager, said: “We’re continually futureproofing our systems and Net2Online gives our users even more choice to manage their sites. With Net2Online, installers can be confident they’re providing a solution that is smart and simple to use and will meet the needs of end users long into the future. We’ve also taken onboard feedback from customers who said they wanted a system that could be accessed by any device and from any location. Net2 Pro users now have the flexibility to manage their system in a more convenient way, at no extra cost.” Net2 Pro is Paxton’s advanced version of its free Net2 Lite software. It has all the capabilities of Net2 Lite software with advanced features.
KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year. Cybersecurity and cyber threat mitigation The finance industry demonstrated an overall healthy improvement in culture from 2017 According to the 2018 Cybersecurity Culture Report, 95 percent of organisations see a gap between their current and desired organisational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimise cyber risk and improve security culture is key. The 2018 Security Culture Report shows the value of being able to measure culture, helping organisations to demonstrate the effectiveness of their organisational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline. CLTRe Toolkit and Security Culture Framework CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organisations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behaviour. CLTRe measures the seven dimensions of security culture: behaviour, responsibilities, cognition, norms, compliance, communication and attitudes. Quotes by industry experts: Stu Sjouwerman, CEO, KnowBe4 “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters – their security culture – so they can make decisions about how to improve. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family and to enhance our European presence while supporting more global customers.” Kai Roer, CEO, CLTRe “KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organisations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.” Perry Carpenter, Chief Evangelist & Strategy Officer, KnowBe4 “From my former life as a Gartner analyst, I have a strong appreciation for evidence over opinion, which is what CLTRe gives to its clients in the form of a data-driven examination of their security culture. To change user behaviour and address awareness, we have to understand and change security culture. CLTRe gives organisations the tools to understand where they are today so they can get to where they want to go tomorrow.” Espen Otterstad, CISO at Abax (CLTRe customer) “Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organisation through training and phishing tests and manage our security culture program while proving ROI.”
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
There’s only so much a corporation can do to counteract the threat of a major incident. You can ask everyone to be vigilant and to report anything suspicious, but you cannot stop someone intent on deliberately starting a fire, threatening a work colleague with a knife or something much worse. And of course, most businesses recognise that even routine events – such as burst pipes, IT system failures, extreme weather event or power outages – can have significant consequences unless they are quickly brought under control. Training security officers Governments and organisations across the world are increasingly encouraging businesses to re-assess risks and to plan for and conduct drills for major emergencies. This is driving different agencies and companies to invest in new skills, resources and systems, and encouraging businesses to routinely re-evaluate their emergency response strategies. UK police forces are increasingly training security officers in the public and private sectors on how best to react to potential terrorist incidents For example: UK police forces are increasingly training security officers in the public and private sectors on how best to react to potential terrorist incidents, as part of the UK government’s Action Counter Terrorism programme. And organisations including the Association of University Chief Security Officers (AUCSO) and Higher Education Business Continuity Network (HEBCoN) are developing customised training for their members to improve their own response and business continuity plans. Mass notifications systems Whether an organisation is facing a terrorist attack or a severe weather event, follow up reports consistently identify that the same types of challenges are common to all crisis situations, with similar errors often occurring again and again. Typically, these are centred on three key areas: poor communications, fractured command and control structures, and delayed deployment of resources. Communications skills and technologies clearly play a pivotal role in how effective an organisation is in responding to major incidents, particularly when it comes to assessing the situation and its implications, moving people towards safety and providing updates as an incident unfolds. However, when an organisation is considering its technology options, emergency response and mass notification systems (MNS) are often touted as the ideal platform to deliver all the required critical communications and ongoing updates. UK police forces are increasingly training security officers in the public and private sectors on how best to react to potential terrorist incidents Emergency notification system All the incident reporting, command and control, and communications functions have been brought together on a single platform But, if an organisation does not know exactly where all its staff or students are, and it cannot see the location and availability of its first responders and other emergency coordinators relative to them and the incident, then how useful is it to send a top-down alert to everyone? And what about fast moving or multi-centre incidents, where previously agreed evacuation procedures, recommended actions or mustering points may need to change if an incident takes an unexpected turn? Many organisations may have been lulled into believing that an emergency notification system will allow them to confidently handle all the communications aspects of virtually any crisis. In reality, too many businesses are still unaware that there are now much more sophisticated and proven technologies where all the incident reporting, command and control, and communications functions have been brought together on a single platform. Using live map tracking The benefit of using these advanced and more integrated approaches – often categorised as mobile distributed command and control systems – is that they enable faster and better decision making in a crisis using real-time feedback and two-way dialogue with those closest to the emergency. And they avoid the risks of any potential delays, miscommunications or mistakes that can happen when an organisation is under pressure to respond and often switching between multiple systems. Leading universities and multi-national corporations are already using new mobile/web-enabled platforms to improve their incident response These next generation emergency management platforms have been specifically designed to enable real-time mapping of an organisation’s security assets and its users on a single screen and to fully integrate it with a highly targeted geo-fenced notification capability. The mass notification aspect of the system can then be used to advise specific groups on the best actions to take at their location as an incident develops. The use of live map tracking enables real time mapping of an organisation's security assets Segmented messaging Many leading universities and multi-national corporations are already using these new mobile/web-enabled platforms to plan, manage and improve their incident response, leading to 50% faster reactions and more positive outcomes.During a crisis, users can receive push notifications so the security centre can immediately see their exact location and advise them accordingly The systems have been widely adopted within the higher-education sector, but they are equally applicable to any large company with multiple international sites or those situated in research or corporate campuses where the bulk of assets and people are based in one or more key locations. Typically, systems provide users with a smartphone app that they can use to call for immediate emergency or first aid support when at work, or to report something suspicious which could prevent an apparently minor incident from escalating into a full-scale emergency. During a crisis, users can receive push notifications, SMS and E-mails asking them to open the app if they are not already logged in, so the security centre can immediately see their exact location and advise them accordingly. Supporting dispersed mustering Now that communications can be more nimble, responsive and flexible this can support the increasing numbers of planners are recognising the advantages of dispersed mustering. This is a strategy that has been developed to reduce the risk of secondary attacks on unprotected people complying with instructions to evacuate from premises and gather in what are, effectively, exposed locations. It is now acknowledged that evacuees waiting outside for any length of time are more vulnerable to targeted attacks or to injury, from flying glass for example. With dispersed mustering – a strategy made more effective by these new mobile distributed command and control systems - a building’s occupants can be advised not to go outside, but to move to known safe internal locations. People in each specific area can then be kept regularly updated. Many corporations are now using new mobile/web-enabled platforms to improve their incident response Coordination between response agencies The software platforms can be integrated with an organisation’s fixed security infrastructure to take real-time sharing of information First responders are permanently logged in, so the emergency operations centre can see their exact locations in real-time and can advise what actions to take in mustering people or in setting up and protecting security cordons. Bringing everything together on one platform, with real-time feedback and in a fully integrated system also removes what is often seen as the weakest communication link in managing any major incident: the need to rely on conventional two-way radio as the sole means of communication between the command and control centre and its first responders and other team members on the ground. The software platforms can be integrated with an organisation’s fixed security infrastructure to take real-time sharing of information to a new level for improved collaboration, coordination and communications between users, the incident management team and external agencies. Improving emergency response strategies One of the most powerful features of some of these new systems is the ability to record and view all alerts, responses and the detailed conversations between first responders, emergency coordinators and other parties. This allows the systems to be used to simulate major incidents involving inputs from the emergency services and other key agencies and to ensure the organisation’s crisis management plans have been fully tested against a range of possible incident scenarios.
Video surveillance across the world is growing exponentially and its major application is in both public safety and law enforcement. Traditionally, it has been fixed surveillance where cameras provide live streams from fixed cameras situated in what is considered strategic locations. But they are limited in what they can see given by their very definition of being "fixed." The future of video surveillance includes the deployment of more mobile video surveillance with the benefits it offers. Instead of fixed cameras, this is the ability to live stream from mobile devices on the move such as body-worn cams, drones, motorbikes, cars, helicopters and in some cases, even dogs!Sending drones into the air, for example for missing people or rescue missions, is much more cost-effective than deploying helicopters Advantages of mobile surveillance The advantage of mobile surveillance is that the camera can go to where the action is, rather than relying on the action going to where the camera is. Also, sending drones into the air, for example for missing people or rescue missions, is much more cost-effective than deploying helicopters. The ability to live stream video from cars and helicopters in high-speed pursuits can be used to take some of the operational issues from the first responders on the ground and share that “life and death” responsibility with the operational team leaders back in the command centre. This allows the first responders in the pursuit vehicle to focus on minimising risk while staying in close proximity of the fleeing vehicle, with direction from a higher authority who can see for themselves in real time the issues that are being experienced, and direct accordingly. In addition to showing video live stream from a pursuit car or motorcycle, by using inbuilt GPS tracking, the video can be displayed on a map in real time, allowing a command chief to better utilise additional resource and where to deploy them, through the use of displaying mapping information with real time video feed. It allows police chiefs to make better informed decisions in highly-charged environments. The 4G phone network can now be used with compressed video to live stream cost effectively Application in emergency situations The same is true of first responders in many different emergency situations. Mobile surveillance opens up a new area of efficiencies that previously was impossible to achieve. For example, special operations can wear action body-worn cameras when doing raids, fire departments can live stream from emergency situations with both thermal and daylight cameras, and paramedics can send video streams back to hospitals allowing doctors to remotely diagnose and prepare themselves for when patients arrive at the hospital. How can special operations and emergency first responders live stream video from a mobile camera with the issues of weight, reliability and picture-quality being considered? H265 mobile video compression Law enforcement insists on secure transmissions, and it is possible to encrypt video to the highest level of security available in the public domain The 4G phone network can now be used with compressed video to live stream cost effectively. The issue of course is that 4G is not always reliable. Soliton Systems has mitigated this risk of low mobile quality in certain areas, by building an H265 mobile video compression device that can use multiple SIM cards from different cellular providers simultaneously. H265 is the latest compression technique for video, that is 50% more effective than conventional H264, and coupling this with using multiple “bonded” SIM cards provides a highly reliable connection for live-streaming high-quality HD video. The 400-gram device with an internal battery can be connected to a small action cam, and can live-stream simultaneously over at least three different cellular providers, back to a command centre. Latency is typically less than a second, and new advance improvements are looking to reduce that latency further. Encrypted video transmission What about security? Law enforcement insists on secure transmissions, and it is possible to encrypt video to the highest level of security available in the public domain, i.e. AES256.What about integration into existing video infrastructure at the command centre? It is not untypical for a police force to have an existing video management system (VMS) at their command centre such as Milestone System’s Xprotect. The Soliton range of products are ONVIF-compliant, a standard used by video surveillance cameras for interoperability, allowing cameras and video devices that are ONVIF-compliant to simply “plug&play” into existing video management systems. These mobile transmitters are deployed with law enforcement and first responders across the globe. Their ability to provide secure, full HD quality and highly-reliable video streaming within a small unit, and to enable it to be integrated into the current eco-system that is already installed at the receiving end, has made them a favourite choice with many companies and government agencies.
While most security teams are focused on preventing malicious outsider attacks, recent data suggests that close to 30 percent of confirmed breaches today involve insiders. Today’s increasingly complex networks across physical, information technology (IT) and operational technology (OT) systems make it difficult for security teams to detect and prevent insider threats. This is compounded by the proliferation of data, devices, applications, and users accessing networked resources. Rising insider malicious attacks threat As the threat landscape evolves rapidly, CISOs need to step up their game According to the 2017 U.S. State of Cybercrime Survey, 50 percent of organisations experience at least one malicious insider incident per year. And the Verizon 2018 Data Breach Report found that close to 30 percent of confirmed breaches today involve insiders. In August 2018, a tragic crash involving a Seattle airplane stolen by an employee raised awareness for the need for physical insider threat awareness (as well as more psychological screening before employment). As the threat landscape evolves rapidly, CISOs need to step up their game, says Aamir Ghaffar, Director of Solutions Engineering at AlertEnterprise. They should implement security controls that protect their company’s people, physical assets, data, intellectual property, and reputation both inside and out. And they need to do it while simultaneously satisfying industry compliance requirements. In response to our questions, Aamir Ghaffar offered some additional insights on the timely topic of insider threats. Q: We are hearing discussion about the emergence of cyber-physical security systems. What are they and how do they help organisations address insider threats? Threats now originate not only in the physical space but also in cyber environments Ghaffar: The concept of convergence has evolved in response to risk and the overall threat landscape. Threats now originate not only in the physical space but also in cyber environments – this is what is commonly referred to as blended risk. These blended risks require a converged approach and a converged view of security as a whole; connecting data, building new capabilities and gaining new insights to allow security teams to better defend against attacks. Q: How are organisations responding? Ghaffar: They are shifting towards centralisation – from the security operations center all the way to the executive level, where one C-Suite executive manages all security across physical, IT and OT domains. According to Gartner by 2023, 75% of organisations will restructure risk and security governance to address new cyber-physical systems (CPS) and converged IT, OT, Internet of Things (IoT) and physical security needs, which is an increase from fewer than 15% today. Q: How does the shift impact insider threats? Ghaffar: Unifying cyber and physical unlocks powerful new capabilities. For example, cyber-physical teams faced with a threat such as an intrusive device planted within their network environment, can quickly connect the cyber footprint to a physical location – understanding where the threats originate and identify those responsible for bringing it in. Converging physical and cyber identity through platforms that connect physical access control, IT and OT systems is an example of how organisations can better prepare for blended security threats An AI-enabled automated system is the most practical and human error-proof solution today Q: How is AI being used to protect against insider threats? Ghaffar: With increased security convergence we are now collecting such a large volume of data that relying on manual detection of insider or external threats is no longer a viable solution. An automated system, powered by artificial intelligence used with digital identities, is now the most practical and human error-proof solution today. AI and machine learning (ML) technology helps organisations map complex patterns of user behavior, process tens of millions of events within seconds to detect threats in near-real-time and respond swiftly. This benefits security operations personnel to go from distraction to action, allowing them to focus on what really matters, which are their most critical security events. Q: Sometimes the threat is about human error. Oftentimes we think the most harmful insider threats are intentionalGhaffar: Oftentimes we think the most harmful insider threats are intentional; however, unintentional user behavior and negligence could have serious ramifications for an organisation. Organisations should deploy technology that delivers automation and active policy enforcement to prevent employees from making inadvertent yet critical errors. Organisations should also do regular risk assessments – not one and done. Don’t implement a process and think you’re secure. Automated identity and access management technology can provide scheduled access reviews to help detect high-risk user profiles with accumulated or a toxic combination of access, as well as segregation of duties violations due to department change or job transfers. Q: What are the biggest misconceptions about insider threats? Ghaffar: First, that the biggest threats originate outside my company. Or that insider threats are a problem for government agencies and highly sensitive organisations, not “regular” companies like us. A company may also mistakenly think that they have limited assets that could be exposed, or that the assets are of little value; therefore, a large-scale breach is less likely to happen. And even if it does, it probably won’t have a big impact. Risk management leaders should start by developing a compelling visionQ: So, they think “it can’t happen here.”? Ghaffar: Yes, and they think their employees are inherently trustworthy, and that with basic security measures in place, the risk is small. They think that insider threats are always intentional. Or they think “it’s not my job.” Q: What next steps should security leaders take in addressing insider threats in their organisation? Ghaffar: Security and risk management leaders should start by developing a compelling vision and strategy that will resonate with key company stakeholders. They can expand the visibility they have into user activity beyond things that happen on the network. Go beyond a data-centric approach to a people-centric approach through identity behavior analysis. Improving visibility into user activity and taking a more preventive approach are the best ways to manage risk of an incident. Develop an inside-out approach to security. By converging physical, cyber and OT security you’ll gain a holistic view of your enterprise-wide security landscape.
Among the cloud’s many impacts on the physical security market is a democratisation of access control. Less expensive cloud systems are making electronic access control affordable even to smaller companies. Cloud-based access control With the growing cloud-based access control market, integrators can find more opportunities in small businesses and vertical markets that typically wouldn’t be on the radar of their sales team. Large upfront costs for a server, software and annual licensing previously made a typical electronic card access system cost-prohibitive. With cloud access, integrators can offer less expensive upfront costs with low monthly subscription fees that cover all software updates, database backups, security patches and more. The benefit for the integrator is recurring revenue that increases their profitability The benefit for the integrator is recurring revenue. While helping clients save money on server, software and IT infrastructure costs, integrators secure recurring revenue that increases their profitability. Building recurring revenue not only provides cash flow but also keeps a manufacturer’s name on the top of the minds of customers and leads to additional sales. Mobile access Continued investment in mobile access and cloud technology is essential to meet the access control needs of the booming multi-family housing and shared office-space markets. Managing access control for end users and residents in these verticals is challenging. Use of mechanical keys in these environments is too expensive and time consuming; it’s necessary to deploy wireless, technologically-advanced solutions. Managing access control for end users in different verticals is challenging, thus it’s necessary to deploy wireless, technologically-advanced solutions While the security industry has traditionally been slow to adopt IT technologies, the cloud is the exception. Large IT industry cloud players such as Amazon Web Services, Microsoft, and Google are being used by security industry professionals to provide systems that are easier to install, maintain, and administer and are far more secure and less expensive than a customer can provide on their own. Advancing cloud technology Cloud technologies give people access through their mobile phones and other devices Enterprise customers increasingly want to be able to use smartphone apps to open doors, authenticate to enterprise data resources or access a building’s applications and services. They seek to create trusted environments within which they can deliver valuable new user experiences; in effect, there is a demand for “digital cohesion.” Cloud technologies are a key piece of the solution. They give people access through their mobile phones and other devices to many new, high-value experiences. At the same time, they help fuel smarter, more data-driven workplace environments. With the arrival of today’s identity- and location-aware building systems that recognise people and use deep learning analytics to customise their office environment, the workplace is undergoing dramatic change. Application programming interfaces Cloud-based platforms and application programming interfaces (APIs) will help bridge biometrics and access control in the enterprise, overcoming previous integration hurdles while providing a trusted platform that meets the concerns of accessibility and data protection in a connected environment. Cloud-based platforms, APIs will help bridge biometrics and access control in the enterprise “A big growth driver for the cloud is demand from enterprises that no longer look at access control simply for securing doors, data and other assets,” says Hilding Arrehed, Vice President of Cloud Services, HID Global, one of our Expert Panelists. “They want to create trusted environments within which they can deliver valuable new experiences to users. Cloud technologies make this possible by enabling people to use mobile devices for new applications and capabilities.”Cloud-based platforms and application programming interfaces (APIs) will help bridge biometrics and access control in the enterprise Cloud-based platforms For example, cloud-based platforms will provide the backbone for quickly adding complementary applications like biometrics, secure print, virtual photo IDs, and vending as well as other access control use cases and emerging permission-based capabilities yet to be developed. “Cloud-based platforms facilitate new managed service models for mobile IDs and secure issuance and will fuel simplified development environments and easy integration into vertical solutions,” says Arrehed. “They have the potential to give organisations greater flexibility to upgrade and scale security infrastructure, improve maintenance and efficiency, and accelerate ROI.”
Deploying security robots at a company is about more than providing and programming the hardware. There is also an element of “change management” involved in smoothing the way for robots to play a security role working side-by-side with human counterparts. Rising popularity of security robots As security robots increase in popularity, more companies are adapting to such cultural challenges "As security robots increase in popularity, more companies are adapting to such cultural challenges. Many Fortune 100, technology, finance and defense companies have begun using security robots, and some are asking to expand their implementation", says Travis Deyle, CEO and co-founder of Cobalt Robotics. "It is a complex solution that involves merging technology with people." “More people are looking at how they can deploy and test this technology, dipping their toes in the water,” says Deyle. “Financially the risk is low, but culturally it is pretty acute. It is a very visible piece of technology moving through your most sensitive spaces and interacting with employees.” Change management “Doing change management and addressing the cultural implications inside the company are the biggest challenges we face,” Deyle adds. “We have to make sure that people know what the robot is there for, what it does and how it helps them. There is a social contract between companies and employees about what information is being collected and how is it being used.” The technical onboarding of a robot is the easy part, says Deyle. “The robot goes in, maps out the space; it takes about an hour. The bigger part is the cultural onboarding.” The process involves working closely with the company’s communications team to manage how the use of robots is messaged throughout the company. Deyle suggests doing a Q&A event where employees can touch and feel the robot and get comfortable. “We tailor the interaction to the individual company,” he says. Importance of communication Communication with employees, tenants, clients, law enforcement, etc. is very important Communication with employees, tenants, clients, law enforcement, etc. is very important and, if done well, all goes smoothly, agrees William Santana Li, Knightscope Chairman and CEO. “Showing up with a 400-pound, 5-foot-tall autonomous robot, deploying it and not telling anyone what is happening is ill advised!” Knightscope also advises potential end users to identify clearly the areas of improvement needed in a security program to guide the deployment of robots. Beware of “Science Fiction Disease,” whose symptoms include unrealistic expectations or fears emanating from Hollywood depictions of robots over the years. Expectations should be spelled out: Keep ongoing and clear communications between the provider and the client, continuing to make improvements together. Future of robotics and AI Users should also think clearly through their source of funding, including the second and future years of an implementation. Communication is key, involving stakeholders from the CSO to facilities, purchasing to human resources, finance to the CEO. The future of robotics in corporate America is more than the development of the technology. Given advances in artificial intelligence (AI), sensors and software, the technology is the easy part. Thinking more broadly about how robotics can excel in the corporate environment – and make companies safer – is the next big obstacle on the path to effectively using the powerful technology.
Boon Edam Inc., globally renowned security entrances and architectural revolving doors manufacturer, has announced that a multi-story office building in London was recently refurbished to upgrade its existing Boon Edam revolving doors and optical turnstiles. Now adorning the entrance are two all-glass Crystal TQ revolving doors, accompanied by an array of slim Lifeline Speedlane Swing optical turnstiles in the lobby. Revolving doors, optical turnstiles Originally opened in 1980, Riverscape is a 63,000 square foot, multi-story office space located at 10 Queen Street Place. The modern development sits on the sought-after area of the River Thames, just minutes from the bustling area of Cannon Street Station. Recently, the building owners decided to upgrade the look and feel of Riverscape, incorporating the current trends of open atriums, flexible floor space and usable rooftop space. Project also included the replacement of legacy Boon Edam revolving doors and optical turnstiles with updated solutions The refurbishment project also included the replacement of legacy Boon Edam revolving doors and optical turnstiles with updated solutions. Leading the design of the renovation were architect Aukett Swanke; interior designer Barr Gazetas; and Overbury as main contractors. High-tech security entrances As is common with older entrance installations, Riverscape decided to renew its revolving doors and optical turnstiles to achieve a more modern look and feel, and to upgrade the associated technology. The client returned to Boon Edam when selecting their new entrance solutions. At the main entrance to the office space, the existing TQM manual doors were replaced with two, tall Crystal TQ revolving doors. Constructed virtually completely from glass with minimal stainless steel accents, the Crystal TQ accentuates Riverscape’s all-glass façade, providing an elegant and timeless entry experience for all employees and guests. Lifeline Speedlane Swing In the main atrium space, the original Speedlane 900 optical turnstiles were upgraded to the new Lifeline Speedlane Swings. The Speedlane Swing combines security with aesthetics and is particularly popular because it features the slimmest cabinets in the industry – only four inches wide. To enhance security at the facility, Riverscape wanted a solution for monitoring and managing visitors to the office space. To enhance security at the facility, Riverscape wanted a solution for monitoring and managing visitors to the office space To achieve this, they decided to integrate the Lifeline Boost access control pedestal with their Speedlane Swing optical turnstiles. The Boost attaches to the end of the Swing and allows for integration with a variety of access control technologies, such as biometric devices, card collectors and barcode scanners. Integrated technology Employees enter the work area by scanning their credentials at the turnstile itself, while guests are issued a temporary access card with a special barcode that is scanned at the Boost pedestal. The Boost retains the card, enabling the reception staff to eventually reuse that card for future guests. “Using our barcode scanners, visitors can book in with reception, receive an entrance card and badge in and out conveniently through the lanes,” says Boon Edam Limited’s Field service Sales Executive, Graham Coulter.
W Group is one of the foremost developers of premier office buildings in Manila, the capital of the Philippines. In the financial district of Bonifacio Global City, W Group recently completed two state-of-the art office buildings: The 25-story Citibank Plaza building offers 50,000 square meters of offices spaces, while the 29-story W City Center boasts 55,000 square meters of offices plus three stories of retail space. Citibank occupies the entire Citibank Plaza building, while W City Center is home to a range of local and internationals enterprises. Every tenant has different needs in terms of floor plans: Call centers require open spaces while other businesses divide entire floors into individual offices. Centrally-managed fire alarm system Bosch experts installed advanced optical smoke detectors – 2,000 units at Citibank Plaza and over 1,300 at W City Center Putting the safety of tenants first, security managers at W Group needed a fire alarm system that allowed for central management of each building in its entirety while accommodating unique tenant safety needs. They commissioned Bosch Philippines to equip Citibank Plaza and W City Center with a seamless interface of fire detection and public address systems in a scalable solution. At both locations, Bosch experts installed advanced optical smoke detectors – 2,000 units at Citibank Plaza and over 1,300 at W City Center – for quick and accurate fire detection, supplemented by heat detectors and manual call points. Connected to the Modular Fire Panel 5000 Series, the number and positioning of detectors can be adjusted and expanded flexibly to meet every tenant’s floorplan. IP-based fire safety system The IP-based system provides full visibility to operators: Each building floor is defined as its own zone, while addressable smoke detectors report the exact location of a fire down to a specific room. For ease of maintenance, the advanced detectors perform constant self-monitoring and send cleaning or replacement alerts to the Modular Fire Panel 5000 Series. At Citibank Plaza, the solution is part of the Building Integration System (BIS) from Bosch, allowing operators to use the BIS Automation Engine as the graphical user interface for monitoring and control of alarms on a single platform. The system features Smart Safety Link – a superior interface between the fire alarm system and the Plena Voice Alarm System (VAS) from Bosch. This secure interface can be set up and configured in a matter of minutes through the RS232 connection (serial interface standard). By comparison, creating a point-to-point connection for ten evacuation zones would require up to two hours. Smart Safety Link Combination of fire alarm and voice instructions achieves time for emergency responders The Smart Safety Link achieves an added level of security: In case of fire or emergency, operators can conduct an evacuation by zones in order of priority. Evacuation starts with occupants closest to the threat – building occupants are addressed over separate loudspeaker zones – then moving on to adjacent floors for a highly effective approach to an emergency. Plena Voice Alarm System (VAS) The Plena VAS provides clear pre-recorded voice instructions supported by coordinated horn and strobe alarms. This combination of fire alarm and voice instructions achieves time for emergency responders. Meeting the requirements of the developer, the interfaced Bosch system has proven an asset at Citibank Plaza and W City Center. The flexible and modular system is easy to expand and adjusts to changing tenant needs, while the seamless interface between fire alarm and public address creates a complete safety chain from earliest detection to orderly evacuation.
With roots dating back to the year 1948, Italian pharmaceutical company Alfasigma is dedicated to advancing the state of healthcare under the company motto, ‘Pharmaceuticals with Passion’. Headquartered in Bologna, the multinational corporation was created in 2017 by the merger between Alfa Wassermann and Sigma-Tau. As a result, Alfasigma now employs about 3,000 people and markets a wide range of therapeutic drugs in 18 countries including the US, China, Russia and several European countries with annual revenues of EUR 1.06 billion. In order to keep up with the company’s ongoing evolution while emphasising building protection, Alfasigma decided to update the infrastructure of its corporate offices in Milan and Bologna. This large-scale remodelling project also required updating the fire alarm, intrusion detection and video security systems at both facilities to the highest standards. Security cameras for outdoor surveillance On the exterior of the buildings, FLEXIDOME IP starlight 7000 VR cameras were installed to provide 24/7 securityAssuming a long-term perspective, Alfasigma management headed into the project with three key requirements: First, saving cost by refurbishing already installed system components such as intrusion and fire alarm detectors. Second, accommodating for future building expansions and saving additional costs by installing a future-proof and scalable system. And third, adding around-the-clock security to the building’s exterior through modern security cameras built for outdoor use. For this reason, Alfasigma commissioned Bosch as the one-stop provider to equip the Milan office – home to the International Division – as well as corporate headquarters in Bologna with an IP-based solution. The video security set-up includes high-definition DINION IP 5000 HD cameras connected to recording stations and offering 1080p resolution images at 30 fps. On the exterior of the buildings, FLEXIDOME IP starlight 7000 VR cameras were installed to provide 24/7 security. Recording at 1080p and 60fps, the cameras incorporate starlight technology to deliver relevant images even in challenging light conditions. Extremely weather-resistant, water-tight and able to withstand high impacts, the cameras are highly suited for outdoor use, confirmed by IP66, NEMA type 4X and IK10 rating and installation in mission-critical environments such as airports and government buildings worldwide. MAP 5000 installed with LSN detectors The new fire alarm system is interfaced with the voice alarm system Plena via Smart Safety Link“The video surveillance products are excellent and have impressed me the most. We are very satisfied, above all, with the high quality of the products,” said Stefano Borsarini, Facility, Maintenance and EHS Manager at Alfasigma facilities in Bologna and Milan. The cameras are supplemented by the intrusion panel Modular Alarm Platform MAP 5000 installed with LSN detectors – a large portion refurbished from the legacy system – to safeguard Alfasigma’s offices at night. Fire alarm is provided by the Modular Fire Panel 5000 Series with four loops, processing signals from 190 fire alarm detectors and 28 manual call points. The new fire alarm system is interfaced with the voice alarm system Plena via Smart Safety Link thus optimising the operational security via a monitored connection. Successfully installed and customised according to client specifications, the Bosch fire alarm, intrusion detection and video security solution maintains the safety of Alfasigma’s employees and property at both sites. It also fulfils the key customer requirement of accommodating for future expansions in a modular, IP-based system that is able to keep pace with Alfasigma’s rapid evolution as an innovative multinational company.
IndiaNivesh is one of the leading financial services conglomerate in India. IndiaNivesh is into various aspects of investment banking and consulting business. It plans to emerge as a dynamic, customer-centric, and progressive financial group in the country with PAN India presence. Having its head office in Mumbai, IndiaNivesh is growing with eight regional offices and 29 branch offices across India. Project specifics Application: Time-Attendance and Access Control Locations: 32 (PAN India) Users: 500 Units Installed: 60 Readers: Fingerprint and RFID Card IndiaNivesh being widely involved in financial services business with 29 branch offices and 8 regional offices across India, required eradication of forged attendance data and manual attendance process, as security is a crucial aspect for them. To streamline and manage attendance data of all employees accurately and perform calculation of error-free salary has been a tedious task. It has been challenging to integrate their existing payroll software with the time-attendance software. COSEC time-attendance solution Matrix offered COSEC time-attendance solution helped in connecting all its regional and branch offices to their head office in Mumbai Matrix offered COSEC time-attendance solution which has web-based architecture and helped in connecting all its regional and branch offices to their head office in Mumbai. Implemented automatic salary calculation as Matrix COSEC time-attendance software got easily integrated with existing payroll software. Result Real-time attendance of all employees at a centralised location Integration with its existing payroll software Ease of Implementation using the existing infrastructure Fraudulent timekeeping is completely eliminated Accurate In/Out time of each employee recorded Live monitoring of In/Out timing Generation of time-attendance and access control reports and charts for all branches Improved overall productivity of the organisation Continuous operations with excellent service support Biometric access control solutions COSEC DOOR FOP - Optical fingerprint-based door controller for access control and time-attendance COSEC DOOR CAS – Card-based door controller for access control and time-attendance COSEC PANEL - Site controller to manage multiple door controllers and advanced access control Features COSEC LE PLATFORM - Application server platform for 1000 users and expandable up to one million users COSEC LE TAM - Comprehensive time-attendance and leave management module for COSEC LE platform COSEC LE ACM - Comprehensive access control module for COSEC LE platform
Trackforce has entered the retail market with a leading security workforce and activities management platform that empowers retailers to effectively manage their physical security and loss prevention environment. The platform delivers actionable data analytics to anticipate, assess, and mitigate risk; it enhances compliancy management, and helps supervisors manage more resources at multiple sites from one centralised location. Retail security and loss prevention teams operate in a challenging and complex environment" Retail Security According to Guirchaume Abitbol, CEO and Founder of Trackforce, “Retail security and loss prevention teams operate in a challenging and complex environment. To be successful they must access the best type of technology to support their security and loss prevention teams and streamline management of the entire security and risk environment. Our platform is seamless. Simpler to operate and more cost effective, it helps retailers deliver enhanced shopper safety while optimising security and loss prevention management.” Trackforce supports security and loss prevention teams by giving them predictive and historical data analytics to boost their strategic decision-making capabilities. The SaaS platform’s predictive analytics capabilities facilitate easy identification and analysis of theft patterns so that weak areas within the store can be improved to reduce risk and loss. Historic data are analysed, cross-referenced with trends and industry best practices, and then broken down. The resulting intelligence can then be used to fine tune security both within the store and externally. Trackforce SaaS platform The platform also consolidates and centralises the security command and control function, eliminating the expense of posting multiple supervisors at various sites. “Now one supervisor using the Trackforce command center is empowered with communication and management capabilities to effectively oversee security at numerous retail sites. The supervisor can communicate over multiple communication channels to security officers at all locations they are responsible for,” adds Abitbol. “This delivers major budgetary savings for the retail enterprise without compromising quality in any aspect of its security environment.” The Trackforce platform prevents loss and mitigates risks by securely maintaining digital records Security and risk management within the retail environment is complex, with numerous code and compliancy requirements. Missing a deadline can result in severe fines, increased insurance premiums, or even prosecution. The Trackforce platform prevents loss and mitigates risks by securely maintaining digital records and proactively alerting stakeholders when licenses need renewing and audits and inspections are due. The security manager commands a dashboard view of the entire regulatory and compliancy landscape across all store locations. Security and risk management “No two retail security departments are the same,” concludes Abitbol. “So we help retail clients customise their Trackforce workforce management platform based on their unique security, loss prevention, and risk environment. Trackforce eliminates the need for time-consuming paper reports and antiquated guard tour devices. It assists security officers and loss prevention officers in fulfilling their duties effectively, giving them improved capabilities to help them face their security challenges with greater efficiency and economy.”
Boon Edam Inc., a global provider of security entrances and architectural revolving doors, announced that a recently renovated office space in Glasgow, Scotland, 191 West George Street, has installed Lifeline Speedlane Swing optical turnstiles for increased physical security and uncompromising aesthetics. A rising trend in the United Kingdom is the renovation of older office spaces. With a continuously growing workforce, cities across the country are transforming corporate offices into multi-level spaces with increased aesthetics. In keeping with this trend, the office space at 191 West George Street recently underwent a renovation. Revamped with space and simplicity in mind, the building’s atrium stands out due to its high-quality materials, including the sleek, Lifeline Speedlane Swing optical turnstiles used to control access to all occupants and visitors. Optical turnstiles integrated with access control The requirements were for an optical turnstile solution that could integrate with access control and had the versatility to control a large number of visitorsThe lead architect renovating 191 West George Street was Michael Laird Associates – a firm that flourishes in adaptable yet luxurious designs. Working directly with the architects, owners of the office space underwent a simple product selection process regarding security. The requirements were for an optical turnstile solution that could integrate with access control and had the versatility to control a large number of visitors. 191 West George Street is the home of a 6-level building with 87,000 sq. ft. of usable office space. The architects wanted to keep the look and feel of the entire building, open and clean, without any columns or other impeding structures. The designers chose a stainless-steel finish for the modern and sleek cabinets of the Speedlane Swing optical turnstiles to provide a perfect accent for the neutral white and mushroom colours of the lobby. Their minimal footprint allows them to integrate seamlessly into any location without being obtrusive to user access or aesthetic design. Lobby security solution All lanes can be controlled remotely via a device called BoonTouch that gives reception control to open or close lanes at any time191 was designed to be a bustling, flexible workspace for hundreds of daily users, and as space is rented and the building starts to experience higher traffic, the four lanes of optical turnstiles will be able to handle the load. Working in collaboration with Boon Edam’s sales and specification managers, the architect had a clear idea of what they were looking for in a lobby security solution. By reviewing a number of key elements related to security, throughput, aesthetics, safety, and technology, Boon Edam was able to map out all aspects of the entry requirements prior to selection and installation. The four-lane array of Speedlane Swing optical turnstiles includes a single, wide lane at the end. Wide lanes allow large groups to pass through as well as wheelchairs, dollies and luggage. All lanes can be controlled remotely via a device called BoonTouch that gives reception control to open or close lanes at any time.
Round table discussion
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
Employee turnover is a problem for many companies, especially among younger employees who have not developed the philosophy of employer loyalty that was common in previous generations. Nowadays, changing jobs is the norm. The idea of spending decades working for a single employer seems almost quaint in today’s economy. However, excessive employee turnover can be expensive for employers, who are looking for ways to keep their brightest and best employees happily toiling away as long as possible. We asked this week’s Expert Panel Roundtable: How can the physical security market promote better employee retention in a competitive employment environment?
In today’s global economy, goods are manufactured all over the world and shipped to customers thousands of miles away. Where goods are manufactured thus becomes a mere detail. However, in the case of “Made in China”, the location of a manufacturer has become more high-profile and possibly more urgent. The U.S. government recently banned the use in government installations of video system components from two Chinese manufacturers, presumably because of cybersecurity concerns. A simmering trade war between China and the United States also emphasises other concerns related to Chinese manufacturing. We asked this week’s Expert Panel Roundtable: Should "Made in China" be seen as a negative in the video surveillance marketplace? Why or why not?