ANSecurity, an advanced network, and data security company, has become a Palo Alto Networks Managed Security Services Partner (MSSP).
ANSecurity has delivered Palo Alto Networks security solutions for over 10 years, and as David Hood, CEO, explains, “We already work with many of our clients using Palo Alto Networks technology as part of our own co-driver managed services methodology, and this certification is a formalisation of a long-standing relationship that validates that our security teams have the skill and expertise to implement and manage the entire product portfolio in accordance with best practice.”
Availability on cloud categories
The new Palo Alto Networks Managed Security Service Provider (MSSP) offering will also be available via the Crown Commercial Services G-Cloud 12 Framework as part of the 20 security-focused services that ANSecurity has available through G-Cloud across Cloud Hosting, Cloud Software, and Cloud Support categories.
Stuart Taylor, WEUR channel director at Palo Alto Networks, said, "ANSecurity has been a trusted partner of ours for about 10 years, currently holding Platinum status. Palo Alto Networks is pleased to award them MSSP status."
"We look forward to working together to help customers transition to a managed services model that offers many benefits in terms of delivering an improved security posture while overcoming the acute cybersecurity skills shortage we see in the market today.”
The ANSecurity Palo Alto Networks MSSP offering includes support for Next-Generation Firewalls, Advanced Endpoint Protection, SaaS Security, and Centralised Management and is backed by a 24/7 Security Operation Centre (SOC). The services are delivered within a flexible engagement model using co-driver, a methodology that helps organisations to better tailor service levels and support to their individual needs.
EUSAS recently organised a successful online European Conference on the topic ‘Artificial intelligence in fire detection and security – without the hype’. It showed once again the importance of technological development for an industry endeavoured to protect lives with particular relevance to the fire and security industry.
The conference opened with a discussion on what Artificial Intelligence (AI) is. The general concepts as well as the history and starting blocks of AI were discussed. Also, the current application fields for AI in Smart Living, as well as important requirements for the realisation of intelligent Smart Living services, were presented. Focal point for the fire industry were the presentations during the session on the benefits and opportunities of AI for fire detection and security.
Artificial Intelligence and Fire Safety
In his presentation, Guillermo Rein of the Imperial College London presented an innovative fire protection system that combines building sensors, computer modelling, and artificial intelligence (AI). It is called The Fire Navigator and aims to forecast the movement of a fire inside a large building, providing the fire brigades with essential information about flames and smoke ahead of time. It bridges the gap between fire safety and Building Information Modelling by making use of the data already produced by high-rise building sensors such as smoke and heat sensors.
A fast and simple cellular automata model assimilates sensor data, and via inverse modelling and genetic algorithm techniques, it uncovers the ignition location, time, flame spread rate and smoke velocity. A test case with synthetic data was shown for a real iconic building in London. The Fire Navigator concept would be specially suited for the protection of higher-risk buildings like high-rise and hospital, or key infrastructure like tunnels and power plants.
Paul van der Zanden, General Director of Euralarm, elaborated on the connection between AI and the fire industry. He took a holistic approach by defining AI as ‘’Technology used to add value and/or improve the outcome of an existing or new process/system’’. The fire industry has a wide scope and covers many aspects. Within Euralarm fire safety is seen as an ecosystem and therefore fire safety should be part of the development process.
The question is if one can use other future spin-off developments from the AI world for the fire safety world
Assuming that everything is done in the design to prevent a fire from starting there still is a chance that a fire incident will happen. A key factor that defines the impact of this incident is time. Timely detection and sensitivity for unnecessary alarms have a relation with each other. Both factors can be improved by using new technologies including AI technologies.
The question is if one can use other future spin-off developments from the AI world for the fire safety world. The introduction of new sensor technologies available could be one of these spin-offs. With an example from AI sensor technology development, Paul van der Zanden showed how future fire detection can be brought to the next level.
In his presentation, Ibrahim Daoudi of CNPP presented the vulnerabilities related to the use of artificial intelligence on security/safety products. There are mainly 3 categories of vulnerabilities. The first category consists of adversarial attacks where the aim is to generate data sufficiently modified to mislead the model. The second category concerns physical attacks.
It is in fact based on adversarial attacks but applied to real objects. The third category is the traditional attacks on information systems leading to the poisoning of the model itself or its training data. All three vulnerability categories were discussed and explained.
Temporal Deep Learning
A new way to detect and localise smoke within such sequences was presented, called cell-wise classification
Utilising temporal information is crucial to detect smoke in video sequences. In his presentation, Andreas Wellhausen of Bosch Sicherheitssysteme GmbH presented the work on temporal approaches based on Deep Learning that are applied to Video Smoke Detection. Two methods were elaborated. Firstly, a combination of convolutional neural networks (CNN) and long-short-term-memory networks (LSTM), secondly the inflated 3D architecture (i3D), which consists of 3D convolutions.
These are two state-of-the-art approaches to extract spatial and temporal information out of video sequences. A new way to detect and localise smoke within such sequences was presented, called cell-wise classification. Furthermore, the advantage of temporal approaches over CNN methods, which are commonly used for detection problems in Computer Vision, was shown.
Training AI on synthetic data
Philip Dietrich of Bosch Sicherheitssysteme analysed the idea of using synthetic data to train Deep Learning Systems for Video-Based Smoke Detection algorithms. Compared to real data, gathering a large-scale database is significantly easier for synthetic data. It was shown how Deep Learning networks can be trained on synthetic videos. The results were compared with real data.
Experimental results support the hypothesis, that domain adaptation improves the generalisation of real data
As a means of bridging the domain gap between real and synthetic data, the concept of domain adaptation will be introduced. By forcing networks to extract similar features from real and synthetic data respectively, potential artifacts in synthetic data may not be learned by the network. Experimental results support the hypothesis, that domain adaptation improves the generalisation of real data.
Legislation and outlook
While the rapid adoption of AI creates exciting new opportunities for industry and individuals alike, it also poses an important question: does current laws apply to AI? Tadas Tumėnas of Orgalim discussed if and how this new technology should be regulated. He outlined the state of play of AI in Europe. He focused on the definition of AI which should be the essence of the EU legislative framework and presented the Commission’s work related to AI.
In the last presentation Lance Rütimann, chair of the Fire Section of Euralarm, said that if the fire safety industry does not take on the task of working with legislators, regulators, and standardisation bodies in defining the aforementioned regulatory landscape, then someone else will.
This is because the use of Artificial Intelligence to protect lives and assets makes good sense. Understandably, the path ahead is not clear, and there are many, many questions. The fact that the results of the work of the fire safety industry make the world a safer place for millions of people is the best motivation to set the focus on a new horizon.
The National Security Inspectorate (NSI) is once again supporting the BSIA’s British Security Awards, taking place at the London Marriott Grosvenor Square on 30th June 2021.
The British Security Awards recognise key achievements from within the private security industry and for the third consecutive year NSI is sponsoring the ‘Apprentice of the Year' Award.
Dedicated to the next generation of engineers within the industry, this category will award an apprentice for their outstanding commitment to training, personal initiative, and customer service.
Comments by the Chief
Richard Jenkins NSI Chief Executive commented, “Our support of apprenticeships in the security and fire sectors is an intrinsic part of NSI’s commitment to raising standards and whilst an ongoing need to bridge the future skills gap exists, our support of apprenticeships remains as ever pertinent. We encourage companies to nominate their exceptional apprentices and give them the recognition they deserve.”
“We look forward to this year’s British Security Awards as a vital opportunity to shine a spotlight on the invaluable contribution of those within the private security industry who go above and beyond to keep people, property, and assets safe.” Entries for the British Security Awards 2021 will close on 16th April and finalists will be announced on 4 May 2021.
Acronis, a pioneer in cyber protection, introduces a new partner portal that delivers greater support and enhanced marketing and sales capabilities to the service providers, distributors, and resellers in the #CyberFit Partner Program.
The new portal was developed to enhance partner enablement, providing easy access to the content, tools, and training that will help them build a successful cyber protection business. Given the dramatic growth of the Acronis cloud ecosystem – which has doubled since 2018, including a 30% increase in partners last year – the company wanted to revitalise its partner portal with a familiar, easy-to-use interface while providing new capabilities that help partners maximise the potential and profitability of their cyber protection portfolio.
Comprehensive cyber protection
“Acronis knows that our success is tied directly to the success of our partners, which is why we do all we can to accelerate their business growth. We recently introduced our flagship Acronis Cyber Protect Cloud with a no-charge licencing model to allow for incremental margins, as well as enhanced incentives for our newly announced #CyberFit Partner Program,” said Jan-Jaap “JJ” Jager, Chief Revenue Officer, Acronis.
The new portal puts even more power in the hands of Acronis’ service provider
“With our new partner portal, we’re making it even easier to leverage those initiatives, putting the knowledge, tools, and support needed to deliver comprehensive cyber protection at our partners’ fingertips.” Available in six languages and accessible through the existing partner portal URL, the new portal puts even more power in the hands of Acronis’ service provider, reseller, and distribution partners.
Marketing automation tools
Among the featured enhancements are:
Easier navigation with a central dashboard that provides a partner an account overview at a glance with customisable widgets that show support cases, MDF, deal registration, renewal opportunities, and more. Partner programme benefits and requirements are immediately accessible, as are special promotional offers. With an interface that mirrors the existing Acronis Management Console, access can be set based on roles and responsibilities.
Enhanced marketing and sales support, including built-in marketing automation tools that streamline the ability to promote and sell, share email blasts, and offer renewals pipeline management for resellers. Partners also gain access to Acronis’ NFR Program as well.
Ready-made and DIY marketing content that can be executed directly from the portal, including campaigns-in-a-box, email nurture flows, social media content, email blasts, customisable web banners and landing pages, and more provide partners with flexible, self-service marketing opportunities.
Increased support visibility for both technical and sales tickets with a new support section that streamlines case submission and provides easily tracked support tickets. Managing sales and renewals opportunities is also made easier.
Specialised training from the Acronis #CyberFit Academy – including product training, technical certifications, etc. – can also be accessed directly through the new partner portal.
Acronis has created a seamless and exceptional user interface with its new Partner Portal"
Partners who have participated in testing the new portal agree that the new capabilities will benefit their go-to-market efforts and help them streamline their sales and marketing initiatives. “Acronis has created a seamless and exceptional user interface with its new Partner Portal. From product management to technical support, we feel more connected than ever to Acronis’ team of advisors and continue to learn how to improve our own sales experience on the new platform,” said Evangelos Tselios, Cloud Product Manager at interworks.cloud.
“This outstanding development is well-organised and filled with useful content and information, truly honoring one of Acronis’ true core values of transparency. This new portal is a great example of how Acronis values its partners.”
All Acronis partners immediately gain benefits through the new portal. More advanced capabilities are also available to higher-level partners through the portal. Anyone interested in seeing a demo of the new Acronis Partner Portal is encouraged to attend the launch webinar that will be taking place on Wednesday 28th April.
The global pandemic has triggered considerable innovation and change in the video surveillance sector. Last year, organisations around the globe embraced video surveillance technologies to manage social distancing, monitor occupancy levels in internal and external settings, and enhance their return-to-work processes.
Forced to reimagine nearly every facet of their operations for a new post-COVID reality, companies were quick to seize on the possibilities offered by today’s next-generation video surveillance systems. Whether that was utilising motion sensing technologies to automatically close doors or switch on lighting in near-deserted office facilities. Or checking if people were wearing masks and adhering to distancing rules. Or keeping a watchful eye on streets and public spaces during mandated curfew hours.
Beyond surveillance and monitoring use cases, organisations also took advantage of a raft of new Artificial Intelligence (AI) applications to undertake a range of tasks. Everything from automating their building management and optimising warehouse operations, to increasing manufacturing output and undertaking predictive maintenance.
Behind the scenes, three key trends all contributed to the growing ubiquity of video surveillance observed in a variety of government, healthcare, corporate, retail, and industry settings.
Video surveillance takes to the Cloud
Last year the shift to digital working led organisations to rapidly embrace cloud-enabled services, including cloud-hosted Video Surveillance As A Service (VSaaS) solutions that provide tremendous economies of scale and flexibility. Alongside significant cost savings, these solutions make it easier for organisations to enhance their disaster recovery and manage their video surveillance estate in new and highly effective ways.
Surveillance cameras with audio recording were used more than 200% by customers between 2016 and 2020For example, in addition to enabling remote access and maintenance, today’s cloud-powered systems eliminate any need to invest in local storage technologies that all too often fail to keep pace with an organisation’s growing data storage requirements.
Indeed, data from our worldwide customer base survey reveals how in 2020 an impressive 63% of organisations had abandoned using any on-premises storage option and were instead only storing all their video surveillance recordings and data in the Cloud. A deeper review of the global stats shows that the average cloud recording retention period for this stored data was 28.2 days, with organisations in Asia topping the global average at 38 days – 33% higher than was observed in any other region.
Improvements in bandwidth and scalability engendered by the Cloud have also helped boost the growing utilisation of audio recordings in addition to visual image capture. Indeed, our research found the number of surveillance cameras with an audio recording facility used by customers jumped more than 200% between 2016 and 2020.
Making sense of Big Data
The enhanced ease of connectivity and scalable bandwidth made possible by the Cloud is stimulating more companies to connect a lot more video surveillance cameras to their networks. The top motivation for doing so is to generate live metrics and data that can be utilised to deliver enhanced business insights and operational intelligence.
In recent years, a rich choice of video analytics solutions have been developed for a variety of industry verticals. The range of functionalities on offer is impressive and covers a variety of applications. Everything from making it easy to classify and track objects and behaviour patterns in real-time, to undertaking anomaly detection, or generating predictions based on past and present events/activities.
Data collected via today’s cloud connected cameras can now also be used to feed deep learning training and AI analytics, utilising the unparalleled virtualised processing capacity of the Cloud to convert Big Data into usable information quickly. By integrating this information with data from other enterprise data capture systems, organisations are now able to gain a 360-degree view of their operations – in almost real-time.
IT is now in the driving seat
No longer the sole preserve of on-site security staff, the wider application and business use of video surveillance means that IT is increasingly taking the lead role where the management and control of these systems are concerned. IT is asked to integrate video surveillance into key enterprise platforms to generate the data that business leaders need
Aside from the fact that IT has a vested interest in addressing the cybersecurity implications that come with attaching a growing range of IoT devices to the enterprise network, they’re also increasingly being asked to integrate video surveillance into key enterprise platforms to generate the data that business leaders need.
As organisations expand their integration of video with other business applications, such as point of sale, access control, process control and manufacturing systems, this trend is only set to accelerate.
Looking to the future
Right now, the video surveillance industry is at a key tipping point, as video systems become increasingly strategic for enabling the enterprise to boost productivity, stay compliant, and fulfil its obligations to protect employees and customers.
As the technology’s contribution to enhanced data-driven decision-making and problem solving continues to increase, expect the adoption of IP connected video cameras to burgeon as organisations look to capture more data from their day-to-day business operations.
Human beings have a long-standing relationship with privacy and security. For centuries, we’ve locked our doors, held close our most precious possessions, and been wary of the threats posed by thieves. As time has gone on, our relationship with security has become more complicated as we’ve now got much more to be protective of. As technological advancements in security have got smarter and stronger, so have those looking to compromise it.
Cybersecurity, however, is still incredibly new to humans when we look at the long relationship that we have with security in general. As much as we understand the basics, such as keeping our passwords secure and storing data in safe places, our understanding of cybersecurity as a whole is complicated and so is our understanding of the threats that it protects against.
However, the relationship between physical security and cybersecurity is often interlinked. Business leaders may find themselves weighing up the different risks to the physical security of their business. As a result, they implement CCTV into the office space, and alarms are placed on doors to help repel intruders.
Importance of cybersecurity
But what happens when the data that is collected from such security devices is also at risk of being stolen, and you don’t have to break through the front door of an office to get it? The answer is that your physical security can lose its power to keep your business safe if your cybersecurity is weak.
As a result, cybersecurity is incredibly important to empower your physical security. We’ve seen the risks posed by cybersecurity hacks in recent news. Video security company Verkada recently suffered a security breach as malicious attackers obtained access to the contents of many of its live camera feeds, and a recent report by the UK government says two in five UK firms experienced cyberattacks in 2020.
Cloud computing – The solution
Cloud stores information in data centres located anywhere in the world, and is maintained by a third party
Cloud computing offers a solution. The cloud stores your information in data centres located anywhere in the world and is maintained by a third party, such as Claranet. As the data sits on hosted servers, it’s easily accessible while not being at risk of being stolen through your physical device.
Here’s why cloud computing can help to ensure that your physical security and the data it holds aren’t compromised.
It’s completely normal to speculate whether your data is safe when it’s stored within a cloud infrastructure. As we are effectively outsourcing our security by storing our important files on servers we have no control over - and, in some cases, limited understanding of - it’s natural to worry about how vulnerable this is to cyber-attacks.
The reality is, the data that you save on the cloud is likely to be a lot safer than that which you store on your device. Cyber hackers can try and trick you into clicking on links that deploy malware or pose as a help desk trying to fix your machine. As a result, they can access your device and if this is where you’re storing important security data, then it is vulnerable.
Cloud service providers
Cloud service providers offer security that is a lot stronger than the software in the personal computer
Cloud service providers offer security that is a lot stronger than the software that is likely in place on your personal computer. Hyperscalers such as Microsoft and Amazon Web Service (AWS) are able to hire countless more security experts than any individual company - save the corporate behemoth - could afford.
These major platform owners have culpability for thousands of customers on their cloud and are constantly working to enhance the security of their platforms. The security provided by cloud service providers such as Claranet is an extension of these capabilities.
Cloud servers are located in remote locations that workers don’t have access to. They are also encrypted, which is the process of converting information or data into code to prevent unauthorised access.
Additionally, cloud infrastructure providers like ourselves look to regularly update your security to protect against viruses and malware, leaving you free to get on with your work without any niggling worries about your data being at risk from hackers.
Cloud providers provide sophisticated security measures and solutions in the form of firewalls and AI
Additionally, cloud providers are also able to provide sophisticated security measures and solutions in the form of firewalls and artificial intelligence, as well as data redundancy, where the same piece of data is held within several separate data centres.
This is effectively super-strong backup and recovery, meaning that if a server goes down, you can access your files from a backup server.
Empowering physical security with cybersecurity
By storing the data gathered by your physical security in the cloud, you're not just significantly reducing the risk of cyber-attacks, but also protecting it from physical threats such as damage in the event of a fire or flood.
Rather than viewing your physical and cybersecurity as two different entities, treat them as part of one system: if one is compromised, the other is also at risk. They should work in tandem to keep your whole organisation secure.
The transition to remote working has been a revelation for many traditional office staff, yet concerns over data security risks are rising. Mark Harper of HSM explains why businesses and their remote workers must remain vigilant when it comes to physical document security in homes.
Pre-pandemic, home offices were often that neglected room in people’s homes. But now things are different. After the initial lockdown in 2020, 46.6% of UK workers did some work at home with 86% of those doing so because of the pandemic.
Since then, many have found that over time, those semi-permanent workspaces have become slightly more permanent – with official hybrid working coming into effect for an assortment of businesses and their teams. The adoption of hybrid working can in fact be seen as one of the few positives to come from the pandemic, with less travel, more freedom and higher productivity top of the benefits list for businesses and their employees.
The handling of sensitive documents, is a growing concern for office managers
But those welcomed benefits don’t tell the whole story. The transition to remote working has undoubtedly impacted workplace security, with various touch points at risk. The handling of sensitive documents for example, is a growing concern for office managers. In simpler times, sensitive data was more or less contained in an office space, but with millions of home setups to now think about, how can businesses and their office managers control the issue of desk data?
Physical document security
As of January 2021, it’s said that one in three UK workers are based exclusively at home. That’s millions of individuals from a variety of sectors, all of which must continue in their efforts to remain data secure. With that, reports of cyber security fears are consistently making the news but that shouldn’t be the sole focus. There is also the underlying, but growing, issue of physical document security.
The move to remote working hasn’t removed these physical forms of data – think hard drives, USBs and paper based documentation. A recent surge in demand for home printers for example, only exemplifies the use of physical documents and the potential security issues home offices are facing. Adding to that, research conducted in 2020 found that two out of three employees who printed documents at home admitted to binning those documents both in and outside of their house without shredding them.
Data security concern
Without the right equipment, policies and guidance, businesses are sure to be at risk
Those findings present a huge data security concern, one that must be fixed immediately. The Information Commissioner’s Office (ICO) has since released guidance for those working from their bedrooms and dining tables. Designed to help overcome these challenges, the ‘security checklists’ and ‘top tips’ should be the first port of call for many. Yet throughout, the ICO make reference to ‘following your organisation’s policies and guidance’ – highlighting that the onus isn’t solely on the individuals working from their makeshift offices.
Office managers have a monumental task on their hands to ensure teams are well equipped within their home setups. Without the right equipment, policies and guidance, businesses are sure to be at risk. But it would be wrong to insinuate that unsecure desk data has only now become an issue for organisations.
Modern office spaces
Keeping clear desks has long been a battle for many office managers. In fact, clear desk policies are practised in most modern office spaces, with it recognised as a key preventative to personal information being wrongly accessed and so falling foul of GDPR legislation.
Throwing sensitive documents in the bin was never an option pre-pandemic
However, the unsupervised aspect of home working has led to a potentially more lax approach to these policies, or in some cases, they can’t be followed at all. For those taking a more laid back approach, organisation leaders must remind staff of their data security responsibilities and why clear desk policies have previously proven effective. Ultimately, throwing sensitive documents in the bin was never an option pre-pandemic and this must be carried through to home workspaces now.
Securely destroy documents
There are also concerns over the equipment people have access to at home. For example, without a reliable home shredding solution, data security suddenly becomes a tougher task. To add to that, several recommendations state that employees working from home should avoid throwing documents away by instead transporting them to the office for shredding once lockdown rules ease.
While this is an option, it does pose further issues, with document security at risk of accidental loss or even theft throughout the transportation period, not to mention the time spent in storage. The best and most effective way to securely destroy documents is at the source, especially in environments where higher levels of personal data is regularly handled.
Correct shredding equipment
The recent findings on home office behaviour represent a true security risk
Only when home workers implement their own clear desk policies alongside the correct shredding equipment (at the correct security level), can both home office spaces and regular offices become data secure. Realistically, these solutions should, like the common home printer, become a staple in home office spaces moving forward.
The likelihood is that many UK workers will remain in their home offices for the foreseeable future, only to emerge as hybrid workers post-pandemic. And while the current working environment is more ideal for some than others, the recent findings on home office behaviour represent a true security risk to organisations.
With this in mind, it’s now more key than ever for business leaders, their office managers and homeworkers to all step up and get a handle on home data security policies (as well as maintaining their standards back at the office) – starting with the implementation of clear desk policies. After all, a clear desk equals a clear mind.
When 150,000 video surveillance cameras get hacked, it’s big news. Even if the main reason for the hack was to make a point. Even if the major consequence is bad publicity for a video company (and, by extension, the entire video surveillance industry).
The target of the hack was Silicon Valley startup Verkada, which has collected a massive trove of security-camera data from its 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Previously, Verkada has been known for an aggressive sales approach and its intent to disrupt the traditional video market.
The data breach was accomplished by an international hacker collective and was first reported by Bloomberg. The reported reasons for the hack were “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it,” according to Bloomberg.
Tesla amongst those impacted
The “fun” included access to a video showing the inside of a Florida hospital, where eight hospital staffers tackled a man and pinned him to the bed. Inside a Massachusetts police station, officers are seen questioning a man in handcuffsA view inside a Tesla warehouse in Shanghai, China, showed workers on an assembly line. Inside a Massachusetts police station, officers are seen questioning a man in handcuffs. There are even views from Verkada security cameras inside Sandy Hook Elementary School in Connecticut, where a gunman killed more than 20 people in 2012.
In a “security update” statement, Verkada reports: “Our internal security experts are actively investigating the matter. Out of an abundance of caution, we have implemented additional security measures to restrict account access and further protect our customers.”
Hacking was possible due to built-in feature
The hacker group was able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code, reports Bloomberg. Obtaining this degree of access to the camera did not require any additional hackingUsing that access, they could pivot and obtain access to the broader corporate network of Verkada’s customers or hijack the cameras and use them as a platform to launch future hacks, the hackers told Bloomberg. Obtaining this degree of access to the camera did not require any additional hacking, as it was a built-in feature.
Elisa Costante, VP of research for cybersecurity firm Forescout, calls the Verkada security camera hack "shocking."
"Connected cameras are supposed to provide an additional layer of security to organisations that install them,” she says. “Yet, as the Verkada security camera breach has shown, the exact opposite is often true. [It is worrisome that] the attack wasn't even very sophisticated and didn't involve exploiting a known or unknown vulnerability. The bad actors simply used valid credentials to access the data stored on a cloud server.”
Super Admin account had access to all cameras
Hackers gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. They found a username and password for an administrator account publicly exposed on the internet, according to Bloomberg. The hackers lost access to the video feeds and archives after Bloomberg contacted Verkada.Hackers lost access to the video feeds and archives after Bloomberg contacted Verkada
The results could have been worse, says Costante. "In this case, the bad actors have seemingly only resorted to viewing the footage these cameras have captured. But they are likely able to cause a lot more damage if they choose to do so, as our own research team has discovered. We were able to intercept, record and replace real-time footage from smart cameras by exploiting unencrypted video streaming protocols and performing a man-in-the-middle attack. This effectively gives criminals a virtual invisibility cloak to physically access premises and wreak havoc in the real world.”
Impact on broader video surveillance industry
The impact of a well-publicised cyber-attack on the broader video surveillance industry is also a concern. “As an industry, and as manufacturers in physical security, we cannot take these hacks lightly,” says Christian Morin, CSO & Vice-President of Integrations & Cloud Services, Genetec. “The potential broad-reaching impact of these hacks on physical security systems, including providing a beachhead to facilitate lateral movement onto networks, resulting in data and privacy breaches or access to critical assets and infrastructure, cannot be overstated. It is our responsibility and duty to users of our technology to prioritise data privacy and cybersecurity in the development, distribution, and deployment of video surveillance systems.”
Widespread government and healthcare use
The Verkada cameras are in widespread use within government and healthcare, which are by far the company’s most dominant verticals. Lesser verticals for them are manufacturing, financial and retail.The Verkada website pledges to take privacy seriously
Verkada’s line of hybrid cloud security cameras combines edge-based processing with the capabilities of cloud computing. Cameras analyse events in real-time, while simultaneously leveraging computer vision technology for insights that bring speed and efficiency to incidents and investigations. Command, Verakda’s centralised web-based platform, provides users with access to footage they need. Motion detection, people analytics, and vehicle analytics enable searches across an organisation to find relevant footage.
The Verkada website pledges to take privacy seriously: “We are passionate about developing products that enhance the security and privacy of organisations and individuals. We believe that well-built, user-friendly systems make it easier to manage and secure physical environments in ways that respect the privacy of individuals while simultaneously keeping them safe.”
Convergint Technologies’ rapid growth has come through a combination of organic growth and acquisitions — they have acquired 35 companies since 2014. Growth has been a focus since day one when the founders started the systems integration company with 10 colleagues in a basement.
Today, the diverse company includes more than 5,000 employees globally. As technology has advanced and business practices have evolved, Convergint’s core values and beliefs have guided their path forward.
Convergint’s culture is a critical aspect of the company, from the executive level to frontline colleagues. “It is essential that the companies we look to acquire and develop partnerships with directly align with our people-first, customer-centric, inclusive culture centered on colleagues and customers,” says Mike Mathes, Executive Vice President, Convergint Technologies.
“This approach has allowed us to maintain and grow our number of colleagues across our acquisitions and enables us to continue being our customers’ best service provider.”
Many practices have to be form-fitted to each individual acquisition A simple but important consideration as Convergint grows through acquisitions is: No two companies are the same. While some integration practices can be standardised across the company, many practices have to be form-fitted to each individual acquisition, says Mathes. “Our objective is not to come in and immediately implement change. We want to build on what has already been successful within the local market and share our learned experiences. There is plenty we can learn from each other and create a much better organisation.”
Mathes says that Convergint’s view of a successful acquisition is that 1+1=3. “The end result is always much more impactful than what we anticipated,” he says. “Every acquisition brings with it an experienced leadership team, dedicated and skilled colleagues, vertical market and technological expertise. Most acquisitions are in geographies where we do not already operate, so with every acquisition, we increase our capability to serve our customers much better.” Also, the network of Global Convergint Technology Centres (CTCs) helps expand clientele, and the Convergint Development Centre (CDC) offers new support capabilities allowing acquisitions to grow at a very high rate.
Are there more acquisitions to come? Mathes says Convergint is always open to further expanding its footprint across the globe, improving its ability to service customers, deepening their technical expertise, and continuing to expand service offerings across the current and new vertical markets. However, the current focus remains on several key factors: service to colleagues, customers, and communities.
“While obviously, acquisitions fuel our growth, the addition of these organisations to Convergint has really improved our ability to service clients on a global basis,” says Mathes. Acquiring ICD Security Solutions in Asia, for example, made Convergint a pioneer in that market for U.S.-based multi-national companies.
Meeting customers demand
“Convergint does not weigh market conditions when making an acquisition decision,” says Mathes. Rather, they are primarily focused on meeting or exceeding their customer’s needs on a local to a global level. They see acquisitions as a potential way to extend their geographic reach so they can be closer to customers.
An acquisition might also expand technological or vertical market expertise. “The end goal is for us to enhance our service capabilities by attracting and retaining talented colleagues and leaders to better service our customers,” says Mathes.
Enhancing and expanding services
Convergint identifies how to leverage the expertise to further enhance and expand current service options “Economies of scale” have not been a consideration. They have never sought to acquire companies and restructure them in the process, for example. Rather, each company brings forth a unique skillset, is carefully vetted by the executive team, and provides purpose in the company's mission and vision for the future.”
“Frontline colleagues are Convergint’s most valuable assets,” says Mathes. Rather than restructuring and eliminating skilled, knowledgeable colleagues, Convergint identifies how they can leverage the expertise to further enhance and expand current service options for customers. “Our colleagues and their skill sets are our competitive advantage—they remain an essential element to our success,” says Mathes.
Demand for integrator services
“We continue to experience a growing demand for innovative solutions across electronic security, fire alarm, and life safety,” says Mathes. “As companies innovate further and rely on technologies such as artificial intelligence, cybersecurity, IoT, and cloud solutions, we expect to see an increased demand for integrator services. Our customers demand a local service provider who is responsive and can meet their needs, which is why Convergint aims to be its customers’ best service provider.”
This year, Convergint is celebrating its 20th anniversary. In 2021, they will continue to focus on the same critical components that have dominated since day one taking care of colleagues, customers, and the communities where they operate.
An impact of the COVID-19 pandemic has been to accelerate change. In 2020, the security industry was among many others that sought to adapt to shifting norms. In the process, we grabbed onto new opportunities for change and, in many cases, re-evaluated how we have done business for decades.
If necessity is the mother of invention, perhaps crisis is the mother of acceleration. This article will reflect on how these themes impacted the physical security industry in 2020, based on content we published throughout the year, and with links back to the original articles.
Sensitive data leakage
Since the lockdown came into effect, organisations globally have undergone years' worth of transformations in a matter of months. Whether it has been to transition their operations online or moving their IT infrastructure to the cloud, there’s no denying that the face of business has changed permanently, experiencing a seismic shift, both operationally and culturally. As we enter the ‘next normal’ there remains a great deal of uncertainty around what the next 12 months holds and how organisations can navigate turbulence in the face of a possible recession.
One of the most notable and widely reported trends has been the switch to remote methods of work, or home working. With so many employees logging on from residential networks, through personal devices that may be more easily compromised, the overall attack surface has greatly increased, raising the risk of potential corporate and sensitive data leakage in their new home office settings. Security and data protection are larger issues than ever.
Good cybersecurity hygiene
Criminals will use the crisis to scam people for money, account information and more"
With a majority of the world working from home, businesses had to respond to this changing landscape. While it used to be that in-person networking events and sales pitches secured new projects or opportunities, the current landscape pushes businesses to be more creative in how they reach their customers. For example, with ISC West being postponed, many companies have turned to online resources to share new product demonstrations and other company news. Others are hosting webinars as a way to discuss the current climate and what it means for the industry.
Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.”
In a typical office with an on-premise data centre, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications.
There are many benefits of working remotely with productivity right up the top of the list
There are many benefits of working remotely with productivity right up the top of the list. By reducing the unproductive time spent commuting and travelling to meetings, we are able to get much more done in a day. Add to this the reduction in stress and improved work-life balance and it makes for an impressive formula of happier, healthier and more motivated colleagues. And it’s still easy to measure results no matter where someone is working.
Video conferencing platforms
Trade shows have always been a basic element of how the security industry does business - until the year 2020, that is. This year has seen the total collapse of the trade show model as a means of bringing buyers and sellers face to face. The COVID-19 pandemic has effectively made the idea of a large trade show out of the question.
The good news is that the industry has adapted well without the shows. A series of ‘on-line shows’ has emerged, driven by the business world’s increasing dependence on Zoom and other video conferencing platforms. The fact is, 2020 has provided plenty of opportunities for sellers to connect with buyers. Some of these sessions have been incredibly informative – and conveniently accessible from the comfort of a home office.
Online training courses
Online training has grown in popularity this year, and the change may become permanent
Online training has grown in popularity this year, and the change may become permanent. “We have seen unprecedented international demand for our portfolio of online training courses ranging from small installation companies to the largest organisations, across a wide range of sectors,” says Jerry Alfandari, Group Marketing Manager of Linx International Group, a UK training firm.
“More than ever, businesses are looking to ensure they have the skills in-house to coordinate their response to the changing situation. Individuals are also taking this time to upskill themselves for when we return to ‘normal’ by bringing something with them they didn’t have before. Perhaps unsurprisingly, people are still seeking to better themselves for what will be, eventually, a competitive market.”
Virtual trade show
‘Crisis and the Everyday’ was part of Genetec’s Connect’DX virtual trade show last spring. The virtual conversation – emphasising both in form and content the topsy-turvy state of the world – included interesting insights on the current pandemic and its near- and long-term impact on the industry.
In the middle of this pandemic, there is an opportunity to help security reinvent itself
“In the middle of this pandemic, there is an opportunity to help security reinvent itself,” said Brad Brekke, Principal, The Brekke Group, one of the panelists. “Amid the business disruption, we should ask ‘what’s the new playbook?’ It’s an opportunity for security to look at ourselves now and look at a business plan of what the future might look like. We need to align with the business model of the corporation and define our role more around business and not so much around security.”
As a cloud-based platform for service providers in the security, smart home and smart business markets, Alarm.com adapted quickly to changing conditions during the coronavirus pandemic. In the recent dynamic environment, Alarm.com has kept focus on supporting their service provider partners so they can keep local communities protected.
“We moved quickly to establish work-from-home protocols to protect our employees and minimise impact on our partners,” says Anne Ferguson, VP of Marketing at Alarm.com. The Customer Operations and Reseller Education (CORE) team has operated without interruption to provide support to partners. Sales teams are utilising webinars and training resources to inform and educate partners about the latest products, tools, and solutions. Alarm.com’s partner tools are essential for remote installations and support of partner accounts.
Midway Car Rental, the privately-owned car rental company in Southern California, caters to both an exclusive and expansive clientele, including VIPs, high-end hotels, and replacement vendors like dealerships and body shops.
The company currently owns and operates 15 locations and has aggressive plans for expansion, with 6 or 7 more sites planned for this calendar year.
With a portfolio that includes Ferraris, Lamborghinis, and Jaguars, Midway can have up to a million dollars of assets parked on any of its lots. Some of the company’s newest locations lack secure perimeter fencing. Sean Perez, Midway’s General Manager, says, “We needed to protect our vehicles, but even more importantly, we had to ensure the safety of our employees and clients.”
The problem became acute when Midway opened a new location to provide loaner and replacement vehicles for an adjacent dealership partner. Prior to Midway’s arrival, the lot had been populated by vagrants and the homeless who would sleep in and around the cars parked there.
“When we took over the property, we needed to provide a safe and secure environment where we could conduct business,” Perez explains. “There were issues with vandalism and graffiti. Some of the displaced homeless would get aggressive. We needed a proactive solution – a way to stop these incidents from happening rather than trying to prosecute the individuals after the damage was done.”
Traditionally, Midway’s properties have been less exposed, with electronically secure gates or fences that restrict access. However, as Midway’s expansion plans include growing alignment with business partners like dealerships, many future sites will likely face similar security challenges. To address this situation, the company sought:
A scalable system that could grow incrementally with Midway’s expansion
Flexible technology that could be moved to new sites with minimal effort
A technology partner capable of servicing and supporting a long-term solution
The ability to outsource monitoring services in the near future
“I tend to be conservative,” says Perez. “I wanted to start off slow and then, when comfortable that we’d found both the right partner and technology, have the ability to really scale up.”
Midway Car Rental deployed ROSA units, Responsive Observation Security Agents, manufactured by Robotic Assistance Devices (RAD).
“I have to tell you, I was a bit skeptical at first about these ROSA units,” says Perez. “You can stick an armed guard out there, but the idea that a technology device could provide both consistent monitoring and serve as a deterrent system seemed like a stretch. However, our two ROSAs are really helping us protect our assets. In very short order, our problem decreased and our situation has improved dramatically.”
AI-based ROSA solution
ROSA is a compact, self-contained, security and communication solution that can be deployed in about 15 minutes
ROSA is a compact, self-contained, security and communication solution that can be deployed in about 15 minutes. Its AI-driven security systems include human and vehicle detection, license plate recognition, responsive digital signage and audio messaging, and complete integration with RAD’s software suite notification and response library.
Two-way communication is optimised for cellular, including live video from ROSA’s dual high-resolution, full-colour, always-on cameras.
“The folks from RAD sent out an engineer to help us determine where to mount the ROSA units by identifying areas on our site that are most exposed to potential vandalism or other threats,” says Perez. The devices are highly visible, featuring scrolling LED text, colorful neon ribbons, and two video cameras.
Automated detection and response
ROSA may be programmed to display welcome messages or marketing messages during business hours, along with a reminder to visitors that the property is under surveillance. When it detects the motion of humans or vehicles on the lot, it sends an alert to Perez and his team along with an associated video clip, keeping them well informed of activity happening in real-time.
During off-hours, ROSA's automated response kicks in. Its friendly daytime messaging is replaced with a more stern warning to trespassers. Upon detecting a human or moving vehicle, ROSA responds with flashing red lights and a visual warning to vacate the property immediately.
If ROSA continues to detect a presence, more lights, sirens, and a pre-recorded audio message add a sense of urgency. Monitoring personnel, who have been alerted of the event and have access to live video, can also issue pointed commands over ROSA's loudspeaker. Ultimately, if the police must be summoned, the encounter has been thoroughly documented and recorded.
Perez describes ROSA's effectiveness as a deterrent. "I've watched when people encounter the system. Initially, their reaction is one of shock and awe. When the unit goes off with its lights flashing and they hear those verbal commands, they’re terrified. They look like they've seen a ghost. Literally, in less than ten days after we put those things out, the word had spread to stay away. The vagrants were gone. It was like night and day."
Currently, Midway's management has chosen to monitor the system themselves. Perez explains, "Initially, I was getting alerts somewhat often, but they quickly tapered off. At this point, they're infrequent. With just these two units in place, plus two more scheduled to go up in Newport Beach in the coming weeks, we can handle the monitoring independently.”
“Within the next year or two, as we open new locations and add more units, we'll take advantage of RAD's monitoring services. We had that in mind when we went this route – that with our continued growth, we would eventually leverage that option."
The system is very intuitive and customer-friendly
"The system is very intuitive and customer-friendly," adds Perez. "I've used other systems that are really cumbersome. The RAD SOC dashboard is nothing like that. The ease-of-use is amazing." So is the deployment process. As ROSA requires nothing more than the power to operate, it is truly plugged and play.
"We had them installed and received training all within a few hours on one day," says Perez. "We haven't run into any issues, but if we do, the relationship we've built with the RAD team is so good that I can call on them at any time for assistance. They are very, very customer-centric."
Midway Car Rental quantifies the value ROSA delivers in several ways, including monetarily, a reduction in crime, and improved peace of mind.
Perez elaborates, "Thanks to the ROSA units, we've addressed all sorts of issues. Damage to vehicles, graffiti on the exterior of the building, the homeless tampering with our electrical outlets to charge their phones, trash left around the property – that’s all gone since we put the ROSAs in. There are also important intangibles that you really can't put a price tag on, like an improvement in employee well-being and productivity because our staff now feels safe at work."
RAD's cloud-based software simplifies the management of multi-site systems
The system's scalability and flexibility ensure that Midway's investment will continue to pay dividends. Perez says, "We're growing so fast, we're trying to put flagpoles in the markets where we identify a need, but that doesn't mean we're locking ourselves into long-term leases."
"Down the road, if we decide to move locations, our ROSAs move with us. We heavily factored their ability to easily install, uninstall, and re-install when deciding to go with this technology."
Consistent with Midway's plans, RAD's cloud-based software simplifies the management of multi-site systems. As new Midway locations open and ROSA units are installed, management and monitoring of all devices can occur through one login to the centralized RAD SOC dashboard. Alert notifications include the location of the activated unit.
RAD’s additional services
In addition to ROSA, RAD offers a suite of other products that share the same platform for delivering automated remote services, including some that are more appropriate for indoor use. Should Midway encounter new security challenges in the future, they can expand their system with other RAD devices.
"For now, ROSA is what fits our needs best, but I've seen some of those other units, and they look pretty cool," says Perez.
Midway uses the ROSA units through RAD's subscription model. The company pays a low monthly fee that covers unlimited use of the devices, software and software updates, maintenance, and technical support. Their out-of-pocket equals a small fraction of what hiring a security guard would cost.
When asked whether Perez recommends the system to others, his answer is concise. "It's a no-brainer!" he laughs. "Knock-on-wood, we've been near without incident for the four months since the ROSAs went up. I attribute that to the units' effectiveness."
DPG Media Group is the largest media company in both Belgium and the Netherlands, and active in television, radio, newspapers, magazines, and online services. It employs around 6,000 people company-wide and has its modern headquarters located in Antwerp, Belgium.
DPG Media has been a Nedap customer in the Netherlands for many years. Until recently, this was not the case in Belgium. Here, locations were standardised on an access control system where they were completely dependent on their products and services (so-called vendor lock-in).
Access control system
When building their new headquarters in Antwerp, they started looking for an access control system that is fully flexible and scalable, in terms of the future.
DPG Media needed a system that is well supported in both the Netherlands and Belgium
Moreover, DPG Media needed a system that is well supported in both the Netherlands and Belgium. Together with partner Nsecure, Nedap became the perfect match for DPG Media. Nedap addresses the following requirements to provide a unified and flexible security for life:
A unified access control system for multiple locations in the Netherlands and Belgium – including their ultra-modern headquarters (Antwerp), and one of the largest printing plants in Europe (Lokeren)
Ensured support for the latest technologies, features, and security
Fully scalable and flexible access control
Security with the highest standards to protect against the impact of cyber attacks on access control
Implementation and support by a single trusted partner (Nsecure) in both the Netherlands and Belgium
"Given the good experiences with Nedap in the Netherlands, it was a logical choice for DPG media to also secure their locations in Belgium with AEOS," said Peter van Bockstal, Nedap Security Management.
Strong price pressure combined with high-quality requirements - the beverage and bottle industry faces the classic dilemma of many industries. This is also the case in the quality control department of a French manufacturer of plastic caps. Reliably detecting cracks and micro-cracks on plastic caps in 40 different colours and shades running at high speed on a production line is a real challenge.
APREX Solutions from Nancy, France has successfully achieved this goal with the help of image processing technology and artificial intelligence. The basic images are provided by a USB 3 industrial camera from IDS Imaging Development Systems GmbH.
SOLOCAP is a subsidiary of La Maison Mélan Moutet, "flavour conditioner since 1880" and manufactures all types of plastic caps for the food sector at its industrial site in Contrexéville. Among them, a top-class screw cap suitable for any glass or PET bottle. The presence of a clampable lamella ring arranged around the bottle collar enables a simple, fast, absolutely tight, and secure seal. However, the slats must be reliably and extremely carefully checked for cracks, tears, and twists during production. This is the only way to guarantee absolute tightness.
The previous inspection system could not meet these high requirements. APREX Solutions realised the new solution with artificial intelligence individually on the basis of in-house software algorithms. The necessary specifications were developed in advance in cooperation with the customer. This also included several inspection stages, one of which, for example, was the reject control to avoid false reports.
Implementing of AI solution
Four control levels with several test points guarantee a reliability rate of over 99.99%
The introduction took place in two phases: First, the specific "SOLOCAP application" was trained with the help of the intelligent APREX Track AI solution. The software includes various object detectors, classifiers, and standard methods that operate at different levels. Networked accordingly, they ultimately deliver the desired result tailored to the customer. Four control levels with several test points guarantee a reliability rate of over 99.99%.
In the second step, this application was implemented in the production line right after the first assembly run with APREX Track C&M. The latter was specially developed for the diverse image processing requirements in the industrial sector. This includes, among other things, the control and safeguarding of a production line up to the measurement, identification, and classification of defects in the production environment. The software suite delivers the desired results quickly and efficiently, without time-consuming development processes.
Ready to use
After a short training of the AI methods, the complete system is ready for use at the customer. In the case of SOLOCAP, it combines an IDS UI-3280CP-C-HQ industrial camera, powerful ring illumination, and a programmable logic controller (PLC) to provide comprehensive control over all inspection processes.
At the same time, it records all workflows in real-time and ensures complete traceability. Only one camera is needed for this. However, APREX TRACK C&M could handle up to 5 cameras.
“The difficulty of this project consisted mainly in the very subtle expression of the defects we were looking for and in the multitude of colours. With our software suite, it was possible to quickly set up an image processing application. Despite the complexity," explains Romain Baude - founder of APREX Solutions.
The image from the camera provides the basis for the evaluations. It captures every single cap directly in the production line at high speed and makes the smallest details visible to the software.
Easy integration of camera
The USB 3 industrial camera provides excellent image quality with extraordinarily low noise performance
The UI-3280CP-C-HQ industrial camera integrated into the system with the 5 MP IMX264 CMOS sensor from Sony sets new standards in terms of light sensitivity, dynamic range, and colour reproduction. The USB 3 industrial camera provides excellent image quality with extraordinarily low-noise performance - at frame rates up to 36 fps.
CP stands for "Compact Power". This is because the tiny powerhouse for industrial applications of all kinds is fast, reliable, and enables a high data rate of 420 MByte/s with low CPU load. Users can choose from a large number of modern CMOS sensors from manufacturers such as Sony, CMOSIS, e2v, and ON Semiconductor with a wide range of resolutions.
Plug and play
Its innovative, patented housing design with dimensions of only 29 x 29 x 29 millimetres makes it suitable for tasks in the fields of automation, automotive, medical technology and life sciences, agriculture, logistics as well as traffic and transport, among others. Screwable cables ensure a reliable electrical connection.
Due to the IDS-characteristic plug & play principle, the cameras are automatically recognised by the system and are immediately ready for use, as Romain Baude confirms, "The excellent colour reproduction of the UI-3280CP-C-HQ and its high resolution of 5 MP were decisive factors for us in choosing the camera. At the same time, the model enabled a quick, uncomplicated integration into our system."
Anthony Vastel - Head of Technology and Industry at SOLOCAP - sees a lot of potential in the new inspection system, "APREX's AI-based approach has opened new doors for our 100% vision-based quality control. Our requirements for product safety, but also for reject control, especially in the case of false reports, were quickly met. We are convinced that we can go one step further by continuing to increase the efficiency of the system at SOLOCAP and transferring it to other production lines."
AI offers quality assurance, but also all other industries in which image processing technology is used, new, undreamed-of fields of application. It makes it possible to solve tasks in which classic, rule-based image processing reaches its limits. Thus, high-quality results can be achieved with comparatively little effort - quickly, creatively, and efficiently. APREX Solutions and IDS have recognised this and offer solutions with intelligent products that make it easier for customers to enter this new world.
Cybersecurity services company Bridewell Consulting enhanced the security of the upcoming 2021 Census programme after following a stringent review process.
Bridewell was enlisted by the Office for National Statistics (ONS) and the Northern Ireland Statistics and Research Agency (NISRA) to perform the Independent Information Assurance Review (IIAR) which took place between September 2020 and January 2021.
Securing the risks
The purpose of the assurance review was to identify any security risks to Census systems, services and information, and to present an independent view of security maturity to stakeholders.
Bridewell also produced a public report to assure the nation adequate measures are in place and encourage members of the public to complete the Census.
The Census is a nationwide survey that takes place every 10 years and must be completed by every household. The data collected in the survey builds a picture of all the people and households across the UK to help organisations make decisions on planning and funding public services including transport, education, and healthcare in each area. The 2021 Census survey will take place on 21st March.
Security assurance review
Bridewell previously delivered the assurance review for the Census rehearsal in 2019 and was selected to undertake the review of the 2021 Census following a formal tender process. Bridewell engaged with the ONS, NISRA, and their trusted partners over three months to ensure that a thorough and robust review into every aspect of the programme was completed effectively.
ONS has developed strong security measures to safeguard submissions but we did not want citizens just to take our word on this
The assurance review took a three-phase approach, covering governance and management, operational security, process and design, and security assurance.
Andy Wall, Chief Information Security Officer at the Office for National Statistics comments, “The protection of citizen information collected in the Census is critical. ONS has developed strong security measures to safeguard submissions but we did not want citizens just to take our word on this."
Security Assessment Criteria
"It was very important for us to test our approach and measures and so we wanted an independent view. A specialist organisation like Bridewell, which has the expertise to look under the bonnet of the Census and assess the detail of what we have built, was very valuable.”
The assessment criteria comprised of a range of selected controls, outcomes, and good practice from security industry recognised control frameworks to ensure the assessment was not confined by one singular framework.
This included ISO27001, the Cyber Security Framework, the Open Web Application Security Project Software Assurance Maturity Model, the UK Security Policy Framework, NCSC principles, and other guidance.
Implementation of assessment
In total, Bridewell shared 21 findings in review which were rapidly addressed before the assessment concluded
The scope of the review included systems, services, and staff in ONS and NISRA supporting the Census, the Census supply chain, and physical and digital security. Bridewell also assessed how comprehensive and effective the assurance review itself was in improving the programme’s security. In total, Bridewell shared 21 findings in review which were rapidly addressed before the assessment concluded.
Scott Nicholson, Co-CEO at Bridewell adds, “The Census is vital to informing how organisations and public authorities effectively plan and fund critical services we all require. Whilst completion of the assessment is a legal requirement, members of the public need confidence that the data they provide will be processed fairly and lawfully with adequate protection in place."
"We are proud to have played a key role in independently assessing the governance, design, implementation, and operation of controls to ensure they are providing an appropriate level of protection.”
When technology performs a required task effectively, there is little reason to upgrade to the ‘next big thing’. In this regard, the physical security market is notoriously slow to change.
Much of yesterday’s most robust and dependable equipment is still in place at thousands of customer sites, still performing as well as the day it was installed. However, there comes a point when any technology becomes outdated. We asked this week’s Expert Panel Roundtable: Which security technologies are becoming outdated or obsolete?
When the United Kingdom voted to leave the European Union, a world of uncertainty unfolded for those doing business in the UK and the EU. The referendum was passed in July 2016. Including subsequent delays, the separation was completed after four years in January 2020, with a transition period ending December 2020. Even with the deadlines past, there are still pockets of uncertainty stemming from the separation. We asked this week’s Expert Panel Roundtable: How has Brexit affected the security industry?
Security technology has been a vibrant and successful market for decades now, but sometimes the public is not aware of those successes. Awareness in some cases is limited because security technologies work ‘behind the scenes’ to keep everyone safe.
In other cases, the industry may be seen in a negative light, based on misinformation about topics such as surveillance and privacy. How can we get the word out about our industry’s successes? We asked this week’s Expert Panel Roundtable: How can the security industry market and promote itself better?