Cyber security

Axis Communications, a industry pioneer in video surveillance, announces it has signed the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge to transparently communicate about the cybersecurity posture of Axis products.    The voluntary Secure by Design pledge of the U.S. government agency, CISA, calls on manufacturers to make the security of customers a core business requirement by addressing seven key aspects of security:   Use of multi-factor authentication  Reduce default passwords  Reduce classes of vulnerabilities  Enable customers to easily install security patches  Publish a vulnerability disclosure policy  Demonstrate transparency in vulnerability reporting  Demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products AXIS OS-based network products “CISA’s Secure by Design pledge aligns well with our goal of making cybersecurity a core part of what we offer,” says Johan Paulsson, Chief Technology Officer, Axis. “By making this pledge, we affirm our continuous commitment to helping customers follow cybersecurity best practices and drive greater accountability in the physical security industry.” Outlined below is how Axis addresses the Secure by Design pledge in its product portfolio, ranging from AXIS OS-based network products, video, and device management software, to service offerings like Axis Cloud Connect.  Implementing security in the Axis product portfolio   Reducing the risk of software vulnerabilities is an integral part of Axis software development. Axis developers follow the Axis Security Development Model (ASDM) in order to mitigate security risks throughout the product lifecycle. The security framework, involving processes and tools, also includes strengthening product security through external resources, namely through Axis’ bug bounty programs and enabling people to easily report bugs or vulnerabilities to the Axis Product Security Team. Axis patches and discloses vulnerabilities as a CVE Numbering Authority (CNA), and the company’s published vulnerability management policy outlines what, when and how it works with vulnerability disclosures. The Axis Trust Centre serves to provide cybersecurity and compliance information for Axis as a company and for AXIS OS-based network products, and will eventually cover other Axis products and services as well.    AXIS OS-based network products   Axis’ wide-ranging IP-based network devices, from cameras, intercoms, loudspeakers and access control products, are powered by the operating system, AXIS OS. AXIS OS is designed with no default passwords. It supports multi-factor authentication when customers access the devices using centralised identity and access management (IAM).  AXIS OS enables zero-trust networking by default from factory for secure device verification and onboarding. It allows Axis network products to automatically authenticate through IEEE 802.1X with their IEEE 802.1AR-compliant secure device identities. AXIS OS also supports powerful encryption through IEEE 802.1AE MACsec, protecting, at the fundamental level, network protocols like NTP and DHCP that do not offer native security, and double-encrypting secure protocols, such as HTTPS and other TLS-based protocols.   Additionally, AXIS OS-based devices feature hardware-based secure key storage functionality that is certified to FIPS 140-3 Level 3, together with Common Criteria EAL6+.   AXIS Camera Station  Axis’ video management software, AXIS Camera Station Pro and AXIS Camera Station Edge, ensure secure external communications between smartphone, tablet, browser, or PC client, and Axis network cameras through 256-bit AES encryption using Axis Secure Remote Access v2. Communication between client-servers and Axis devices, meanwhile, is secured using 256-bit AES encryption and TLS 1.2 or higher. The software products support multiple user access levels and granular control of different functionalities. AXIS Camera Station Pro enables password protection of devices using local or Windows active directory domain users, while AXIS Camera Station Edge supports two-factor authentication. AXIS Camera Station Pro provides alarm, event, and audit logs, supporting real-time notifications and tracking of system activities, and ensuring accountability.  Axis device management software  Axis offers several dedicated, easy-to-use software for managing edge devices like cameras, audio products, and access control. The device management applications, AXIS Device Manager, AXIS Device Manager Edge, and AXIS Device Manager Extend, help customers cost-effectively perform device software updates and security hardening across thousands of Axis network devices. Other supported functions include automating the lifecycle of TLS certificate provisioning; providing simple device configuration backup and restore capabilities that minimise human configuration error; and managing password changes, HTTPS, IEEE 802.1X and other services on Axis devices.  Axis Cloud Connect   Axis Cloud Connect is an open hybrid cloud platform that enables end customers and integration partners to manage Axis devices. It supports such activities as automatically applying new software updates that would include security patches for Axis network products. Device-to-cloud connectivity is established only through secure communication channels such as HTTPS and WebRTC with TLS 1.2/1.3. It supports single sign-on (SSO) and multi-factor authentication for My Axis accounts, which are used to provide access to services hosted by Axis. Cloud Connect also supports evidence gathering and automatic detection of sensitive cybersecurity activity through automatic tooling and audit log monitoring.  As part of the CISA pledge, Axis is committed to regularly sharing insights and progress into the cybersecurity posture of its products. It enables customers to verify and hold the company accountable, and helps strengthen the trust that customers should have when using Axis products. 

As 2026 approaches, cybersecurity threats are evolving at an unprecedented speed. Small and medium-sized enterprises (SMEs) face rising exposure as perpetrators adopt advanced AI, expand commercialised cybercrime platforms, and intensify nation-state activity. Recent intelligence, including the CrowdStrike 2025 European Threat Landscape Report, highlights how attackers are becoming faster, more capable, and more varied in their methods, raising the stakes across the UK’s interconnected supply chains. Seven critical risks Below, they discuss seven critical risks that will shape the 2026 threat landscape. Vishing and deepfake-driven social engineering will surge AI will supercharge social engineering. Hyper-realistic deepfake voice cloning will make vishing attacks dramatically more convincing, enabling criminals to impersonate executives, suppliers, and public authorities with unprecedented accuracy. As these tools become widely accessible, SMEs, often with limited training and internal verification controls, will face a sharp rise in targeted social engineering campaigns. Identity protection will become a top priority amid rising SaaS and cloud adoption The rapid proliferation of cloud applications and SaaS platforms continues to outpace many organisations’ ability to secure them. Misconfigurations, fragmented access controls, and an expanding set of user identities create ideal conditions for attackers. Identity protection, including MFA enforcement, conditional access controls, and behavioural monitoring will become an essential foundation for modern cyber defence as attackers increasingly exploit identity-based vulnerabilities. Commercialised as-a-service cybercrime will open the door to more diverse attackers Cybercrime is now fully commercialised, with Ransomware-as-a-Service and Phishing-as-a-Service platforms enabling criminals of varying skill levels to launch sophisticated attacks quickly and cheaply. Many reports, including the previously mentioned CrowdStrike 2025, confirm the acceleration of these trends, noting that European organisations account for a growing share of ransomware victims and that both criminal and nation-state campaigns continue to escalate. As these platforms continue to evolve, SMEs, often serving as entry points to larger supply chains, will experience intensified targeting. Nation-state attacks will intensify as geopolitical tensions grow State-backed cyber operations are increasing in frequency and ambition. Critical infrastructure, logistics networks, healthcare, and essential supply chains remain high-value targets for nation-state actors seeking strategic advantage or disruption. With advanced reconnaissance, automation and AI-enabled attack methods now standard among these groups, the pressure on UK organisations has never been greater. This is a threat the UK must get ahead of; prevention is far more effective than the cure. Patch and vulnerability management will remain core to preventing breaches Even as threats become more complex, many successful attacks will continue to exploit unpatched systems and well-known vulnerabilities. Automated scanning tools allow cybercriminals to detect weaknesses within minutes of disclosure. Organisations with inconsistent patching, outdated systems, or weak vulnerability governance will be disproportionately exposed. Effective patch and vulnerability management remains one of the most reliable ways to reduce an attacker’s opportunity window. Threat intelligence will be essential to prioritising cyber workloads With expanding attack surfaces and increased alert volumes, many organisations, particularly SMEs, struggle to understand which threats genuinely matter. Actionable threat intelligence will become indispensable, enabling security teams and outsourced partners to prioritise patching, triage alerts, and focus resources on the most likely and most damaging risks. Reactive models are no longer viable; 2026 will demand intelligence-led, proactive security operations. Supply chain and third-party attacks will continue to rise Interconnected supply chains remain one of the greatest systemic risks. Attackers know that compromising a single SME can trigger cascading disruption across multiple sectors. In critical industries, such as pharmaceuticals, food distribution, energy and logistics, the consequences could be severe, even societal. As both criminal and nation-state groups increase their focus on supply chain infiltration, organisations must strengthen third-party risk management and invest in resilience across their entire ecosystem. 2026 will be a defining year for cybersecurity. To best withstand the challenges ahead, organisations must prioritise comprehensive identity protection that covers the whole business, including all cloud applications, configurations, workloads and infrastructure. This must be combined with an emphasis on patch and vulnerability management, intelligence-led security operations, and reinforced supply chain resilience. As far as AI is concerned, it’s vital to fight fire with fire: use the same tools cybercriminals use, and adapt them to fight the good fight. This way, businesses stand the best possible chance of steering clear of trouble.

The Center for Internet Security, Inc. (CIS®), Astrix Security, and Cequence Security now announced a strategic partnership to develop new cybersecurity guidance tailored to the unique risks of artificial intelligence (AI) and agentic systems.  This collaborative initiative builds on the globally recognised CIS Critical Security Controls® (CIS Controls®), extending its principles into AI environments where autonomous decision‑making, tool and API access, and automated threats introduce new challenges. The intent of the partnership includes initially developing two CIS Controls companion guides: one for AI Agent Environments, which will focus on securing the agent system lifecycle; the other for Model Context Protocol (MCP) environments. Adopt AI responsibly and securely MCP environments introduce unique risks, including credential exposure, ungoverned local execution, unapproved third‑party connections, and uncontrolled data flows between models and tools. Together, these guides will provide targeted safeguards for organisations operating in environments where MCP agents, tools, and registries interact dynamically with enterprise systems.  “AI presents both tremendous opportunities and significant risks,” said Curtis Dukes, Executive Vice President and General Manager of Security Best Practices at CIS. “By partnering with Astrix and Cequence, we are ensuring that organisations have the tools they need to adopt AI responsibly and securely.”  AI ecosystems Astrix’s contribution centres on securing AI agents, MCP servers, and the Non‑Human Identities (NHIs), such as API keys, service accounts, and OAuth tokens, that link them to critical systems.  “AI agents and the non‑human identities that power them bring great potential but also new risks,” said Jonathan Sander, Field CTO of Astrix Security. “Our focus is helping enterprises discover, secure, and deploy AI agents responsibly, with the confidence to scale. Through this partnership, we’re providing clear, practical guidance to keep AI ecosystems safe so organisations can innovate with confidence.”  API security experience Cequence brings years of enterprise application and API security experience to agentic AI enablement and security. “As organisations embrace agentic AI, trust hinges on visibility, governance, and control over what those agents can see and do to your applications and data,” said Ameya Talwalkar, CEO of Cequence Security. “Security is strongest through collaboration, and this partnership gives organisations clear guidance to adopt AI safely and securely.”  How the partnership supports organisations  Extends trusted cybersecurity frameworks into AI environments, addressing risks from autonomous systems and integrations.  Delivers clear, prioritised safeguards that guide enterprises toward secure and responsible AI adoption.  Resilience across the AI ecosystem Combines expertise across standards, API security, and application defence to provide comprehensive protection. The new guidance is scheduled for release in early 2026, accompanied by workshops, webinars, and supporting resources delivered jointly by CIS, Astrix, and Cequence. Together, the organisations aim to help enterprises translate recommendations into practice while building a stronger foundation of trust, transparency, and resilience across the AI ecosystem. By working from a shared framework, enterprises, vendors, and security leaders can align on a common language for securing AI environments.

Camelot Secure, a revolutionary cybersecurity company, now announced that Stan Oliver, President/CEO of Camelot Secure, Phoenix, and DigiFlight, has been selected as a board member to the Duke University Cybersecurity Master of Engineering Program’s Industry Advisory Board. The Board’s mission is to provide expert guidance that supports and fosters innovation and excellence in curriculum, student internships, entrepreneurship, graduate outcomes, and related areas. Evolving cyber challenges “I’m honoured to join the Duke University Cybersecurity Master of Engineering Program’s Industry Advisory Board and to contribute to shaping the next generation of cybersecurity professionals,” Oliver said. “With decades of experience supporting government and defense programs, I’m particularly excited to help bridge the gap between academic learning and real-world application. By strengthening internship pathways and hands-on experiences, we can ensure that students graduate ready to meet today’s evolving cyber challenges with confidence and purpose.” Next generation of cybersecurity Board members play an essential role in helping Duke establish the program as a centre of excellence in educating the next generation of cybersecurity pioneers. Duke is privileged to have globally recognised pioneers on its Cybersecurity Industry Advisory Board. “I’m delighted to announce that Mr. Stanford Oliver has joined our Cybersecurity Advisory Board,” said Art Ehuan, Executive Director of the program. “Stan brings exceptional leadership, deep cybersecurity expertise, and invaluable perspective to our students and faculty. We’re honoured to have him join our distinguished board of nationally recognised cybersecurity pioneers.” Real-world cybersecurity scenarios In addition to his advisory role, Oliver will leverage his companies to actively collaborate with Duke’s Pratt School of Engineering and its Engineering Graduate and Professional Programs to support student success beyond the classroom. As part of this initiative, Camelot Secure and DigiFlight will work with faculty to offer students opportunities to participate in final projects and capstone engagements that build on program coursework while challenging students to apply their knowledge to real-world cybersecurity scenarios. These experiences will expose learners to mission-aligned cyber operations, complex threat environments, and emerging technologies, further strengthening the pipeline of highly prepared, industry-ready graduates poised to make an immediate impact in the field.

In today’s connected world, attacks are more likely to target digital than physical entry points. From ransomware and firmware tampering to remote hijacking, AI-driven phishing and automated vulnerability discovery, the nature of threats is evolving rapidly, and no industry can afford to neglect them. As our industry has moved from mainly mechanical to increasingly digital solutions, we have long recognised the importance of constantly monitoring and assessing the risks we face. This means not only meeting mandatory regulations but also voluntarily adopting international standards such as ISO 27001, which protects data and systems through a structured and independently audited framework. Today’s fast-changing risk environment is also why the EU introduced the Network and Information Security Directive 2 (NIS2) – to raise the bar for cybersecurity across Europe. But what do measures like NIS2 and the Cyber Resilience Act (CRA) mean in practice? How does the rise of AI fit in? And most importantly, what should our industry be doing to stay secure in such an unpredictable digital landscape? The new regulations Compliance is not just about meeting regulations, it is also a competitive advantage NIS2 is reshaping cybersecurity expectations by setting higher standards to reduce risk, improve transparency, and protect data and services. Alongside it, the CRA introduces mandatory requirements for products with digital components. This makes “secure by design,” regular updates, and compliance checks essential before products can enter the EU market. For companies in our industry, responsibilities now extend well beyond internal systems. Organisations must also ensure that suppliers and service providers comply, with regular risk assessments forming a central part of the process. The consequences of falling short are severe, ranging from significant fines and audits to the potential withdrawal of products from the market. For our customers, the message is clear: security must be built in from the start. Compliance is not just about meeting regulations, it is also a competitive advantage. At ASSA ABLOY Opening Solutions EMEIA, security is part of our DNA.  We embed these standards into everything we do, giving customers solutions they can trust to be compliant and resilient.  The rise of AI  Artificial intelligence is transforming the digital security landscape and it cannot be separated from the regulatory framework shaping our industry. With AI advancing rapidly and new regulations coming into force, we have established a digital compliance framework to stay ahead of the curve and use AI as an enabler for improving security and achieving compliance. On one hand, AI brings powerful benefits, including more intelligent monitoring, faster anomaly detection, and smarter tools for operational efficiency. These capabilities directly support NIS2 and the CRA, particularly in the areas of proactive risk management and incident response.  AI and building cybersecurity standards On the other hand, AI introduces new risks. The attack surface is expanding and threats such as deepfakes and smarter phishing create serious threats that regulators are determined to address. Both NIS2 and the CRA emphasise continuous monitoring, transparency and accountability, principles that must now also guide the responsible use of AI.    At ASSA ABLOY Opening Solutions EMEIA, we see AI not just as a risk to mitigate, but as a capability to strengthen resilience and trust. That is why we are embedding strong governance practices around AI and building cybersecurity standards into every stage of product development. By doing so, we help our customers align with new regulations while ensuring AI serves as a tool for greater security and confidence. Trust and compliance Beyond our own operations, we are also committed to supporting customers on their compliance journey At ASSA ABLOY Opening Solutions EMEIA, we are taking NIS2, the CRA and the rise of cyber-threats seriously, ensuring compliance and enhancing trust with all our customers. We have reinforced supplier oversight, streamlined incident reporting, and embedded cybersecurity into every stage of product development and lifecycle management. Our teams also conduct ongoing risk assessments and post-incident reviews, ensuring that lessons are learned and improvements are made. By taking these steps, we not only meet regulatory requirements but strengthen the resilience of our supply chain and the trust customers place in us. Beyond our own operations, we are also committed to supporting customers on their compliance journey. Initiatives such as our recently released whitepaper “Enhancing Cyber–Physical Resilience with Digital Access Solutions” and a detailed NIS2 whitepaper developed in Germany last year provide clear, practical guidance. By showing what these regulations mean in practice and how intelligent access solutions can directly support compliance, we aim to make the path forward less complex and more achievable for our customers. Looking ahead The days when security threats to businesses and products were only physical are long passed. Today, we find ourselves in a world where the digital realm poses even more serious and constantly evolving challenges. It is therefore crucial that, as an industry, we take the necessary steps to meet the directives of NIS2 and the CRA and also constantly monitor the rise of AI. Only by doing so can we protect our customers, preserve our reputations, and build the trust that defines true leadership in security.

The Internet of Things is growing quickly. It has moved far beyond a few smart gadgets at home. Today, connected technology is in homes, factories, hospitals, farms, and cities. Experts expect the global market for IoT devices to rise from about $70 billion in 2024 to more than $181 billion by 2030. This means more devices, more data, and more opportunities for industries everywhere. This growth comes from several advances working together. 5G connections make it possible to send and receive data faster. Edge computing processes information close to where it is created, which helps with quick decisions. Analytics allow organisations to understand and act on the data they collect. Together, these improvements are opening the door to new ways of working, producing, and communicating. IoT:  The next generation As devices become more advanced, they use more energy and send more data. Think about high-quality security cameras, detailed environmental sensors, or systems in vehicles that send constant updates. All of these devices require a strong supply of power and a steady connection. In 2024, sensors made up more than 32 percent of all IoT device sales. Sensors are essential, yet the next wave of devices will do even more. They will process information themselves, use artificial intelligence, and include many features in one unit. This progress depends on networks that deliver both the energy and the bandwidth to support them. Into the future Devices and applications keep improving, so networks need the flexibility to handle what comes next Setting up IoT systems is about more than meeting today’s needs. Devices and applications keep improving, so networks need the flexibility to handle what comes next. A future-ready design provides extra capacity in both power and data flow. This way, when it’s time to add new devices or upgrade existing ones, the system is prepared without requiring major changes. One smart approach is to use modular equipment. For example, a network switch might deliver more power than devices currently use, while allowing room to connect more advanced devices later. This helps keep the system ready for growth. Built for all IoT devices often operate in challenging places. Factories, power plants, rail lines, and shipping ports face extreme temperatures, dust, vibration, and other difficult conditions. Network equipment in these locations needs the strength to keep working through heat, cold, and constant use. Industrial-grade gear is designed for these environments. It can run in a wide range of temperatures, handle physical impacts, and resist interference. Features such as port security, which keep a connection safe if a cable is removed, help protect both the equipment and the data it carries. Systems with backup power inputs continue to run even when one power source goes offline. Plug into PoE Power over Ethernet (PoE) sends both energy and data through the same cable Power over Ethernet (PoE) sends both energy and data through the same cable. This makes installation simpler and allows flexibility in where devices are placed. And as devices become more capable, they often need more power to operate. The latest innovation for PoE can deliver up to 90 watts on each port. This is enough to support advanced devices like AI-enabled cameras or multi-sensor units. When every port on a switch can supply that much power at the same time, adding more devices is straightforward and performance stays strong. Protecting the network Every connected device is part of a larger network. Protecting this network means securing data from the moment it leaves the device until it reaches its planned destination. Built-in security features in network equipment — such as secure architecture, encryption support, and physical safeguards — help keep information safe. They also help meet industry and government requirements for equipment sourcing and design. A clear path Organisations leading in IoT think ahead. They prepare for the next stage of technology by building networks with flexibility, durability, and protection in mind. These networks supply extra power, allow more bandwidth, and keep data secure while adapting as the system grows. The focus is on creating a foundation that supports innovation year after year. This means planning for devices that are faster, more capable, and more connected, while making sure the infrastructure grows right along with them. Looking ahead Strong, adaptable, and secure networks will allow connected devices to reach their full potential The IoT of the future will touch nearly every part of daily life. It will help farmers grow food more efficiently, guide self-driving vehicles, improve medical care, and keep cities running smoothly. As devices multiply and gain new abilities, the networks powering them need to grow in step. Strong, adaptable, and secure networks will allow connected devices to reach their full potential. By planning for both today’s needs and tomorrow’s possibilities, organisations can make the most of the opportunities IoT brings—and keep those opportunities expanding for years to come. Key takeaways: Preparing for the future of IoT The IoT market is growing fast The global market for connected devices is expected to grow from $70 billion in 2024 to more than $181 billion by 2030. This means more devices in more industries, from farming to healthcare to transportation. Devices are using more power and data Newer devices have more features — such as high-quality video, built-in AI, and multiple sensors — and these require stronger power supplies and faster connections. Future-ready networks are essential Infrastructure should allow extra capacity for both power and data. This ensures new devices can be added without major changes or delays. Environments vary, so equipment should match the setting Industrial areas, outdoor spaces, and transportation hubs need rugged, reliable equipment that works in extreme conditions and stays secure. Security starts at the network level  Built-in protections — like secure architecture, encryption, and physical safeguards — help keep information safe and meet important industry requirements.

The sheer volume of smart locks, lock management systems, connected readers and an increasing array of Internet of Things (IoT) devices complicates the issuance and management of certificates that are foundational to establishing trust between a device and the credential used to access it. That’s why more companies are turning to PKIaaS for IoT devices. But there’s another reason to consider PKIaaS: the rise of quantum computing. Secure digital communications Gartner predicts that the pace of quantum computing will render asymmetric cryptography systems PKI certificates form the backbone of secure digital communications, but Gartner predicts that the pace of quantum computing will render asymmetric cryptography systems unsafe by 2029 and could render all current cryptography unsafe by 2034. As with any software implementation, there are pitfalls to avoid, including vendors that use proprietary technology that’s incompatible with other systems and “gotcha” pricing tactics where a slight increase in certificate usage triggers a massive increase in pricing. However, the time to implement PKIaaS is now. Physical security faces growing cyber threats Although ransomware attacks directly on computing infrastructure dominate business headlines, physical security systems are also under threat. An HID survey of over 1,200 security professionals, end-users and executives shows that 75% reported threats to their physical security systems in the past year, as these systems are more tightly integrated with company IT networks. Until recently, most physical access control systems (PACS) were proprietary and worked only on the specific systems they were designed to interact with. However, the movement toward open supervised device protocol (OSDP) revolutionised the field, allowing companies to integrate and control devices from different vendors while improving compatibility and security. PACS and IoT devices  PKIaaS makes sense as the number of digital certificates needed to power PACS and IoT devices As a result, 40% of companies plan to either update or change access control systems in the next year, with 21% emphasising the need for open standards like OSDP to both improve interoperability and future-proof their systems. When asked about reasons for a proposed upgrade, more than half cited convenience, while another 40% sought to improve their overall security posture. PKIaaS makes sense as the number of digital certificates needed to power PACS and IoT devices continues to increase, promoting security and reducing manual processes related to tracking certificates. Regulatory compliance demands automation and agility Companies also face increased regulatory pressures regarding technology in general — and certificates in particular. The European Union’s Cyber Resilience Act sets mandatory cybersecurity standards for manufacturers and retailers, covering the planning, design, development and maintenance of products throughout the entire value chain. Certain high-risk products must undergo third-party evaluation by an authorised body before being approved for sale in the EU. EU Cybersecurity Act shows a unified certificate framework for ICT products, services and processes More specifically, the EU Cybersecurity Act establishes a unified certification framework for information and communications technology (ICT) products, services and processes. Businesses operating in the EU will benefit from a “certify once, recognised everywhere” approach, meaning that approved ICT offerings will be accepted across all EU member states. Given the global nature of PACS, these regulations likely will impact companies well beyond the EU, much like the general data protection regulation on websites has. These changes, when considered together with rapid advancements in quantum computing, underscore the need for a unified certification solution such as PKIaaS to handle increased — and increasingly complex — certificate compliance. A path to PKI modernisation Modernising PKI through a PKIaaS model doesn’t have to be difficult. With a clear and phased approach, most organisations can transition smoothly while reducing risk and improving efficiency. It starts with a quick assessment of current certificate usage to understand where certificates are issued, how they’re renewed and any gaps in coverage. From there, it's about defining what you need and selecting a trusted partner. Look for a solution that integrates well with your existing systems, supports automation and scales as your needs grow. In terms of partners, not all PKIaaS vendors are the same. Look for one with a strong security track record and predictable pricing, which will simplify both onboarding and long-term management. When it comes to vetting vendors, ask the following questions: Is the solution scalable? The trend toward future-proof installations has never been greater. As the number of certificates increases, any PKIaaS solution must be able to grow in concert. How will pricing change as certificate volume grows? Some solutions are priced in tiers by the number of certificates. If a company exceeds that maximum by even a single certificate, it owes not only the price difference between tiers, but it will also be expected to pay for that tier the following year, which can bring a significant financial surprise. How are CAs accessed and stored? Look for companies that can provide long-term offline secure storage of certificates that can also track when CA keys are accessed. What support is included in the PKIaaS? Specifically ask vendors about up-front costs for implementation and onboarding to get a real apples-to-apples comparison among partners. Step-by-step replacement of manual processes A pragmatic approach allows corps to move quickly and confidently from legacy PKI to a scalable Once a vendor in place, start with a focused rollout, e.g., automating certificate renewals for internal systems or a specific business unit. Once the pilot is complete, expand automation with a step-by-step replacement of manual processes to limit operational disruptions. Finally, as PKIaaS becomes embedded in day-to-day operations, it’s important to align it with broader security governance. Establishing regular reporting and clear policies, as well as future-proofing for quantum-safe cryptography to ensure long-term resilience and compliance without adding complexity. This phased, pragmatic approach allows organisations to move quickly and confidently from legacy PKI to a scalable, secure and future-ready solution. A necessary upgrade According to an analyst report, manual certificate management can cost organisations up to $2.5 million annually in labour and outage-related expenses. While automation reduces these costs by up to 65%, the real challenge in IoT environments lies in managing scale. With device lifecycles often spanning decades and certificate volumes reaching millions — especially across distributed, resource-constrained endpoints — manual PKI processes and legacy infrastructure simply can't keep up. The convergence of regulatory mandates, quantum computing threats and rising cyber risks to connected physical systems makes scalable, cloud-based PKIaaS not just a strategic advantage, but a foundational requirement for secure IoT deployments.

Multiple technology trends are transforming the physical access control market. There is a fundamental shift away from physical cards and keys toward digital identities — mobile credentials, digital wallets, biometrics, and cloud-native access platforms. These next generation access solutions are radically reshaping how buildings operate, protect staff, and perform functionally. At the same time, AI and analytics solutions are being layered onto these physical access control systems to support predictive threat detection and behavioural insights. Access data itself is becoming an asset for sustainability, space optimisation, and smart building initiatives. Risk, impact operations and experience The annual HID Global Security and Identity Trends Report highlights these and other issues The annual HID Global Security and Identity Trends Report highlights these and other issues. The survey cites improving user convenience as a priority for nearly half of organisations, while 41% are focused on simplifying administration, and 28% struggle with system integration. These are not theoretical challenges, they are day‑to‑day friction points that add cost, increase risk, impact operations and experience, and, of course, must be addressed. HID Global’s commercial focus HID Global’s commercial focus is to help organisations digitise their access control — with mobile identities, biometrics, and cloud platforms — and then to use the data to deliver more value. “We are turning access control from an operational cost into a software-driven asset that improves efficiency, supports Environmental, Social, and Governance (ESG) goals and even creates new revenue opportunities,” says Steven Commander, HID Global’s Head of Consultant Relations. The impact of digital transformation Digital transformation is the method of moving access control from hardware and physical credentials Digital transformation is in the process of moving access control from hardware and physical credentials to a software-driven, integrated experience. The transformation strengthens security while also improving user convenience — transforming the “pavement to the desk” journey. HID enables this shift through mobile credentials, biometrics, cloud-native platforms, and solutions that allow third-party applications to run on door hardware. “This helps customers turn access data into operational and commercial outcomes, while also improving the overall user experience,” says Commander.  Digital transformation in access control is not focused on chasing the latest trends. Rather, transformation is about turning software, data and integration into outcomes that matter to customers, says HID. “Security becomes stronger and more adaptive,” says Commander. “Operations become simpler and more cost‑effective. Experiences become seamless and consistent. Sustainability moves from ambition to action. And the financial case becomes clearer as efficiencies are banked and new value streams emerge.” The challenge of futureproofing with long lifecycles Given that physical security technologies will be in place for 15 to 20 years, it is important to plan for how systems can evolve over time. Considering how rapidly security threats, compliance standards, and user expectations change, 15 to 20 years is a long time. The decisions made at the beginning of a system’s lifecycle can either limit flexibility later (which will be costly) or enable long-term adaptability. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important Choosing products and platforms that are open, interoperable, and designed for updates can enable future-proof projects. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important.  In addition, systems built on open controller platforms — such as Mercury — enable organisations to switch software providers or expand functionality without replacing core door hardware. Architectural openness is key to system lifecycles and maximising the return on investment (ROI) from a chosen solution. Digital credentials and mobile access Flexibility and upgradeability should also be top of mind when it comes to endpoints like access control readers. While RFID cards are still commonplace, there is a clear trend toward digital credentials and mobile access. Readers that support both allow organisations to transition at their own pace, without committing to a full system overhaul. A long system lifecycle does not mean technology should remain static. Security, particularly cybersecurity, demands more frequent updates. Technologies that support firmware upgrades in the field extend the value of a deployment while helping organisations keep pace with emerging threats. In that sense, lifecycle thinking is not just about longevity — it’s about maintaining resilience and readiness over time. Applying biometrics and mobile identities Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction. Many organisations are now deploying biometrics to support fast, seamless access journeys, with adoption already around 39% in access control according to HID’s recent research.  In addition, 80% of organisations surveyed expect to deploy mobile identities within the next five years. Full technology integration enables tap‑to‑access without opening an app; the user journey becomes faster, safer, and more convenient. “It is where the industry is headed and we are at the vanguard of this,” says Commander.    Ongoing challenge of cybersecurity At HID Global, cybersecurity is embedded into everything, from corporate processes and development practices to the solutions they bring to market. “Our approach ensures that customers can strengthen their overall security posture, not only by deploying secure products but by benefitting from HID’s commitment to the highest industry standards,” says Commander. HID holds multiple globally recognised certifications, including ISO 27001, ISO 14298, SOC Type 2 and CSA STAR, which demonstrate their robust information security and cloud security practices. In addition, HID’s SEOS® secure chipset is independently SEAL-certified, providing one of the most advanced levels of protection available on the market today. “Ultimately, this means organisations are not just purchasing isolated secure products; they are implementing solutions developed and delivered within a comprehensive, cybersecure framework,” says Commander. “When deployed according to best practices, HID solutions enable customers to achieve the highest levels of resilience against evolving physical and cyber threats.” Developing green and sustainable solutions A huge amount of waste is generated from the manufacture of plastic RFID access cards Digital credentials align with the sustainable solutions that everyone wants. A huge amount of waste is generated from the manufacture of plastic RFID access cards. Over 550 million access cards are sold annually. This creates 2,700 tons of plastic waste and 11,400 tons of carbon, based on a PVC card weighing 5 grams.  Therefore, digital credentials self-evidently reduce the reliance on plastic cards (helping reduce carbon emissions by up to 75% according to HID’s research), while leveraging access control system data supports energy optimisation by shutting down or reducing systems in unused spaces. Energy use and CO₂ emissions can be cut dramatically, showing how access systems can contribute to sustainability goals and green building certification. What is the latest in smart buildings? Smart buildings increasingly rely on mobile access control as the backbone for digital services. Real-time access data enables new services such as automated room bookings, HVAC control, lift/elevator calling, e-bike hiring, and so on. Smart buildings increasingly rely on mobile access control as the backbone for digital services The financial upside is clear; smart, digitally transformed buildings can deliver around 8% higher yields per square foot versus traditional office space. Operational savings accrue from reduced administration, the removal of card production and shipping, and lighter IT support. This creates a value cycle — better experiences drive adoption, adoption fuels monetisation, and monetisation funds further improvements. Achieving technology impact in the real world One standout project is One Bangkok – a $3.9 billion mixed used development in Thailand – which demonstrates the scale of what can be achieved when access control data is used for optimisation, particularly when it comes to monitoring facilities usage and occupier behaviours. By switching lights off or lowering the temperature in unused rooms, for example, the One Bangkok building demonstrates this potential with a 22% reduction in energy consumption, saving 17,000 MWh and 9,000 tons of CO₂ annually.  Sustainability is a key factor in contributing to how properties are valued. And sustainability extends far beyond digital credentials having a lower environmental impact than plastic cards.  Buildings with recognised sustainability certifications often command rental premiums of around 6%, and three‑quarters of security decision‑makers now consider environmental impact in their procurement assessments.

The practice of executive protection changed forever on Dec. 4, 2024, when UnitedHealthcare CEO Brian Thompson was shot outside a Manhattan, New York, hotel.  The shocking event raised awareness in board rooms around the world about the need for, and challenges of, executive protection. Questions followed immediately, including why was the high-level executive not protected? Combination of risk and reward  UnitedHealthcare’s stock price has gone down more than 20% since the shooting The event also highlighted what is at stake for companies, extending beyond the safety of executives and impacting many factors, even including a company’s stock price. UnitedHealthcare’s stock price has gone down more than 20% since the shooting, equating to tens of billions of dollars. “Companies are considering the combination of risk and reward like never before when it comes to executive protection,” says Glen Kucera, President of Allied Universal Enhanced Protection Services. “What are the chances this could happen? Before Dec. 4 many thought it was zero. And what are the financial implications for a company if it happens? Executive protection is a small investment to protect against a worst-case scenario.” Evaluation of an executive protection  Before the UnitedHealthcare shooting raised awareness, fewer than 50% of executives had protection. But concerns that previously fell on deaf ears now have the full attention of companies, says Kucera. “Boards of directors are having to figure this out,” he adds. “They may not have executive protection, but now they have to do it.” A threat assessment, conducted by a company such as Allied Universal, provides an independent evaluation of a company’s executive protection needs. The assessment evaluates factors such as an executive’s travel habits, the safety of their home, etc. Does the executive need protection 24/7, or just when they travel into more dangerous areas? Risks increase related to corporate earnings Sometimes, cases increase the need for executive protection, such as an internal threat In assessing threats, security professionals also look beyond the individual to consider the safety of a corporate facility, for example. “Is there a visual deterrent, controlling who comes and goes?” asks Kucera. “If there is good security, it all ties together. We do home assessment, facility assessment, route assessment, and travel assessment as needed.” Sometimes, circumstances increase the need for executive protection, such as an internal threat. Timing is a factor, and risks increase related to corporate earnings releases, new product announcements, and corporate layoffs or consolidation. Monitoring social media tracks shifting threats that impact the need for executive protection. UnitedHealthcare shooting  “He didn’t have it and probably didn’t think he needed it,” comments Kucera about the UnitedHealthcare executive who was gunned down in the streets of New York City. “He was staying at the hotel across the street and was used to walking down the street every day.” “Sometimes executives want to preserve their privacy and be able to walk down the street,” says Kucera. “Getting protection can be seen as a sign of weakness. Some CEOs in the past have said they just didn’t want it.” However, the UnitedHealthcare shooting raised the stakes of the need for more vigilance. “The bottom line is you have to yet beyond objections and make the investment to protect against a worst-case scenario,” says Kucera. Anti-capitalist sentiment in the general population An internal police bulletin warned of an online hit list naming eight executives and their salaries Threats to executives sometimes arise from anti-capitalist sentiment in the general population about perceived inequalities in wealth and power. Executives provide symbolic targets for anyone who fights the system, and social media has amplified the voices of those who oppose capitalism.  For example, a "Most Wanted CEO” card deck seeks to shine a spotlight on "titans of greed." Also, in the aftermath of the UnitedHealthcare shooting, CEO "wanted" posters appeared across New York City, threatening various executives of large companies. An internal police bulletin warned of an online hit list naming eight executives and their salaries. Careful monitoring of social media posts Careful monitoring of social media posts and other sources enables executive protection professionals to analyse data and separate the dangerous threats from the merely negative ones. Sadly, positive support of the UnitedHealthcare shooting was expressed by the 300,000 or so followers of the shooter, who became a celebrity of sorts. A huge outcry of negative sentiment toward the insurance industry led to fear that copycat incidents might occur. “There has been an unprecedented amount of positive support for committing murder,” commented Kucera. Executive protection requests HR executives can be at risk, especially at a time of layoffs or consolidation “Let’s face it, there has been a lot of controversy, from COVID to the Middle East crisis, to the political campaign, and there is negativity on both sides,” says Kucera. “People have opportunities to pick sides, and there is a lot of sentiment going both ways, and there is a small percentage of people who will act aggressively.” Executive protection requests now extend beyond the CEO to include others in the management ranks of companies. Basically, any public-facing executive is at risk, including anyone who makes statements to the press. Human resource (HR) executives can be at risk, especially at a time of layoffs or consolidation.   Private information on the Internet Typically, an executive is assigned a single armed operative for protection. The firearm serves primarily as a visual deterrent that hopefully makes a potential perpetrator think twice. “When they plan an event like this, their expectation is that it will be a soft target,” says Kucera. “If there is an officer, it gives them pause.” Controversial or high-profile CEOs are typically protected 24/7, including when they travel with their family. Adding risks is the fact that private information is now posted on the Internet, including where an executive lives and where their children go to school. Internet monitoring  Internet monitoring also includes the “dark web,” which includes sometimes dangerous information “We offer social media monitoring, and we advise them to be more careful with what they post,” says Kucera. “We monitor reactions to posts including any that might be threatening. We watch social media carefully if a company announces earnings or a change in their service or product offering.” Internet monitoring also includes the “dark web,” which includes sometimes dangerous information that is intentionally hidden and requires specific software, configurations, or authorisation to access.   Own layer of protection Public and government officials can also come under fire in a variety of scenarios. FEMA officials faced threats after the recent floods in the Southeast, for example, among other situations where perceived unfair treatment promotes thoughts of retribution.  Although government agencies have their own layer of protection, there are instances when they call on companies such as Allied Universal for additional help.  Ad hoc protection for various executives In the aftermath of the UnitedHealthcare shooting, calls to Allied Universal’s Command Centre increased by 600%, reflecting requests for ad hoc protection for various executives.  These requests are in addition to the company’s business providing “embedded” operatives that travel with executives all or some of the time. On that side of the business, requests for services are up probably 300%, says Kucera. {##Poll1742194323 - Has the recent increase in violent threats changed your company's view on executive protection?##}

As the pioneering security event in the United States, ISC West is truly the global focal point for bringing together professionals across the physical and cybersecurity landscape. The event seeks to showcase innovation in security technology, nurture professional development, and explore the security implications of today’s connected world. Future of security  With the growth of cybersecurity programming and the established Cybersecurity & Connected Internet of Things (IoT) pavilion, ISC West is addressing the future of security head-on. “As the lines between the digital and physical worlds blur, collaboration and shared learning among defenders have never been more critical,” says Mary Beth Shaughnessy, Event Vice President at RX USA, who oversees all aspects of the ISC brand. Shaughnessy previews what’s new at ISC West 2025 and shares other insights in our interview. Q: For long-time attendees at ISC West, what will be the biggest surprise at the 2025 show? Shaughnessy: Long-time attendees know to expect top-tier educational content through the SIA Education@ISC West program (produced by the Security Industry Association (SIA)) in addition to cutting-edge security innovations showcased by 700+ exhibitors. New this year is our focus on technology, training, and education around cyber-physical threats. In today’s connected world, physical and cybersecurity defenders must take a unified, holistic approach to protecting their people, assets, and data. ISC West serves as a bridge between those two worlds, helping organisations tackle the complex security landscape. Q: Presenting a high-profile music concert as part of ISC West is a fun value-add for attendees. Describe how this feature has been embraced by longtime attendees, and the plans for 2025. Shaughnessy: We’re thrilled to announce that the legendary Gin Blossoms will headline the ISC West Concert, sponsored by Wavelynx. This tradition began last year and became a celebrated highlight, offering professionals a chance to unwind and connect with colleagues and peers after a productive day on the show floor. When choosing a performer, we focus on acts that resonate across generations, making the experience both entertaining and memorable for our diverse audience. We are excited to continue this fun and exciting event and networking opportunity. Q: In the past, the education program at ISC West has been seen as secondary to the Expo event. How have you sought to increase the profile of the education program, and what new features will attract more attendees in 2025?   Shaughnessy: We’ve expanded the SIA Education@ISC programming from three to four days, now beginning two days before the expo hall opens. These dedicated education days ensure professionals can engage in thoughtful discussions and gain actionable insights without overlapping with the Expo. This year, we’re proud to partner with RSA to introduce a new “IT for Security Professionals” track while also offering our core tracks, including AI & Digital Transformation, Critical Infrastructure & Data Protection, Cybersecurity & IT, InfraGard National Members Alliance @ ISC, and Video Surveillance. We will also be welcoming powerful keynote speakers — Rachel Wilson, Director of Cybersecurity, Morgan Stanley Wealth Management; Will Bernhjelm, Vice President of Security, Mall of America; and Kate Maxwell, Chief Technology Officer, Worldwide Defense & Intelligence, Microsoft. Q: What else is “new” at ISC West in 2025? Shaughnessy: Our educational programming has grown significantly — this year’s SIA Education@ISC program is our most extensive yet, offering more than 115 sessions led by over 200 distinguished experts. With broader and deeper topics, the program emphasises the critical convergence of cyber and physical security, providing unparalleled insights for today’s security professionals. We are also significantly ramping up our cybersecurity offerings and expect to have more than 50 exhibitors in our Cybersecurity & Connected IoT pavilion with names such as Entrust and Ontic. Q: Networking is a critical aspect of ISC West. How are show organisers working to increase networking opportunities? Shaughnessy: Networking remains a top priority at ISC West, with countless opportunities to build valuable connections. Professionals can join peers at popular spots like The Bridge, The Cyber Hub, and the Career Zone (sponsored by: TEECOM). These spaces offer the chance to learn from industry experts, explore the challenges and innovations shaping the security workforce, and engage in dynamic discussions with peers. Also, returning by popular demand, the ISC West Concert, proudly sponsored by Wavelynx, delivers a vibrant evening of music and networking in a relaxed atmosphere. Together, these experiences ensure networking at ISC West is both impactful and memorable. Q: What is the biggest challenge for organisers of ISC West (and related events), and how are the organisers seeking to address the challenges? Shaughnessy: As with most events, there is a lot of pressure on organisers to ensure there’s “something for everyone,” add meaningful value, and introduce fresh, exciting features. At ISC West, we work to raise the bar each year by expanding our content with more thought pioneers, showcasing a broader range of innovative technologies, and fostering additional networking opportunities. Achieving top-quality results is no small task — it demands careful planning, collaboration, and a dedication to continuous improvement. This means actively listening to the needs of our attendees and exhibitors, staying ahead of industry trends, and ensuring we provide an experience that informs, inspires, and connects the security community.

Colt Technology Services (Colt), the global digital infrastructure company, released the key enterprise technology and market trends it expects to dominate the CIO agenda in 2026.   Based on customer insights, market intelligence and its own proprietary research, Colt anticipates AI Inference, the evolution of NaaS to ‘NaaS 2.0’ and quantum-safe security to shape the technology landscape over the next 12 months. Ever-changing regulatory environment “CIOs will continue to face headwinds in 2026 as they balance complex business transformation programs at scale – often centered around AI – with ongoing cost-reduction programs in an ever-changing regulatory environment,” said Buddy Bayer, chief operating officer, Colt Technology Services. “But there’s huge opportunity too: AI programs are beginning to mature, digital infrastructure has greater capacity than ever before, and we’re seeing an evolution of solutions like NaaS which are reshaping our digital experiences. It’s an exciting time and, at Colt, we’re leading the way for our customers.” New ways to generate ROI from AI Businesses continue to drive major investments in AI, but ROI, value creation and monetisation are proving elusive. Colt’s research finds one in five global firms spend US$750,000 annually on AI while 95% of the respondents in a recent MIT report study see no return on their investments. This misalignment between spending and measurable returns will shrink in 2026, as AI projects mature and begin to generate ROI, and as businesses find new ways to create value from AI. More vendors will build in AI maturity assessments and structured ROI models to help businesses define, track and quantify value across their AI tools. AI inference and Agentic AI 2026 will see AI inferencing reaching the next level of maturity, shifting from experimentation to integration into the enterprise IT environment, extracting insight, making predictions, and enabling smarter, context-aware decisions in real-time. McKinsey expects AI inference to account for a majority of AI workloads by 2030. This won’t just be limited to enterprises: Agentic AI, driven by inference, will be the force behind the automation and digitalisation of day-to-day consumer tasks from privacy management and healthcare to scheduling assistance and management of household chores, according to research from the IEEE. AI Wide Area Networking (WAN) Many of Colt’s conversations with customers centre around digital infrastructure’s ability to manage and optimise the performance, latency and security needed for AI workloads. AI WAN moves the conversation towards software-driven wide area networks, built for AI workloads, which dynamically manage AI traffic for peak performance and ensure application-level security of critical data. Innovation in sustainable networking technologies Similarly, AI workloads transmitted over transatlantic cables will grow in 2026 and are projected to surge from just 8% of total capacity in 2025 to 30% by 20351, placing additional strain on global network routes. Innovative tech trials and global partnerships are pioneering technologies which boost performance without increasing energy consumption or carbon emissions. Sovereign AI As nations grow their AI investments and regulations around AI governance come into force across many of the world’s major economies, sovereign AI is gaining momentum. It will rise up the CIO’s agenda as countries and organisations build and run their own AI systems using their own data, infrastructure, people, and rules. Sovereign AI is becoming more prevalent and increasingly important as nations look to stay in control of their technology, protect their data, and stay resilient in a world increasingly shaped by AI. NaaS 2.0 The NaaS market continues to grow, driven by a number of factors from AI, edge computing and cloud adoption to enterprises’ need to build in flexibility as they navigate dynamic global markets. Colt research found 58% of the 1500 CIOs it questioned said they were increasing their use of NaaS features due to growing AI demands.  In 2026 and beyond, people will see NaaS evolve to meet the demands of the AI era, moving beyond its traditional role in supporting digital experiences. The next generation of NaaS will be intelligent, automated, and outcome-focused, designed to deliver real-time performance, adaptability, and autonomy for AI-driven enterprises. Quantum security Rise in quantum security investment as Q Day gets nearer CIOs are under constant pressure to protect their data and infrastructure from emerging risk, and as governments and businesses develop a deeper understanding of quantum’s power and potential, attention and investment turn to quantum security. In its 2026 Technology and Security Predictions report2, Forrester forecasts that quantum security spending will exceed 5% of enterprises’ overall IT budget next year, while a report from The Quantum Insider estimates the quantum security market to grow at over 50% CAGR to 2030, reaching $10 billion. Traditional data cryptography methods are at risk of being deciphered by quantum computers. The point at when this happens is known as Q Day, and latest estimates suggest it could come as soon as 2030. Technologies such as post-quantum cryptography (PQC) and quantum key distribution (QKD) protect traffic from this risk as it travels across a network. 2026 will bring developments, trials and innovation in protecting data from quantum risk. Low Earth Orbit technologies – and quantum 2026 is set to be a breakthrough year for Low Earth Orbit satellites, with organisations launching new satellites and new services. These services are a vital part of global telecoms infrastructure, providing connectivity in underserved or rural areas, and providing resiliency to businesses looking for back-up options for their enterprise infrastructure. Colt is looking to trial low earth orbit satellite connectivity for quantum key distribution: this will enable secure and protected exchange of symmetric encryption keys using quantum technology, while overcoming the distance limitations of terrestrial connectivity. 2026 will see Colt and partners trialing space-based and subsea techniques which extend quantum security to global networks. Hybrid cloud computing models 2026 will see multi cloud models becoming the default, as enterprises look for more ways to build in flexibility and resilience to their infrastructure and move beyond single-provider strategies. Increasingly, APIs and secure interconnects between providers and hyperscalers are streamlined, complementary and competitive in pricing terms and accessible through aggregators. Edge computing will continue to grow through 2026 and beyond, driven by factors such as AI inference expansion, the rise in real-time analytics, and increasing data sovereignty requirements. Next-generation cloud providers Next-generation cloud providers are prioritising deployment of infrastructure at the edge, processing data closer to where it’s generated, while hyperscalers focus on scale and compute power in centralised locations. Both strategies are needed and complementary: Edge requires highly distributed, localised infrastructure which complements centralised cloud, used for heavy compute and storage.  As demand for Edge grows in 2026 and beyond – one forecast estimates a CAGR of 33.0% from 2025 to 2033 -  expect rising demand for distributed architectures across new geographies. Tighter regulatory frameworks In 2026, expect to see a slew of reporting obligations, regulations, strategies and guidelines impacting CIOs, particularly in AI and cybersecurity. Most of the obligations under the EU AI Act will apply from 2 August 2026, while implementation of certain requirements for high-risk AI systems may be postponed. Reporting obligations for the EU Cyber Resilience Act are expected from September 2026, with phased obligations continuing from September 2026 onward under the EU Data Act. Cyber Security and Resilience Bill Peolpe also see the ISO/IEC 42001:2023 global standard for AI governance, which will lead CIOs and CAIOs to integrate AI governance into enterprise architecture and procurement decisions, as well as operational impacts for the Digital Services Act and the Digital Markets Act. In the UK, all eyes will be on the Cyber Security and Resilience Bill, while across Asia, Japan will see the impact of its AI Promotion Act and major initiatives following Singapore’s National AI Strategy 2.0 (NAIS 2.0) are also expected to come into effect in 2026.

Absolute Security, a pioneer in enterprise cyber resilience, announced it is the only provider named as both a Leader and Outperformer in the 2025 GigaOm Radar for Patch Management Solutions.  In the report, Cybersecurity Analyst Stan Wisseman recognised Absolute Security with both Superior and Exceptional ratings for its platform that delivers a unified, automated, and resilient solution used by enterprises, Managed Services Providers (MSPs), and Managed Security Services Providers (MSSPs) to address critical patch management use cases. Secure Endpoint integrated product suite In the Radar, GigaOm highlights that “Absolute Security delivers a differentiated approach to patch management with Absolute Resilience for Automation, its most advanced edition of the Secure Endpoint integrated product suite." "It combines automated remediation, patch orchestration, and endpoint visibility with firmware-embedded persistence, a patented capability that maintains a tamper-proof connection to devices even after OS corruption, reimaging, or factory reset. This persistent architecture is especially valuable in distributed, hybrid, and high-security environments, where continuous control is paramount.” Software security and risk exposures According to the Absolute Security Resilience Risk Index 2025, organisations run behind on patching an average of 56 days. Although organisations set their own patching schedules, this is well beyond the accepted 30-day standard set by organisations such as the Cybersecurity and Infrastructure Security Agency (CISA) and dangerously outside of the one-to-seven days it takes threat actors in many cases to exploit vulnerabilities, as noted in the Index.  With Absolute Security, customers can quickly and easily automate patching and vulnerability remediation across their distributed endpoint fleets to quickly close software security and risk exposures that lead to productivity losses and lead to extended downtime. Advantage of vulnerable software “Threat actors know the fastest and easiest way to breach systems, steal data, and disrupt business operations is by taking advantage of vulnerable software,” said Ashley Leonard, SVP, Product Management, Absolute Security. “The best way to stop downtime is to avoid exposure in the first place—a key element of any resilience strategy. With this validation from GigaOm, customers are further assured that Absolute Security’s resilient and automated patching and remediation solution is helping them to proactively stay ahead of threats, incidents, our outages.” Absolute Security patch management solution According to the Radar, the Absolute Security patch management solution earned leadership status based on several key differentiators: Staged Patch Testing and Deployment: GigaOm recognised Absolute Security’s capabilities that offer staged patch rollouts with rollback logic and dynamic health checks to reduce risk prior to full deployment. In addition, real-time telemetry helps validate patch status and trigger fallback actions when required. Policy Automation and Customisation: GigaOm highlighted Absolute Security’s patching logic that uses attributes such as device role, compliance posture, or geographic location. Policies can suppress reboots, enforce blackout windows, and handle exceptions. In addition, custom risk scoring enables IT to align patch management with their organisation’s business priorities. Workflow Integrations: GigaOm emphasised Absolute Security’s granular integrations with platforms such as ServiceNow, ConnectWise, and CMDBs through a bidirectional public API to streamline patch operations. Integrations support SLA tracking, approval chains, and incident response handoffs—bridging IT and SecOps workflows to reduce mean time to remediation (MTTR).

St John’s College, one of the historic colleges of the University of Oxford, has significantly strengthened its cybersecurity posture with the implementation of a Managed Vulnerability Management (MVM) programme delivered by long-term partner ANSecurity.   Founded in 1555, St John’s supports a diverse community of more than 600 students, a large number of staff and over 100 academic fellows across multiple sites in Oxford. With a small in-house IT team and growing cyber threats, the college needed a proactive solution to improve visibility, reduce risks, and free up internal resources. MVM service After more than 13 years of collaboration, the college turned to ANSecurity to design and deploy an MVM service built on Tenable Nessus. The service includes daily credentialed scans, automated vulnerability notifications, remediation validation, and monthly strategic reviews with ANSecurity consultants. Measurable results Since launching the programme in May, St John’s College has achieved: Over 50% reduction in critical and high-severity vulnerabilities Resolution of systemic issues such as broken Windows Updates, unsupported software, and weak cipher suite configurations Improved ability to challenge vendors using outdated or insecure systems Strategic resource allocation, allowing IT staff to focus on high-impact security tasks Matt Jennings, IT Manager at St John’s College Oxford said: “This service has freed up internal resources and helped us stop playing ‘whack-a-mole’ with vulnerabilities. We now know what to focus on, and how to do it. The support from ANSecurity has been invaluable in helping us become more strategic and effective.” Proactive cycle of risk management The programme has also introduced a proactive cycle of risk management, with daily monitoring of public-facing systems, monthly vulnerability summaries, and overnight verification of patch updates. St John’s College has worked with ANSecurity since 2013 on projects including firewall replacements, wireless network deployments, and strategic consultancy. The MVM programme marks the latest step in the college’s modernisation of its cybersecurity defences.  Matt Jennings added: “ANSecurity have always been responsive, professional, and understanding of our requirements. Their engineers are not only experts in their field, but also able to explain complicated issues clearly. We look forward to working with them for many years to come.”

DFNBG Gastro GmbH & Co. KG, operator of 48 Dunkin' branches and other catering establishments in Germany, has migrated to the MOBOTIX CLOUD for the central management of its video surveillance. DFNBG partnered with MOBOTIX Diamond Partner VALEO IT Neteye GmbH for more than ten years, who have implemented and continuously optimised secure and efficient MOBOTIX video solutions in the 48 Dunkin' branches. Data protection regulations The operation of local storage systems was proving particularly difficult in shopping centres Due to the strong growth of DFNBG, the demands on the existing video management system increased. The local storage of video data became increasingly complex - both in terms of data protection regulations and the management of access rights.  The operation of local storage systems was proving particularly difficult in shopping centres. The solution: a gradual migration from local NAS storage to the data protection-compliant MOBOTIX CLOUD. Access management and GDPR: the MOBOTIX CLOUD as a solution The MOBOTIX CLOUD video surveillance-as-a-service (VSaaS) offering allows users to conveniently control their cameras via a free app. The recorded videos are stored in highly available and cyber-secure data centres located close to the user. This ensures data protection-compliant storage in accordance with the GDPR. Intelligent camera technology A key advantage of the MOBOTIX CLOUD is the combination of intelligent camera technology A key advantage of the MOBOTIX CLOUD is the combination of intelligent camera technology and a powerful cloud platform. The cameras analyse events on site and only transfer relevant data to the cloud. This minimises bandwidth requirements while maintaining the highest security standards.  MOBOTIX Bridge Communication between the cameras and the cloud takes place via the MOBOTIX Bridge, a highly secure connection unit that ensures protected data transmission.  The cloud solution also eliminates the need to operate separate server rooms with high security standards on site - a clear advantage for branches in shopping centres or high-traffic locations. DFNBG can control access rights  Around half of the Dunkin' branches have already been converted to the MOBOTIX CLOUD Cloud data is managed directly by the users themselves. This means that companies such as DFNBG can control their access rights centrally without having to create individual solutions for each branch. “It was clear to us that the system is secure - including cyber-secure - and exceeds our requirements. But the central management of all access rights really saves us time and money,” says Harry Taubert, Construction & Development Manager at DFNBG. Around half of the Dunkin' branches have already been converted to the MOBOTIX CLOUD, and the remaining locations will follow successively. VALEO IT Neteye: MOBOTIX partner for innovative video solutions As a long-standing MOBOTIX Diamond Partner and one of the largest integrators of MOBOTIX systems in Germany, VALEO IT Neteye has been instrumental in delivering customised, future-ready surveillance solutions to DFNBG. VALEO IT Neteye also offers full-service training to DFNBG to ensure everyone stays up to date with industry changes. “We only offer our customers MOBOTIX solutions because we are absolutely convinced of the quality and durability of the products manufactured in Germany,” explains Norbert von Breidbach-Bürresheim, Managing Director of VALEO IT Neteye.

Installing physical security systems requires integrating diverse technologies (e.g., cameras, access control, alarms) that often use different protocols and must be adapted to a building's unique physical layout and legacy infrastructure.  Specialised technical expertise is required for seamless networking and proper configuration. Hopefully, no important factors are overlooked in the installation process. We asked our Expert Panel Roundtable: What is the most overlooked factor when installing physical security systems?

Physical security and cybersecurity are deeply intertwined in today’s systems. A weakness in one realm can quickly lead to a breach in the other, and vice versa. However, given the symbiotic relationship, why do physical security systems so often fall short when it comes to cybersecurity protection? We asked our Expert Panel Roundtable: Why does cybersecurity continue to be a weak link for physical security systems?

In the past, security installers and integrators were used almost exclusively to install hardware. However, the role is changing and expanding along with the technologies used in the physical security industry. Nowadays, an installer or systems integrator is much more likely to use a strategic, IT-centric, and data-driven approach. To gain additional insights, we asked our Expert Panel Roundtable: How is the role of the security installer/integrator changing?