Data Security

Magenta Security Services marked its 30th anniversary in style last night at the Security & Fire Excellence Awards, where the company was named Security & Fire Sustainability Champion for the third year running. The Security & Fire Awards for Excellence are recognised across the sector as a benchmark for outstanding performance, innovation and best practice in both security and fire. The Sustainability Champion category honours organisations that demonstrate leadership in environmental responsibility and long-term commitment to sustainable operations. Magenta first secured the title in 2023 and retained it in 2024 before completing the hat trick in 2025. Security and sustainability “Winning the Sustainability Champion title for the third year in a row, while celebrating 30 years in business, is an incredible milestone for everyone at Magenta,” said Abbey Petkar, Managing Director of Magenta Security Services. “From the very beginning we believed that security and sustainability must go hand in hand. This recognition shows that our approach is working for our clients, our people and the planet.” Magenta’s sustainability journey Magenta’s sustainability journey is woven through its three decades in business. The company was one of the first security providers to certify to ISO 14001, embedding environmental management into its core operations rather than treating it as an add-on. That discipline enabled Magenta to reach carbon zero status in 2022, three years ahead of its public 2025 target and without relying on offsetting. Key measures include a fully electric fleet supported by on-site solar charging at its headquarters, a switch to 100 per cent renewable electricity across its estate, deep energy-efficiency upgrades and a fully paperless office environment that saves more than 150 trees each year. Cyber Essentials certification Recognising that modern risk and sustainability span both physical and digital domains, Magenta has also invested in Threat Evolution, its dedicated cyber security training and consulting arm. Threat Evolution supports clients with Cyber Essentials certification, penetration testing, vulnerability scanning and tailored cyber awareness training, extending Magenta’s commitment to resilience, governance and data protection.  Magenta’s approach Transparency is another cornerstone of Magenta’s approach. The company publishes its emissions data through the Carbon Database Initiative (CaDI), inviting scrutiny and sharing practical lessons on topics such as phasing electric vehicles, mapping energy use in older buildings and designing out paper from guarding processes. Magenta also supports Police Community Clubs locally and sponsors children internationally, aligning commercial success with long-term social value.  Own environmental performance Abbey Petkar added, “Sustainability is not a project for us. It is how Magenta works, from the vehicles we drive and the energy we use to the way we support communities and help clients improve their own environmental performance." "To receive this award again, in our 30th year, is both a proud moment and a powerful motivation to keep raising the bar.”

Eversheds Sutherland has appointed partner Albert (Alby) Yuen to lead its Technology, Data and Cyber offering in Asia – the firm’s latest step in advancing its global growth strategy and underpinning its commitment to investing in exceptional talent across key markets and jurisdictions. Alby was previously Head of Technology, Media & Telecommunications (TMT) – Hong Kong, at international law firm, Linklaters where he led and developed its TMT practice, advising on major regional and global mandates. Key areas within the TMT space His career encompasses 25 years’ extensive TMT experience across the Asia-Pacific region and on the U.S. West Coast, having held senior positions with Linklaters and Osborne Clarke in Hong Kong, Gilbert + Tobin in Australia, and U.S. firms Gibson, Dunn & Crutcher and O’Melveny & Myers in Los Angeles. In addition, he brings valuable in-house skills and technical excellence through secondments with notable telecommunications companies in Asia and Australia. A senior figure in the region’s technology and data legal market, Alby advises on an array of key areas within the TMT space including complex technology and telecom transactions, digital infrastructure projects, fintech, data privacy and cybersecurity, commercial IP, emerging technologies (such as AI, blockchain) and complex commercial transactions. TMT and Data Protection & Privacy Throughout his career, he has advised on multi-jurisdictional cloud and outsourcing projects for global and regional corporate entities, including financial institutions, large-scale digital infrastructure (including data centre, tower and fibre) projects, cutting-edge regulatory matters such as data regulation, AI governance and cybersecurity and technology risk management and compliance issues. Alby has a proven track record pioneering technology-focused legal teams and delivering on high-profile mandates. He is recognised by legal industry directories Chambers and Partners and Legal 500 as a pioneering lawyer in TMT and Data Protection & Privacy.  Legal 500 describes Alby as “superb” as well as “A stand-out practitioner in a rapidly evolving and increasingly complex field. He brings a calm, considered approach to complex data and cyber security matters…”. Both legal directories praise him for his commercial approach and technical depth. Integrated global technology practice Charles Butcher, Managing Partner Asia and Head of M&A (Asia), Eversheds Sutherland, said: “We are absolutely delighted to welcome Alby to the Eversheds Sutherland team. Alby’s appointment comes at an exciting time in our Asia development. His proven leadership, technical excellence and market recognition further strengthen our ability to deliver cutting-edge technology, data and cyber advice where it matters most – helping clients navigate opportunities across key markets regionally and worldwide." "With experience spanning Asia, Australia, and the US, Alby brings a truly international perspective and a deep wealth of knowledge in the TMT sector. He will work closely with our talented Asia technology team and our integrated global technology practice to drive the next phase of growth, ensuring clients benefit from both continuity and innovation as we expand this globally thriving practice.” Alby’s experience and knowledge Simon Gamlin, Partner and Commercial Advisory Practice Group Head, Eversheds Sutherland, said: “Technology is a core pillar of our global practice. Alby’s experience and knowledge in advising on complex technology transactions, data, cyber and related regulatory issues will strengthen our integrated offering and enable us to enhance our delivery of pragmatic, forward-thinking solutions for clients worldwide." "Working closely with colleagues across Asia and our global network, Alby will help drive the development of our technology practice in key sectors such as financial services, telecoms, energy, and digital infrastructure. We already have a fantastic team in Asia, and Alby’s leadership will amplify that strength – ensuring we continue to meet the evolving needs of clients in this cutting-edge space.” Navigating complex tech and regulatory landscapes Albert Yuen, Partner, Eversheds Sutherland, said: “The firm offers the depth and breadth needed to deliver truly integrated solutions for clients navigating complex tech and regulatory landscapes. Joining a team that values innovation and is committed to growing its technology, data  and cybersecurity capabilities across Asia and globally is an exciting opportunity to make a real impact.” Earlier this year, Eversheds Sutherland and Microsoft were recognised at the Financial Times Innovative Lawyers Awards Asia-Pacific 2025, winning the Innovation in Outside Counsel Management category for its joint submission. More widely the firm recently welcomed new partners Mike Rainey and Asal Saghari to its corporate finance offering, marking its 27th lateral partner hire this year.

As AI-generated phishing attacks flood inboxes with more realistic and personalised scams, DigiCert, a pioneer in intelligent trust, today released new research revealing that consumers are turning to verified brand identities in email for reassurance--especially during Cyber Week.  The study, conducted by independent research firm Vitreous World, surveyed 5,000 consumers across the U.S., U.K., Australia, and New Zealand to understand how verified logos and sender authentication will impact trust, engagement, and safety during the height of online shopping season. Integrity as AI With 86% of consumers saying they feel safer when verified logos appear in their inbox, the findings underscore a growing need for organisations to strengthen their email authentication practices. Doing so not only helps protect shoppers from phishing during the busiest online shopping week of the year, but also preserve brand integrity as AI rapidly increases the volume, frequency, and sophistication of phishing emails. Key findings Email trust drives clicks and conversions. 64% said they are more likely to click or act on an email that displays a verified brand logo, a critical insight for marketers competing for attention during Cyber Monday and holiday campaigns. Shoppers reward trusted brands. Given four options, nearly half (49%) said that if two competing brands sent similar offers, they would choose the one with a verified logo, suggesting that verified brand identity is not just about safety — it’s about sales. The inbox is the new battleground for brand trust. With 87% of consumers receiving suspicious emails at least a few times a year and 41% believing email providers should do more to protect them, trust in the inbox has become both a security and customer experience issue. Implementing Verified Mark Certificates “Our marketing team has seen a noticeable lift in open and engagement rates since implementing Verified Mark Certificates,” said Ryan Burton, Email & Retention Manager at OddBalls, a UK-based online retailer.  “Having our verified logo appear directly in the inbox gives recipients immediate confidence that the message is authentic. It’s not just a security investment, it’s a brand trust investment. During high-volume periods like Cyber Monday, that trust translates directly into more opens, more clicks, and ultimately, more conversions.” Restoring trust in digital communication “Cyber Monday is a high-stakes moment for both brands and consumers,” said Al Iverson, Industry Strategist at DigiCert.  “Our research shows that visual verification isn’t just about protecting users, it’s about restoring trust in digital communication. A verified logo can be the difference between a customer clicking ‘buy now’ or deleting your message.” The role of VMCs, CMCs, and DMARC Verified Mark Certificates (VMCs) and Common Mark Certificates (CMCs), supported by strong DMARC authentication, form the foundation for displaying verified brand logos in email. Together, they ensure that a brand’s logo appears only when the sender’s identity has been cryptographically confirmed and their domain properly authenticated. This combination not only deters phishing and spoofing attacks but also provides consumers with instant, visual assurance that the message is genuine, transforming trust into a tangible element of the inbox experience.

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more surveillance, access control, and IoT systems move into the cloud.  Surveillance video, access control logs, and IoT sensor readings are among an organisation's most sensitive assets. As they are increasingly hosted in data centres around the world, questions such as where that data resides, who governs it, and how it can legally be used are moving up the agenda for security and IT leaders. With organisations in the region increasingly relying on cloud-based physical security systems, understanding data sovereignty obligations has become just as vital as managing traditional risks such as theft, safety, and facility protection. Here are some key considerations for IT and physical security leaders as they review how and where their security data is stored and governed: The risks of crossing borders Why does it matter where data is stored? Because once information crosses national borders, it becomes subject to different, sometimes conflicting, laws. This can introduce certain risks, such as: Compliance penalties: Regulations such as GDPR in Europe, the CCPA in California, India’s Digital Personal Data Protection Act, and the Australian Privacy Principles (APP) impose strict guidelines on how personal data can be transferred internationally, and non-compliance can result in large fines. Loss of control: Data stored outside a jurisdiction may be accessible to foreign authorities, creating uncertainty about who can demand access and under what conditions. Geopolitical exposure: This loss of control particularly matters in times of political tension, when the flow of data across borders can create points of vulnerability, especially for critical infrastructure and other data of national interest. Operational disruption: If a regulator restricts access to data stored abroad, organisations may lose visibility into incidents just when they need it most. What to look for in a technology partner Meeting data sovereignty obligations is not just about an organisation's internal policies. It also depends on the technology partners they select. When evaluating vendors, there are several areas physical security leaders should pay close attention to: Built-in privacy safeguards: Security systems should incorporate features such as role-based access controls, anonymisation tools, and detailed audit trails. These capabilities ensure that sensitive data is handled responsibly from the start, rather than being bolted on after deployment. Deployment flexibility: Organisations need options. In some cases, storing all data on-premises makes the most sense. In others, cloud hosting is appropriate. Often, certain workloads are kept locally while others are processed in the cloud, which provides the right balance. The important point is that systems should allow for choice rather than forcing a one-size-fits-all model. Alignment with global regulations: Laws can change and, when technology is involved, things could move quickly. Systems that can adapt to evolving requirements give organisations confidence that they will remain compliant over time. This includes the ability to demonstrate where data is stored, both primary and redundant copies, and how it is managed, even if regulations shift. Practical steps for strengthening data sovereignty For physical security leaders, there are clear actions that can help strengthen data sovereignty: Map the legal environment: Identify which regulations apply to the organisation across all the regions where users operate. Physical security data should be included in this assessment alongside IT data. Ask providers the right questions: Where will the data be hosted, including backups? How will it be processed? What are the options for local residency? Can one demonstrate compliance with applicable laws? What are their policies about accessing data when requested by government entities? Plan for change: Assume that regulations will evolve. Choose technologies and architectures that can adapt without requiring complete replacement. Invest in governance: Establish internal policies that cover how data is accessed, shared, and retained. This will help ensure consistency across sites and departments. A shared responsibility With more than 130 countries now enforcing some form of data protection law, data sovereignty has become a collective responsibility. IT, physical security, executive leadership, and regulators all play a role in ensuring that sensitive information is protected and compliant with local requirements. As cloud adoption accelerates and privacy laws continue to evolve, data sovereignty will only become more important. The organisations that succeed will be those that make it a strategic pillar of their cyber and physical security posture. 

DigiCert, a global pioneer in intelligent trust, has been selected by Jisc, the UK’s national digital, data and technology agency for education and research, to help secure the future of the UK’s connected learning ecosystem. DigiCert will support the UK education and research community in protecting sensitive data against emerging cyber threats and building the foundations for secure collaboration and innovation. Through Jisc’s national procurement framework, member institutions can now adopt DigiCert’s digital trust solutions without running their own procurement processes. The framework complies with UK public procurement legislation and includes a pre-assessed agreement covering DigiCert’s financial standing, technical capability and sector experience. This streamlined approach gives Jisc members faster access to world-class PKI, TLS and certificate lifecycle management solutions, while saving time, reducing costs and simplifying administration. Empowering the education and research community “At Jisc, our role is to empower the education and research community to use technology safely and effectively,” said Peter Atkins, Head of service management, Trust & Identity, Jisc. “DigiCert’s platform ensures our members have trusted access to proven security solutions that protect data, safeguard networks and support innovation across UK education.” “We’re proud to work with Jisc to help organisations strengthen security and compliance across their digital ecosystems,” said Paul Holt, GVP EMEA at DigiCert. “Our mission is to make it easier for organisations to secure their people, data and infrastructure with digital trust technologies that support the vital work of educators and researchers.” Commitment to supporting digital transformation Jisc provides digital infrastructure, cyber-security, licensing and strategic technology services to all publicly funded universities and colleges in the UK. Its frameworks enable institutions to access vetted suppliers and best-value agreements that simplify procurement while ensuring compliance and trust. The new agreement with DigiCert reflects Jisc’s continuing commitment to supporting digital transformation and protecting the UK’s education and research community. 

The European Network for Cyber Security (ENCS) announces that ELES, Slovenia's transmission system operator, has joined the network as a member, reinforcing collaborative efforts to protect Europe’s electricity grid from evolving cyber threats.  The partnership will give ELES access to ENCS’s collaborative threat intelligence, specialist training and technical expertise – strengthening its ability to detect, prevent and respond to cyber incidents targetting high-voltage networks across Slovenia and beyond. Rising pressure on Europe’s grid operators The move comes amid rising pressure on Europe’s grid operators. According to the European Union Agency for Cybersecurity (ENISA)’s Threat Landscape 2025, operational technology – the backbone of electricity networks – faces an increasing range of cyber threats, with incidents growing in frequency and sophistication. As nation-state activity intensifies and consumer-connected devices expand the attack surface, coordinated action to protect critical infrastructure has never been more essential. “Europe’s power systems are only as strong as their weakest link,” said Anjos Nijk, Managing Director of ENCS. “ELES’s new membership strengthens our joint defenses and brings valuable regional expertise to the table. As Slovenia’s grid underpins stability across Central Europe, their participation will help drive the shared strategies and capabilities needed to counter evolving cyber threats.” Grid cybersecurity “Grid cybersecurity is a team effort,” added Gorazd Rolih, SOC Manager at ELES. “Joining ENCS allows us to both contribute to and benefit from Europe-wide collaboration, sharing intelligence, best practices and operational insights that make every member stronger. Together, we look forward to building the resilience our energy systems needs for the future.” The announcement follows the 8th annual Cybersecurity Forum, hosted by ENCS in Brussels last month. Jointly organised in partnership with E.DSO, EE-ISAC and the European Union Agency for Cybersecurity (ENISA), the event brought together over 200 European energy and cybersecurity leaders to highlight the growing urgency of embedding cybersecurity in new technologies and strengthening collaboration across Europe’s electricity networks.

In today’s connected world, attacks are more likely to target digital than physical entry points. From ransomware and firmware tampering to remote hijacking, AI-driven phishing and automated vulnerability discovery, the nature of threats is evolving rapidly, and no industry can afford to neglect them. As our industry has moved from mainly mechanical to increasingly digital solutions, we have long recognised the importance of constantly monitoring and assessing the risks we face. This means not only meeting mandatory regulations but also voluntarily adopting international standards such as ISO 27001, which protects data and systems through a structured and independently audited framework. Today’s fast-changing risk environment is also why the EU introduced the Network and Information Security Directive 2 (NIS2) – to raise the bar for cybersecurity across Europe. But what do measures like NIS2 and the Cyber Resilience Act (CRA) mean in practice? How does the rise of AI fit in? And most importantly, what should our industry be doing to stay secure in such an unpredictable digital landscape? The new regulations Compliance is not just about meeting regulations, it is also a competitive advantage NIS2 is reshaping cybersecurity expectations by setting higher standards to reduce risk, improve transparency, and protect data and services. Alongside it, the CRA introduces mandatory requirements for products with digital components. This makes “secure by design,” regular updates, and compliance checks essential before products can enter the EU market. For companies in our industry, responsibilities now extend well beyond internal systems. Organisations must also ensure that suppliers and service providers comply, with regular risk assessments forming a central part of the process. The consequences of falling short are severe, ranging from significant fines and audits to the potential withdrawal of products from the market. For our customers, the message is clear: security must be built in from the start. Compliance is not just about meeting regulations, it is also a competitive advantage. At ASSA ABLOY Opening Solutions EMEIA, security is part of our DNA.  We embed these standards into everything we do, giving customers solutions they can trust to be compliant and resilient.  The rise of AI  Artificial intelligence is transforming the digital security landscape and it cannot be separated from the regulatory framework shaping our industry. With AI advancing rapidly and new regulations coming into force, we have established a digital compliance framework to stay ahead of the curve and use AI as an enabler for improving security and achieving compliance. On one hand, AI brings powerful benefits, including more intelligent monitoring, faster anomaly detection, and smarter tools for operational efficiency. These capabilities directly support NIS2 and the CRA, particularly in the areas of proactive risk management and incident response.  AI and building cybersecurity standards On the other hand, AI introduces new risks. The attack surface is expanding and threats such as deepfakes and smarter phishing create serious threats that regulators are determined to address. Both NIS2 and the CRA emphasise continuous monitoring, transparency and accountability, principles that must now also guide the responsible use of AI.    At ASSA ABLOY Opening Solutions EMEIA, we see AI not just as a risk to mitigate, but as a capability to strengthen resilience and trust. That is why we are embedding strong governance practices around AI and building cybersecurity standards into every stage of product development. By doing so, we help our customers align with new regulations while ensuring AI serves as a tool for greater security and confidence. Trust and compliance Beyond our own operations, we are also committed to supporting customers on their compliance journey At ASSA ABLOY Opening Solutions EMEIA, we are taking NIS2, the CRA and the rise of cyber-threats seriously, ensuring compliance and enhancing trust with all our customers. We have reinforced supplier oversight, streamlined incident reporting, and embedded cybersecurity into every stage of product development and lifecycle management. Our teams also conduct ongoing risk assessments and post-incident reviews, ensuring that lessons are learned and improvements are made. By taking these steps, we not only meet regulatory requirements but strengthen the resilience of our supply chain and the trust customers place in us. Beyond our own operations, we are also committed to supporting customers on their compliance journey. Initiatives such as our recently released whitepaper “Enhancing Cyber–Physical Resilience with Digital Access Solutions” and a detailed NIS2 whitepaper developed in Germany last year provide clear, practical guidance. By showing what these regulations mean in practice and how intelligent access solutions can directly support compliance, we aim to make the path forward less complex and more achievable for our customers. Looking ahead The days when security threats to businesses and products were only physical are long passed. Today, we find ourselves in a world where the digital realm poses even more serious and constantly evolving challenges. It is therefore crucial that, as an industry, we take the necessary steps to meet the directives of NIS2 and the CRA and also constantly monitor the rise of AI. Only by doing so can we protect our customers, preserve our reputations, and build the trust that defines true leadership in security.

In today’s fast-evolving aviation landscape, innovation isn’t optional — it’s essential. With passenger traffic in the Asia-Pacific continuing to surge, the region is facing a pivotal moment: adapt with scalable tech, or fall behind. In January 2025 alone, APAC carriers accounted for 56.6% of global passenger traffic growth. Airports are operating at near capacity, with a record-high Passenger Load Factor (PLF) of 82.1%, leading to pronounced congestion at check-in counters, security checkpoints, and boarding gates. Increasing passenger volumes As airports strive to manage increasing passenger volumes without resorting to costly and time-consuming infrastructure expansions, technology — particularly facial recognition and biometric automation — emerges as a viable solution. However, the full realisation of these innovations requires more than just installing new system However, the full realisation of these innovations requires more than just installing new systems. It’s about building the right ecosystem of partners, processes, and policies to ensure sustainable, secure, and scalable growth. Presenting physical documents According to their estimates, over 120 APAC airports have already deployed biometric solutions at key travel touchpoints, including check-in, bag drop, security, and boarding. Thailand exemplifies this shift, with facial recognition deployed at six major airports — Suvarnabhumi, Don Mueang, Chiang Mai, Chiang Rai, Phuket, and Hat Yai — dramatically reducing passenger processing times. These systems allow travelers to verify their identities seamlessly at multiple touchpoints, from check-in and security screening to boarding gates, without presenting physical documents. This case reflects the Airports of Thailand’s (AOT) commitment to leveraging technology to improve operational efficiency and passenger experience. Digital identity programs Biometric solutions also extend beyond the airport: digital identity programs enable travelers to verify their identities before arriving at the terminal, creating seamless journeys from curb to gate. In this environment, facial recognition is not merely a futuristic innovation; it has become an operational imperative. Airports that fail to adapt risk falling behind, unable to manage burgeoning passenger volumes or meet evolving traveller expectations. True operational efficiency Despite its transformative potential, biometric technology cannot be successfully deployed in isolation. Achieving true operational efficiency through facial recognition requires strategic collaboration among technology vendors, IT integrators, airports, airlines, and regulatory authorities. Several pillars underpin a successful biometric implementation: Interoperability: Biometric systems must integrate seamlessly with a wide array of airline platforms, security protocols, and airport infrastructure. Lack of interoperability can lead to fragmented systems that frustrate staff and passengers alike. Scalability: Passenger volumes are forecasted to continue rising. Biometric solutions must be designed to scale rapidly in response to demand surges and future security challenges. Data Privacy and Security: With growing public scrutiny over personal data usage, airports must implement robust security frameworks that prioritise privacy and transparency. Encryption, consent-based use, and strict access controls are critical to gaining and retaining passenger trust. Future security challenges BKI can achieve significant throughput gains without major construction disruptions A case study illustrates these points: Malaysia’s planned revamp of Kota Kinabalu International Airport (BKI) aims to boost capacity by 33% over the next few years. Rather than expanding physical infrastructure alone, authorities are exploring facial recognition solutions to increase efficiency within existing spaces. By integrating biometric checkpoints at key touchpoints, BKI can achieve significant throughput gains without major construction disruptions. Such outcomes are only possible through well-coordinated technology partnerships, where vendors, airports, and integrators work toward a shared vision of future-ready travel. AI-powered computer vision What’s Next: Fully Biometric-Enabled Travel Looking ahead, the pressure on APAC airports is set to intensify. Airports Council International projects 9.5 billion air travelers globally by the end of 2025, a volume traditional processing methods cannot manage effectively. In response, AI-powered computer vision and facial recognition will continue to refine biometric processes, delivering higher accuracy rates and faster verification. Future systems will leverage real-time liveness detection, predictive analytics for crowd management, and seamless integrations across all travel stages. A fully biometric-enabled journey is becoming reality: Check-in with a glance at a kiosk Drop bags without producing an ID or boarding pass Clear security with automated facial recognition portals Board flights through biometric-enabled gates — without ever presenting a physical document. Experiencing significant growth Seamless integration across touchpoints creates a unified, frictionless journey In this vision of the future, identity becomes the ticket. Seamless integration across touchpoints creates a unified, frictionless journey.  For APAC airports experiencing significant growth, full biometric enablement is becoming increasingly important for maintaining efficiency and staying competitive. At the same time, such a future demands robust technology ecosystems, where ongoing innovation is supported by partnerships that align regulatory, operational, and technological goals. Expanding physical infrastructure Building the Smart Airports of Tomorrow: Join the Conversation The aviation sector in APAC stands at a critical crossroads. Passenger growth, operational challenges, and heightened security requirements are converging, creating an urgent need for innovation. Facial recognition and biometric automation offer a clear path forward, enabling airports to handle growing volumes, enhance security, and deliver superior passenger experiences without necessarily expanding physical infrastructure. Facial recognition solutions Yet, the success of these innovations hinges on strategic, trusted technology partnerships. Airports must collaborate with technology vendors, IT system integrators, airlines, and regulators to ensure interoperability, scalability, and data security. At RecFaces, they believe the future of APAC airports is fully biometric-enabled. To explore how tech collaborations and advanced facial recognition solutions can transform airport operations, they invite users to join their free online panel discussion on April 30: ‘Smart Airports Start With Smart Tech: Facial Biometrics for APAC Airports.’

Technology advances in the security industry are transforming the way modern systems are designed and installed. Customers today are looking for greater scalability and flexibility, lower up-front costs, and operational efficiency. Cloud-based software as a service (SaaS) solutions, AI-enhanced tools, and IoT-enabled sensors and devices are increasingly in demand. The traditional role of the systems integrator is evolving as a result. While security integrators have always worked closely with end users, today’s pioneers go beyond installation and maintenance. They align security strategies with evolving business needs, integrating IT, cybersecurity, and data-driven insights into their offerings. A look at the past and present Integrators are often asked to help tailor solutions and provide expertise in IT and cybersecurity Traditionally, systems integrators specialised in installing and maintaining wired physical security systems like CCTV, access control, and alarms. The service model was built around large, up-front investments and project-based installations. However, today customers are seeking comprehensive solutions. They’re looking to wirelessly integrate security infrastructure with cloud-based SaaS systems and IoT devices. While modern systems are often faster to deploy, they’re most effective when supported by ongoing consulting and strategic planning. Integrators are often asked to help tailor solutions and provide expertise in IT and cybersecurity. Data requirements and modern systems  Data requirements have also changed. Modern systems collect vast amounts of data. Advanced analytics, machine learning, and automation are now must-have tools for actionable insights. Security integrators can help end users set up custom dashboards, automations, and continuous system optimisation. Let’s look at some of the specific ways the role of systems integrators is evolving and how to adapt and succeed. Strengthen your IT expertise Integrators with IT expertise can ensure that hardware is optimised and maintained for peak performance The competitive landscape today includes not just security specialists but also IT-focused integrators and SaaS providers. Systems integrators with expertise in traditional physical security solutions plus IT experience offer unique value. They understand the real-world security challenges and opportunities, along with cybersecurity and network best practices. Integrators with IT expertise can also ensure that hardware is optimised and maintained for peak performance. Their experience with legacy systems allows them to offer practical recommendations on cost-effective approaches, such as upgrading or integrating older hardware with new digital solutions. Consider who’s making the purchase decisions Traditionally, security integrators primarily sold to security directors, facility managers, and operations teams. Now, multiple stakeholders may be involved in decision-making. IT teams, CIOs, and CTOs often weigh in on purchase decisions when cloud-based security and SaaS solutions are under consideration. Customers today aren’t just shopping for cameras, access control panels, alarms, and other hardware components. They’re looking for security ecosystems that can integrate with enterprise-wide IT infrastructure and business applications. When working with these different teams, consider outlining the system's return on investment (ROI). How can the solution reduce risk for various departments? Can it help improve operational efficiency or reduce the time required to onboard and train staff? Will it make regulatory compliance easier to manage? Focus on the long-term value for the entire organisation. Take a consultative approach Another way systems integrators are adding value is by offering vertical specialisation Installation fees remain important for many integrators, but there may be additional consultative opportunities to build long-term relationships with customers. Offer services such as roadmap planning, hardware and integration maintenance, training to certify end users on the manufacturer’s product, and cybersecurity services. While cloud-based solutions reduce on-premises maintenance, they don’t eliminate the need for ongoing support and training. Consider offering training opportunities. These can lead to other benefits as well. Better-educated and technically proficient customers are usually more willing to adopt new technologies. They understand the value of these investments and have more confidence that they’ll see results. Another way systems integrators are adding value is by offering vertical specialisation. Healthcare, sports venues, critical infrastructure, education, retail - each specialty has its own set of challenges, partner networks, regulatory restrictions, training needs, and business requirements. Integrators who specialise are uniquely positioned to offer key sector-specific insights that are invaluable to their clients. Embrace the cloud A key growth area for integrators is supporting customers in their shift to cloud deployments. Cloud solutions aren’t a one-size-fits-all solution. Each organisation is evaluating options and deciding whether cloud, hybrid, or fully on-prem solutions are the right fit for its unique needs. A key growth area for integrators is helping clients in their shift to cloud deployments Helping customers navigate and adopt cloud or hybrid solutions opens new opportunities to expand your business and deepen your relationship with your customers. Systems integrators who sell cloud solutions have the opportunity to add new layers to services for more value for customers. With a cloud solution that's easy and fast to deploy and managed and maintained by the provider, you can reduce overhead costs, staff training, and truck rolls via remote customer support. These benefits also allow you to spend time developing greater expertise in your customers’ processes. Using this knowledge, you can tailor your services towards potential productivity gains for your customers and turn them into additional sales. You ensure that your customers get the most out of the technology that’s available and that they have already purchased. Highlight your focus on cybersecurity Cybersecurity is no longer solely an IT department's responsibility. While dedicated IT security teams may still handle broader network defense, integrators play a crucial role in securing access control, surveillance, and IoT devices within a security framework. If unsecured, these devices can provide an entry point for cyber criminals to gain access to an organisation’s network. Cybersecurity is no longer solely an IT department's responsibility To best protect end users from cyberattacks, choose physical security systems with built-in security and privacy-by-design features. Help customers implement best practices to ensure their entire ecosystem is designed, built, and managed with end-to-end security in mind. Once implemented, work with your manufacturers, consultants, and end users to ensure that vulnerabilities are identified and mitigated. Every person on the network plays a role in keeping cyber threats at bay. Lean into the power of partnerships In today’s complex and dynamic security landscape, choosing the right technology partners is crucial. Ask potential partners to share their technology roadmap, and how you can offer feedback or participate in discussions about industry trends. Ideally, your partners will have a program in place to get input from integrators and end users, so they can develop products that are designed to address their most pressing issues and concerns. Your manufacturer partners should be working to help identify the evolving needs of customers and communicate these insights to systems integrators. Seek partners who actively support integrators to understand how security is evolving In addition to a good experience for the end user, strong manufacturer partners also offer solutions to streamline and automate workflows for integrators. It should be easy to order and check your shipping statuses online, for example. These are simple things that save you time and demonstrate your partner’s care for your business. Seek partners who actively support integrators to understand how security is evolving. While training is often offered on-site, some companies are now also offering blended learning models so integrators and their technicians can reduce classroom time and stay out in the field. Evolution is an opportunity Security integrators with traditional physical security expertise remain indispensable because they understand real-world risks and regulatory requirements. They can provide hands-on system deployment and optimisation. Now, there are new opportunities to build long term customer relationships. As the physical security industry undergoes this profound shift, adaptation is key. By embracing cloud and hybrid solutions, integrators can unlock new revenue streams, enhance customer relationships, and stay ahead of technological advancements. With the right partnerships and a forward-thinking mindset, systems integrators can navigate this transformation and take advantage of new opportunities being presented by evolving technology.  Leverage your deep industry experience while upskilling in cloud, cybersecurity, and IT. The strongest approach is for end users, systems integrators, IT specialists, and manufacturers to work together to navigate industry changes.

Anyone who has been in a proverbial cave for the last couple of years faced a language barrier at this year’s ISC West 2025 trade show. The industry’s latest wave of innovation has brought with it a new bounty of jargon and buzzwords, some of which I heard at ISC West for the first time. As a public service, we are happy to provide the following partial glossary to promote better understanding of the newer terms. (Some are new to the security industry but have been around in the IT world for years.) Obviously, if we can’t understand the meaning of the industry’s lexicon (and agree on the meaning of terms!), we will struggle to embrace the full benefits of the latest industry innovation. Not to mention, we will struggle to communicate. Generative AI Generative AI can identify an object in an image based on its understanding of previous objects This was perhaps the most common new(ish) term I heard bouncing around at ISC West. While the term artificial intelligence (AI) now rolls off everyone’s tongue, the generative “version” of the term is catching up. Generative AI uses what it has learned to create something new. The name comes from the core function of this type of artificial intelligence: it can generate (or create) new content. It doesn’t just copy and paste; it understands the underlying patterns and creates something original based on that understanding. In the case of video, for example, generative AI can identify an object in an image based on its understanding of previous objects it has seen. Video and security Generative AI can tell you something digitally about what is happening in an environment. There is no longer a need to write “rules;” the system can take in data, contextualise it, and understand it, even if it does not exactly match something it has seen before. In the case of video and security, generative AI offers more flexibility and better understanding. From 2014 to 2024, the emphasis was on detecting and classifying things; today AI is expanding to allow new ways to handle data, not so prescriptive and no more rules engines. Agentic AI Agentic AI refers to artificial intelligence systems that can operate autonomously to achieve specific goals Agentic AI refers to artificial intelligence systems that can operate autonomously to achieve specific goals, with minimal to no direct human intervention. In addition to the capabilities of generative AI, agentic AI can take action based on what it detects and understands. Use of agentic AI typically revolves around an if/then scenario. That is, if action A occurs, then the system should proceed with action B. For example, if an AI system “sees” a fire, then it will shut down that part of the building automatically without a human having to initiate the shutdown. There is a lot of discussion in the industry about the need to keep humans involved in the decision-making loop, so the use of truly autonomous systems will likely be limited in the foreseeable future. However, the ability of agentic AI to act on critical information in a timely manner, in effect to serve as an “agent” in place of a human decision-maker, will find its place in physical security as we move forward. Inference Inference is another common term related to AI. It refers to the process by which an AI model uses the knowledge it gained during its training phase to make predictions, classifications, or generate outputs on new, unseen data. The direct relationship of this term to physical security and video is obvious. In the simplest terms, an AI system is “trained” by learning patterns, relationships, and features from a large dataset. During inference, the trained model is presented with new questions (data it hasn't seen before), and it applies what it learned during training to provide answers or make decisions. Simply put, inference is what makes AI systems intelligent. Containerisation Dividing a massive security management system into several separate containers enables management of the various parts In IT, containerisation is a form of operating system-level virtualisation that allows you to package an application and all its dependencies (libraries, binaries, configuration files) into a single, portable image called a container. This container can then be run consistently across any infrastructure that supports containerisation, such as a developer's laptop, a testing environment, or a server in the cloud. In the physical security industry, you hear “containerisation” used in the context of separating out the various components of a larger system. Dividing a massive security management system into several independent containers enables the various parts to be managed, updated, and enhanced without impacting the larger whole. Genetec’s SecurityCentre cloud platform Think of it like shipping containers in the real world. Each container holds everything an application needs to run, isolated from other applications and from the underlying system. This ensures that the application will work the same way regardless of the environment it is deployed in.   “It took us five years to containerise Genetec’s SecurityCentre cloud platform, but containerisation now simplifies delivering updates to products whenever we want,” says Andrew Elvish, Genetec’s VP Marketing. Among other benefits, containerisation enables Genetec to provide more frequent updates--every 12 days. Headless appliance Headless appliance is a device that is managed and controlled remotely through a network or web interface A headless appliance is a device that is managed and controlled remotely through a network or web interface. The device is like a “body without a head” in the traditional sense of computer interaction: It performs its intended function, but without any visual output or input device for local interaction. In physical security, such devices are increasingly part of cloud-based systems in which the centralised software manages and operates all the disparate “headless” devices. A headless appliance does not have a Windows management system. “The whole thing is managed through the as-a-service cloud system,” says Elvish. With a headless device, you just plug it into the network, and it is managed by your system. You manage the Linux-based device remotely, so configuring and deploying it is easy. Democratising AI You hear the term democratising AI used by camera manufacturers who are looking to expand AI capabilities throughout their camera lines, including value-priced models. For example, even i-PRO’s value-priced cameras (U series) now have AI – fulfilling their promise to democratise AI. Another approach is to connect non-AI-equipped cameras to the network by way of an AI-equipped camera, a process known as “AI-relay.” For instance, i-PRO can incorporate non-AI cameras into a system by routing/connecting them through an X-series camera to provide AI functionality. Bosch is also embracing AI throughout its video camera line and enabling customers to choose application-specific analytics for each use case, in effect, tailoring each camera to the application, and providing AI to everyone. Context Cloud system also enables users to ask open-ended queries that involve context, in addition to detection Context refers to an AI system that can understand the “why” of a situation. For example, if someone stops in an area and triggers a video “loitering” analytic, the event might trigger an alarm involving an operator. However, if an AI system can provide “context” (e.g., he stopped to tie his shoe), then the event can be easily dismissed by the automated system without involving an operator. Bosch’s IVA-Pro Context product is a service-based model that adds context to edge detection. The cloud system also enables users to ask open-ended questions that involve context in addition to detection. For example, rather than asking "do you see a gas can?" you can ask "do you see any safety hazards in this scene?" The pre-trained model understands most common objects, and understands correlations, such as "a gas can could be a safety hazard.” A scaled-down on-premise version of the IVA Context product will be available in 2026. Bosch showed a prototype at ISC West. Most video data is never viewed by an operator. Context allows a system to look at all the video with "almost human eyes." Cameras are essentially watching themselves, and understanding why something happened and what we can do. All that previously unwatched video is now being watched by the system itself, boosted by the ability to add “context” to the system. Any meaningful information based on context can trigger a response by an operator. Data lake A data lake is a centralised repository that allows one to store vast amounts of structured, semi-structured, and unstructured data in its native format. In the case of the physical security marketplace, a data lake includes data generated by systems outside the physical security infrastructure, from inventory and logistics systems, for example. A data lake is where an enterprise can accumulate all their data, from the weather to Point-of-Sale information to logistics, to whatever they can gather. Putting the data in one place (a “data lake”) enables them to mine that data and parse it in different ways using AI to provide information and insights into their business. Notably, a data lake contains all a company’s data, not just security or video data, which opens up new opportunities to leverage the value of data beyond security and safety applications. Crunching the various information in a data lake, therefore, security technology can be used to maximise business operations.

The practice of executive protection changed forever on Dec. 4, 2024, when UnitedHealthcare CEO Brian Thompson was shot outside a Manhattan, New York, hotel.  The shocking event raised awareness in board rooms around the world about the need for, and challenges of, executive protection. Questions followed immediately, including why was the high-level executive not protected? Combination of risk and reward  UnitedHealthcare’s stock price has gone down more than 20% since the shooting The event also highlighted what is at stake for companies, extending beyond the safety of executives and impacting many factors, even including a company’s stock price. UnitedHealthcare’s stock price has gone down more than 20% since the shooting, equating to tens of billions of dollars. “Companies are considering the combination of risk and reward like never before when it comes to executive protection,” says Glen Kucera, President of Allied Universal Enhanced Protection Services. “What are the chances this could happen? Before Dec. 4 many thought it was zero. And what are the financial implications for a company if it happens? Executive protection is a small investment to protect against a worst-case scenario.” Evaluation of an executive protection  Before the UnitedHealthcare shooting raised awareness, fewer than 50% of executives had protection. But concerns that previously fell on deaf ears now have the full attention of companies, says Kucera. “Boards of directors are having to figure this out,” he adds. “They may not have executive protection, but now they have to do it.” A threat assessment, conducted by a company such as Allied Universal, provides an independent evaluation of a company’s executive protection needs. The assessment evaluates factors such as an executive’s travel habits, the safety of their home, etc. Does the executive need protection 24/7, or just when they travel into more dangerous areas? Risks increase related to corporate earnings Sometimes, cases increase the need for executive protection, such as an internal threat In assessing threats, security professionals also look beyond the individual to consider the safety of a corporate facility, for example. “Is there a visual deterrent, controlling who comes and goes?” asks Kucera. “If there is good security, it all ties together. We do home assessment, facility assessment, route assessment, and travel assessment as needed.” Sometimes, circumstances increase the need for executive protection, such as an internal threat. Timing is a factor, and risks increase related to corporate earnings releases, new product announcements, and corporate layoffs or consolidation. Monitoring social media tracks shifting threats that impact the need for executive protection. UnitedHealthcare shooting  “He didn’t have it and probably didn’t think he needed it,” comments Kucera about the UnitedHealthcare executive who was gunned down in the streets of New York City. “He was staying at the hotel across the street and was used to walking down the street every day.” “Sometimes executives want to preserve their privacy and be able to walk down the street,” says Kucera. “Getting protection can be seen as a sign of weakness. Some CEOs in the past have said they just didn’t want it.” However, the UnitedHealthcare shooting raised the stakes of the need for more vigilance. “The bottom line is you have to yet beyond objections and make the investment to protect against a worst-case scenario,” says Kucera. Anti-capitalist sentiment in the general population An internal police bulletin warned of an online hit list naming eight executives and their salaries Threats to executives sometimes arise from anti-capitalist sentiment in the general population about perceived inequalities in wealth and power. Executives provide symbolic targets for anyone who fights the system, and social media has amplified the voices of those who oppose capitalism.  For example, a "Most Wanted CEO” card deck seeks to shine a spotlight on "titans of greed." Also, in the aftermath of the UnitedHealthcare shooting, CEO "wanted" posters appeared across New York City, threatening various executives of large companies. An internal police bulletin warned of an online hit list naming eight executives and their salaries. Careful monitoring of social media posts Careful monitoring of social media posts and other sources enables executive protection professionals to analyse data and separate the dangerous threats from the merely negative ones. Sadly, positive support of the UnitedHealthcare shooting was expressed by the 300,000 or so followers of the shooter, who became a celebrity of sorts. A huge outcry of negative sentiment toward the insurance industry led to fear that copycat incidents might occur. “There has been an unprecedented amount of positive support for committing murder,” commented Kucera. Executive protection requests HR executives can be at risk, especially at a time of layoffs or consolidation “Let’s face it, there has been a lot of controversy, from COVID to the Middle East crisis, to the political campaign, and there is negativity on both sides,” says Kucera. “People have opportunities to pick sides, and there is a lot of sentiment going both ways, and there is a small percentage of people who will act aggressively.” Executive protection requests now extend beyond the CEO to include others in the management ranks of companies. Basically, any public-facing executive is at risk, including anyone who makes statements to the press. Human resource (HR) executives can be at risk, especially at a time of layoffs or consolidation.   Private information on the Internet Typically, an executive is assigned a single armed operative for protection. The firearm serves primarily as a visual deterrent that hopefully makes a potential perpetrator think twice. “When they plan an event like this, their expectation is that it will be a soft target,” says Kucera. “If there is an officer, it gives them pause.” Controversial or high-profile CEOs are typically protected 24/7, including when they travel with their family. Adding risks is the fact that private information is now posted on the Internet, including where an executive lives and where their children go to school. Internet monitoring  Internet monitoring also includes the “dark web,” which includes sometimes dangerous information “We offer social media monitoring, and we advise them to be more careful with what they post,” says Kucera. “We monitor reactions to posts including any that might be threatening. We watch social media carefully if a company announces earnings or a change in their service or product offering.” Internet monitoring also includes the “dark web,” which includes sometimes dangerous information that is intentionally hidden and requires specific software, configurations, or authorisation to access.   Own layer of protection Public and government officials can also come under fire in a variety of scenarios. FEMA officials faced threats after the recent floods in the Southeast, for example, among other situations where perceived unfair treatment promotes thoughts of retribution.  Although government agencies have their own layer of protection, there are instances when they call on companies such as Allied Universal for additional help.  Ad hoc protection for various executives In the aftermath of the UnitedHealthcare shooting, calls to Allied Universal’s Command Centre increased by 600%, reflecting requests for ad hoc protection for various executives.  These requests are in addition to the company’s business providing “embedded” operatives that travel with executives all or some of the time. On that side of the business, requests for services are up probably 300%, says Kucera. {##Poll1742194323 - Has the recent increase in violent threats changed your company's view on executive protection?##}

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of this problem has emerged in the consumer and political worlds, the issue cannot be ignored when it comes to the authenticity and protection of video and security data. Video surveillance data SWEAR is a company with the mission to ensure the integrity of video surveillance data by mapping video data and writing it into the blockchain, providing real-time, immutable proof of authenticity. Blockchain, which is the underlying technology that enables cryptocurrencies, is a decentralised digital ledger that securely stores records across a network of computers in a way that is transparent, immutable, and resistant to tampering. SWEAR solution The SWEAR solution is based on proactive, foundational protection that validates data at the source The SWEAR solution is based on proactive, foundational protection that validates data at the source before any opportunity for manipulation can occur. “Our technology is about proving what’s real and our goal is to ensure that security content and video surveillance data remain untampered with and reliable when needed,” says Jason Crawforth, Founder and CEO of SWEAR. Real-time authentication Security leaders need to ensure that the content they are relying on to make mission-critical decisions is authentic. Once verified, organisations can be sure that their investment in video can be trusted for critical use cases, including intelligence operations, legal investigations, and enterprise-scale security strategies. SWEAR seeks to embed trust and authenticity directly into video surveillance content at the point of creation. This ensures real-time authentication while proactively preventing tampering or manipulation before it can happen.  AI-generated content The rise of AI-generated content, such as deepfakes, introduces significant challenges As AI transforms the landscape of video surveillance by enhancing threat detection and predictive analysis, it also introduces the very real risk of manipulation through AI-generated content. This presents a significant challenge in protecting critical security data, especially in mission-critical applications. The rise of AI-generated content, such as deepfakes, introduces significant challenges when it comes to ensuring the protection of digital media like video surveillance.  Recent study findings It is a fact that digital media content is being questioned more regularly, which puts businesses, legal systems, and public trust at risk.  A recent study from the Pew Research Center found that 63 percent of Americans believe altered videos and images create significant confusion about the facts of current issues. Last month, California Governor Gavin Newsom signed three bills aimed at curbing the use of AI to create fake images or videos in political ads ahead of the 2024 election.  Footage authenticity “While most of the news cycle has centered on the use of fake content in politics, we need to think about how manipulated videos could affect security,” says Crawforth. “In video surveillance, ensuring the authenticity of footage is critical for keeping operations secure and safe around the world. That means verifying and protecting video data is a must.”  Organisations must be capable of performing thorough digital investigations, which involve retrieving and analysing video and security data from devices and networks through a chain of evidence. Digital forensic capabilities Strong digital forensic capabilities also enhance incident response, risk management, and proactive security An in-depth understanding of who has handled video data, how it was handled, and where it has been is an important step in responding to security incidents, safeguarding assets, and protecting critical infrastructure. Strong digital forensic capabilities also enhance incident response, risk management, and proactive security measures, all essential for risk management, regulatory compliance, and cost control, says Crawforth.  An unbroken chain of custody “By using tools to identify, preserve, and analyse digital evidence, organisations can ensure swift and accurate responses to security incidents,” he adds. “Using the latest tools and techniques is vital for maintaining a strong security posture." "But you must ensure your digital content isn’t manipulated.” SWEAR’s technology provides an unbroken chain of custody, ensuring that video evidence can be trusted and admissible in court and forensic applications.  Authenticating content Authenticating content also strengthens accountability and trust, protecting organisations By verifying video content is protected from tampering, manipulation, or forgery, organisations can be sure that they have reliable evidence that produces actionable results. Authenticating content also strengthens accountability and trust, protecting organisations from legal disputes or compliance violations.  Safeguarding digital content “With an increasing amount of disinformation in today’s world, we sought to develop an innovative solution to safeguard the integrity of digital content,” says Crawforth. SWEAR safeguards security content using real-time “digital DNA” encoding. It integrates directly at the video management system level, ensuring it is preserved with a secure chain of custody and maintains integrity for evidentiary purposes.  Real-time “digital DNA” encoding The digital DNA is then stored on a blockchain, creating an immutable record The solution integrates with cameras and other recording devices to map this digital DNA of the video data, all in real-time. The digital DNA is then stored on a blockchain, creating an immutable record that tracks the content’s history and integrity. Any attempt to manipulate the media can be instantly detected by comparing the current state of the media to its original, authenticated version. SWEAR is actively collaborating with video management solution providers to integrate the technology into their platforms. Video and security data benefits “We’re still in the early stages of our collaboration in this space, but it is clear that the industry recognises that we have to work together to mitigate this risk proactively before it becomes a significant issue,” says Crawforth. “The feedback we have received from the industry to date has been beyond our expectations, and we expect to have more integration partners to highlight shortly.”  “We should approach this as a collaborative effort across the industry, as ensuring the authenticity of video and security data benefits everyone involved,” says Crawforth. 

Stratas is a UK-based specialist in document automation, finance automation, and intelligent document processing (IDP). Its solutions help organisations automate processes underpinned by documents and improve control across finance and operations.   Stratas needed a new, secure, and scalable data storage solution after notification that its remote storage provider planned to discontinue services. Richard Webb, the company’s Professional Services Technical Consultant, explains: “We weren’t confident that the physical servers were being properly maintained. Our provider was using older machines and running Windows Server 2012, which presented us with reliability and security challenges. If we had continued with our arrangement, things would have had to change.”    Solution   After considering several options, Richard and his team selected Node4’s Virtual Data Centre (VDC) offering – the company’s managed, hosted Infrastructure as a Service platform. As the first step in deployment, Node4 set up a bespoke landing zone to assist Richard with data migration from his organisation’s legacy servers. Node4 also configured VDC access via a secure, high-speed VPN. Public cloud solution “We told Node4 from the outset that we wanted a managed, hosted environment. We’re a lean business with no physical premises and didn’t want the overheads and complications of managing physical servers,” Richard comments. “On paper, a public cloud solution might have seemed logical. But we run several niche applications with specialised workflow and process requirements. Node4’s VDC was a better fit – we got the scalability and flexibility of public cloud without the complexity and administration headaches. But we also benefit from Node4’s support and expertise. It’s the best of both worlds.” Node4’s data centre  “We also wanted our data to remain in the UK on servers owned by a UK company,” he acknowledges. “That’s important for GDPR compliance and data sovereignty." "It was also a bonus that Node4’s data centre is just down the road from us, so we’re hyperlocal, I guess. It all adds to the feeling that we’re not dealing with some faceless conglomerate – that there are real people on hand with a genuine interest in helping our business to thrive.”     Results   Stress-free migration   With the landing zone operational and VPN connectivity established, Richard and his team began migrating applications and clients to their new Virtual Data Centre. “Clients using our invoicing and accounting service can’t be offline for a long time – especially around month-end. So, although it was slower for us, we migrated one customer at a time at a rate of about five per week,” he explains. “Node4’s landing zone also allowed us to test migrations to ensure everything worked as expected before going live. This kept downtime to an absolute minimum and reduced many of the risks associated with migration to hosted environments.”    Enhanced backup, recovery and resiliency    Richard and his team immediately benefited from switching to Node4’s virtual data centre. “Our previous provider offered only basic backups, and their infrastructure lacked resiliency,” he recalls. “We could start work on a Monday and, without any prior warning, find half our servers were down. Switching to Node4’s virtual data centre with modern, resilient servers – alongside built-in comprehensive backup and disaster recovery – improved our day-to-day operations and customer experience right from the outset.”   Richard admits that the connectivity and reliability improvements far exceeded anything he’d hoped for. “It’s amazing! Even basics like logging in are easier. On our old system, it would take several attempts, and there was always a chance you’d get kicked out after a couple of hours. Getting online first time probably saves each of us around ten minutes a day. That may not sound much, but it quickly adds up as the weeks and months go by.”    Advanced, integrated security    Richard also notes that the VDC offers a range of security benefits, including firewall defences, DDoS protection and secured instances. “We’re planning to introduce multi-factor authentication to access our VPN. It’s a vital identity management tool for all businesses,” he comments. “But especially ones like ours with a 100% remote workforce.”   Consumption-based model: Pay for used compute, network and storage    Richard is also keen to highlight the advantages of a consumption-based model. “The VDC is fully self-service. We can adjust compute, network, storage, and services on demand with just a few clicks – giving us complete control over our environment and costs." "This is important right now and also helps us plan ahead; for example, we can now see a pathway to rolling out AI and advanced automation in the coming years.”    Transparent pricing    “I like the fact that VDC pricing is transparent,” Richard admits. “We did our due diligence and looked at a few other companies. Their project and operational costs seemed lower. But there were lots of gotchas – like fixed data charges and data limits – hidden in the small print. So, when we weighed it all up, Node4, with its consumption-based pricing, was far better value and a much better organisational fit.”    He concludes: “What does that mean on a day-to-day basis? Currently, we’ve scaled requirements as we’re carrying out some server consolidation work. But all that extra capacity is still there for us. And while we’re waiting, we’re not being charged for it. That’s a huge benefit. It helps us remain competitive and responsive to changing market and economic conditions.”

St John’s College, one of the historic colleges of the University of Oxford, has significantly strengthened its cybersecurity posture with the implementation of a Managed Vulnerability Management (MVM) programme delivered by long-term partner ANSecurity.   Founded in 1555, St John’s supports a diverse community of more than 600 students, a large number of staff and over 100 academic fellows across multiple sites in Oxford. With a small in-house IT team and growing cyber threats, the college needed a proactive solution to improve visibility, reduce risks, and free up internal resources. MVM service After more than 13 years of collaboration, the college turned to ANSecurity to design and deploy an MVM service built on Tenable Nessus. The service includes daily credentialed scans, automated vulnerability notifications, remediation validation, and monthly strategic reviews with ANSecurity consultants. Measurable results Since launching the programme in May, St John’s College has achieved: Over 50% reduction in critical and high-severity vulnerabilities Resolution of systemic issues such as broken Windows Updates, unsupported software, and weak cipher suite configurations Improved ability to challenge vendors using outdated or insecure systems Strategic resource allocation, allowing IT staff to focus on high-impact security tasks Matt Jennings, IT Manager at St John’s College Oxford said: “This service has freed up internal resources and helped us stop playing ‘whack-a-mole’ with vulnerabilities. We now know what to focus on, and how to do it. The support from ANSecurity has been invaluable in helping us become more strategic and effective.” Proactive cycle of risk management The programme has also introduced a proactive cycle of risk management, with daily monitoring of public-facing systems, monthly vulnerability summaries, and overnight verification of patch updates. St John’s College has worked with ANSecurity since 2013 on projects including firewall replacements, wireless network deployments, and strategic consultancy. The MVM programme marks the latest step in the college’s modernisation of its cybersecurity defences.  Matt Jennings added: “ANSecurity have always been responsive, professional, and understanding of our requirements. Their engineers are not only experts in their field, but also able to explain complicated issues clearly. We look forward to working with them for many years to come.”

Elegance, design and entertainment – that’s what the new Grand Sapphire Resort & Casino in Iskele, in the east of the Turkish Republic of Northern Cyprus (TRNC), stands for. This exclusive hotel complex, located directly on the beach of the Karpaz Peninsula, offers guests top-level service, stunning architecture and a very special highlight: a casino with 42 live game tables and over 300 slot machines across a 2,700 m² gaming area. To ensure that guests not only have an impressive but also a safe experience, Grand Sapphire relies on a customised video surveillance solution from Dallmeier. The “Made in Germany” video technology ensures around-the-clock security and efficient processes – not only through high product quality, but also through the highest standards for data protection and data security. Data protection requirements One of the main requirements was the complete monitoring of gaming areas  When the casino was opened, the security team at the Grand Sapphire Resort faced the task of implementing a modern casino security solution that would ensure both guest safety and smooth operations. “Our goal was to create a top-tier casino environment – and that includes a security concept that combines quality, data protection and efficiency,” explains Bayram Tegay, General Manager at Grand Sapphire. One of the main requirements was the complete monitoring of gaming areas, especially the live game tables, without interfering with day-to-day operations. At the same time, an exceptionally high level of data protection had to be maintained. Strict compliance regulations “In Northern Cyprus, casinos face especially strict compliance regulations,” says Yücel Çalişkan, Surveillance Manager at the resort. “Our department operates in full isolation from the rest of the organisation. Protecting sensitive data is not optional for us – it is the very foundation of our work.” Integrated surveillance concept The team opted for a comprehensive video surveillance system from Dallmeier The team opted for a comprehensive video surveillance system from Dallmeier, planned and implemented by Dallmeier Türkiye. The customised security concept was visualised and preconfigured using the 3D camera planning tool PlanD. “PlanD offered the customer 100% planning reliability,” says Orhan Yörükoğlu, Director of Dallmeier Türkiye A.Ş. “Project stakeholders could see in advance exactly which camera would cover which area and what the overall project scope would be. That was enormously helpful for decision-making.” Precision from eight meters above All cameras were installed at a height of approximately eight meters on the ceiling  All cameras were installed at a height of approximately eight meters on the ceiling – a technical challenge solved through the use of high-resolution cameras with suitable optics. For seamless surveillance of the 42 live game tables, slot areas and entrances, the installation combines Dallmeier PTZ and dome cameras. To provide a full overview of the gaming floor, a Panomera S8 multifocal sensor system is used. Thanks to its unique optical design, Panomera delivers a complete overview of the casino floor while still allowing detailed zoom-in views where needed. Central control room In the central control room, four operators work per shift on three 27-inch monitors each, while 18 large-format monitors provide overall visual control. Recording is handled redundantly via IPS 10000 network video recorders. The entire system is managed using the Hemisphere VMS platform operated on four VMC Touch workstations. For non-public areas, ONVIF-compatible third-party cameras are used, and their data is also fully integrated into the Dallmeier system thanks to Hemisphere’s open system architecture. Facial recognition Another key feature is the integration of a Corsight facial recognition system, operated on dome cameras Another key feature is the integration of a Corsight facial recognition system, operated on dome cameras. The system automatically identifies blacklisted individuals when they approach the casino entrance and notifies both front desk and security personnel in real time. “This feature not only helps us enforce bans, but also strengthens our guests’ sense of security,” says Çalişkan. “We receive alerts within seconds if a blacklisted individual tries to enter the casino.” Although the casino is open from 12:00 noon to 6:00 am, the surveillance system operates 24/7. This ensures that potential threats such as break-ins or tampering outside of business hours are reliably detected. In day-to-day operations, the system significantly speeds up incident resolution – for example, in the case of misunderstandings between dealers and guests. Closed network architecture The entire system operates within a completely closed network – with no physical or wireless interfaces to other systems, no cloud connectivity, and no mobile access. This architecture ensures full data security and regulatory compliance. Internally, strict policies are in place: surveillance staff are not permitted to have contact with employees from other departments. This underscores the critical role of data protection in the casino environment of Northern Cyprus. The current system architecture is designed for seamless future expansion. AI-based functions and video content analytics (VCA) can be integrated at any time if required. Security meets efficiency With the Dallmeier solution, Grand Sapphire benefits from a state-of-the-art surveillance system that not only meets the highest security standards but also supports operational efficiency. Casino Manager Bayram Tegay concludes: “The image quality, system responsiveness and support have really convinced us. For us, it was absolutely the right decision. Thanks to Dallmeier, we can make well-founded decisions at any time – quickly, reliably and based on high-quality data.”

With a vast portfolio of smart locks, lock management systems, and connected readers, ensuring strong authentication, data integrity, and compliance with global regulations is essential. To meet these challenges, ASSA ABLOY is leveraging the long-time IoT expertise of HID to implement HID PKI-as-a-Service. This strategic deployment is not just about protecting millions of connected devices but also about future-proofing ASSA ABLOY’s security infrastructure for years to come. Cryptographic assurance: Securing every lock, inside and out ASSA ABLOY boosts trust in its devices, preventing unauthorised clones or counterfeit products A crucial aspect of this solution provides Genuine ASSA ABLOY products — an assurance that every smart lock, reader, and system within the network is verified as an authentic and authorised product.  By leveraging PKI-based identity verification, ASSA ABLOY strengthens trust in its devices, preventing unauthorised clones or counterfeit products from entering the ecosystem. For example, the inside of a lock can only pair with a matching outside component from ASSA ABLOY, ensuring the integrity and security of the entire system. This level of cryptographic trust not only enhances device security but also strengthens protection against counterfeit components or unauthorised modifications. Meeting stringent security and compliance needs As the industry faces increasing regulatory pressure, including the EU Cybersecurity Act and the upcoming Cyber Resilience Act, ASSA ABLOY needed a scalable, automated solution to manage over a million certificates annually. HID’s expertise in certificate management provides enhanced security, reduced complexity HID PKI-as-a-Service enables seamless device authentication, automated provisioning, and hierarchical key management, ensuring compliance with evolving security standards. An essential part of the solution is the offline Root Certificate Authority (CA), which serves as the foundation for secure operations. HID’s expertise in certificate management provides enhanced security, reduced complexity, and operational efficiency across ASSA ABLOY’s global IoT ecosystem. Driving innovation and efficiency By integrating automated bootstrapping and customised attestation certificates, the implementation has significantly improved operational efficiency while minimising manual effort. This allows devices, including those operating offline, to maintain secure provisioning and updates without requiring constant connectivity. Additionally, the system is future-ready, designed to support emerging IoT protocols such as Thread, CoAP, EDHOC, and OSCORE, ensuring adaptability as the industry evolves. Collaborative success The success of this deployment is rooted in a strong alliance between ASSA ABLOY and HID The success of this deployment is rooted in strong collaboration between ASSA ABLOY and HID. A dedicated steering group ensured alignment on global PKI policies and security objectives, leading to a smooth rollout with minimal disruption. “The implementation of HID PKI-as-a-Service wasn’t just about meeting current security requirements, it was about future-proofing our IoT ecosystem for security and scalability,” says Anders Calbom, VP & Head of Technology Solutions, ASSA ABLOY. Major milestone in IoT security   Anders Calbom added: “With the ability to manage over a million certificates annually, we’re now positioned to scale our security infrastructure alongside our business growth.” This initiative marks a major milestone in IoT security, compliance, and operational efficiency. As ASSA ABLOY continues to innovate and expand, HID PKI-as-a-Service provides the secure foundation needed to drive future growth and digital transformation.

Iveda®, a pioneer in AI-driven video surveillance and smart-city technologies, announced that Subic Sun Development, Inc. has chosen the IvedaAI™ platform as the video surveillance solution for the soon-to-open Subic Sun Resort, Convention & Casino. IvedaAI was selected early in the build-out to inform camera placement and ensure frictionless integration with future-ready, AI-powered analytics. Focus on safety and service Located on the former U.S. naval base in the Subic Bay Freeport Zone—a special economic hub that hosts thousands of international and local businesses—the resort will feature 500 guest rooms, a state-of-the-art convention centre, a luxury casino, and two Accor-brand hotels, Ibis Styles and Mercure, scheduled to open in December 2025. The decision comes as global resort operators sharpen their focus on safety, service and operational efficiency. The global resort market generated $347 billion in 2024 and is projected to reach nearly $945 billion by 2030, an 18.5% CAGR. IvedaAI’s AI-enabled video analytics IvedaAI’s AI-enabled video analytics will help property staff lower security costs, respond to incidents faster IvedaAI’s AI-enabled video analytics will help property staff lower security costs, respond to incidents faster and unlock data-driven insights that boost both guest satisfaction and bottom-line performance. “Iveda being selected as a premier security and surveillance provider before the first Subic Sun Resort guest ever checks in is a powerful endorsement of our commitment to providing state-of- the-art monitoring technology,” said David Ly, CEO and Founder of Iveda. IvedaAI’s real-time analytics Ly added: “By designing camera layouts around IvedaAI’s real-time analytics, Subic Sun can optimise coverage, reduce blind spots, and deliver safer, smoother guest experiences—without a costly equipment overhaul. We expect more ground-up projects to follow this blueprint.” Iveda Philippines—Iveda’s joint venture focused on nationwide smart-city deployment—secured the Subic Sun contract and will oversee the on-site rollout. The win represents the team’s first major hospitality project and advances its plan to generate US$ 3 million in smart-city revenue by FY 2026, building on the broader initiative it announced last year.

iCard, a pioneering European e-money institution, has successfully upgraded its customer checks with Regula’s advanced biometric and document verification technologies. By integrating Regula Face SDK and Regula Document Reader SDK with its KYC (Know Your Customer) and risk assessment systems, iCard has moved to speedy, automated verification with improved fraud detection, and enhanced the overall experience for customers in 30+ countries. Implementing Regula’s solutions As a licenced fintech organisation, iCard must comply with strict European KYC regulations while maintaining a robust risk assessment system alongside low-effort customer experience. iCard complies with strict European KYC rules while keeping a robust risk review system Prior to implementing Regula’s solutions, manual verification processes led to inefficiencies, longer wait times, increased fraud, and potential friction for users. Customers often had to re-upload photos or wait for manual reviews, causing delays—especially outside business hours. Additionally, iCard needed a more comprehensive document verification system that was capable of recognising a broader range of ID types. The Regula solution: Fast and fraud-free identity verification To modernise and automate its verification process, iCard selected Regula’s complete solution for document and biometric verification for its industry-leading accuracy, ease of integration, and ability to meet the company’s specific requirements. Regula Face SDK: Integrated into the iCard Digital Wallet app (Android and iOS), it provides fast and reliable biometric verification when a user logs in or performs a money transaction. The solution conducts instant liveness detection and face matching, preventing fraud attempts, including presentation attacks, deepfakes, or injected videos.  Regula Document Reader SDK: Deployed in iCard’s back-office system, it automatically authenticates ID cards, passports, and residence permits, including previously unsupported paper-based IDs. Regula’s solution reads and authenticates data from multiple document zones, including MRZs (machine-readable zones), RFID chips, and barcodes, and cross-validates the information to detect any inconsistencies that may indicate fraud. Tangible business benefits The project was completed in just one month, and the impact has been immediate: Instant identity verification: Customers can now authenticate their identity in under a minute. Reduced operational costs: Automated verification processes have minimised manual reviews. Enhanced fraud prevention: Advanced biometric and document verification strengthen security measures. Increased conversion rates: Faster verification leads to a smoother onboarding experience and reduced drop-off rates. Fast and secure identity verification “Implementing Regula Face SDK and Regula Document Reader SDK has optimised our internal processes while ensuring a seamless experience for iCard Digital Wallet customers." "The integration was completed in a short period, resulting in fast and secure identity verification, improved operational efficiency, and reduced fraud risks—all while boosting customer satisfaction,” says Gabriela Anastasova, Chief Product Officer at iCard. Balancing security and user convenience “In today’s fintech landscape, balancing security and user convenience is critical. Customers expect seamless access, while businesses must comply with strict regulations and defend against sophisticated fraud. We are proud to support iCard in finding that perfect balance." "Our solutions ensure that every identity check is robust, automated, and frictionless, allowing fintech innovators like iCard to scale securely and efficiently,” comments Ihar Kliashchou, Chief Technology Officer at Regula.

Emphasising proactive rather than reactive security shifts the focus from dealing with crises and damage control to prevention. Advantages of a proactive approach include cost efficiency, better business continuity, and fewer crises that draw attention away from strategic improvements. Staying ahead of threats is a core mission of the security department, and technology has evolved to enable security professionals to deliver on that mission better than ever. We asked our Expert Panel Roundtable: How are security systems transitioning from reactive to proactive, and what is the benefit?

Data overload is real. Sometimes it seems we are bombarded by the sheer volume, velocity, and variety of data available in our personal lives, and in our work lives. The solution is to figure out how to make sense of the data and transform it into real information we can use. In the case of physical security systems, new opportunities are emerging every day to utilise data to make our businesses safer and better managed. We asked our Expert Panel Roundtable: What is the expanding role of data in physical security systems? Why does it matter?

New technology advancements significantly increase efficiency and productivity in any industry, including physical security. Enhanced innovation both creates new products and services and improves existing products, all for the benefit of security manufacturers, integrators, and end users. Companies that embrace new technology stay ahead of the curve and gain a significant competitive advantage. In addition, they can differentiate themselves in the marketplace. We asked this week's Expert Panel Roundtable: What are the most promising new technologies in the physical security industry?