Accellion, Inc., provider of the enterprise content firewall that consolidates, controls, and secures sensitive third party communications, announces key capabilities that protect the sensitive data remote employees access, share and collaborate on while working from home. Hackers tap into a treasure trove of PII, PHI, and IP when they leverage home network vulnerabilities like weak passwords, unpatched software, and connected IoT devices such as smart TVs and virtual assistants. Now, confident...
Egress, the provider of human layer email security, has announced that its Egress Protect solution will be integrated into NHSmail to offer enhanced protection and improve user experience. NHSmail is used by up to 1.5m healthcare staff daily, and is the largest closed secure email network in the UK. The announcement comes as part of NHS Digital’s commitment to use innovative technology to transform the UK healthcare landscape. Effective communication is an integral part of the NHS, and Eg...
At ISC West this year, emerging technologies will be on display to help organisations manage their environments, from the building itself to who’s on the premises and what’s going on at any given moment. Top of mind this year is cybersecurity, compliance and management of security assets as threats rise and governing bodies put regulations in place that businesses need to react to. The good news is that the shift in approach to holistic monitoring of cyber and physical assets can mov...
The Security Industry Association (SIA) has selected Kathleen Carroll as the 2020 recipient of the SIA Committee Chair of the Year Award, which recognises individuals for excellence in SIA committees and advancing member objectives. SIA will present Carroll with the honour at The Advance, SIA’s annual membership meeting, during ISC West. Carroll chairs the SIA Data Privacy Advisory Board and is the founder and managing partner of Seven Seas Strategic Communications, a full-service public...
As the business owner and managing director of Ecl-ips, a CCTV installer, Aaron Kernaghan, has experience of the needs of CCTV operators, installers and those employed to maintain the system. This understanding has led to the development of a new product that will help to ensure CCTV systems are managed more effectively. CCTV Logbook will give users a tool to have all the information about their CCTV system at their fingertips. There is an easy-to use-interface allowing users to log the camera...
Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation. Customers have never had as much control over purchasing decisions as they do today, with the ability to make transactions at the touch of a button for goods and services from the comfort of their own homes or on the move. However, the customer data lying at the heart of this frictionless shopping experience presents an ever more attractive commodity to cyber criminals. Attacks are...
ADT, a provider of security, automation, and smart home solutions serving consumer and business customers in the United States, released key findings from a consumer privacy survey that reveals consumer sentiment on the topic. With many data privacy and security issues in the news, it’s no surprise that 92 percent of respondents feel smart home security companies need to take measures to protect customers’ personal data and information. However, while concerns around privacy are high, more than 40 percent of those surveyed admit they don’t feel knowledgeable on the topic. The smart home security industry has the opportunity to provide leadership and guidance in this area to maintain consumer trust and promote responsible data privacy practices within the industry. Internet-connected smart home security platform We’ve consistently taken great care to protect and connect our customers in the most secure ways possible" “ADT released the first Internet-connected smart home security platform in 2010, and we’ve consistently taken great care to protect and connect our customers in the most secure ways possible, using leading industry standards and best practices to guard their data, privacy and personal information,” said Jim DeVries, President and CEO of ADT. “Where there is consumer confusion about privacy, we as an industry must work to reduce that confusion so consumers can be confident that the products and services we provide to help keep them safe can be trusted. With that trust in place, there can be greater peace of mind.” Key consumer privacy opinion survey findings The explosion of the smart home device category ushered in scores of new manufacturers and brands that may have put convenience before user privacy. However, the ADT consumer privacy opinion survey revealed consumers are now aware of and concerned about privacy as it relates to smart home devices with the top concerns reported to be hacking (75%) followed by government spying on in-home smart cameras (53%) and smart speakers (52%). The survey also uncovered that when it comes to how personal information is shared, consumers tend to be more concerned about how governments (89%) and companies (93%) share their personal information than they are about how they share their own personal information on social media (86%). No data privacy measures These consumer privacy opinion survey findings validate the work we’ve been doing as an industry over the past year" And, despite acknowledging the importance of privacy protocols, most consumers don’t use privacy measures available to them. In fact, fewer than 40% of survey respondents reported having any data privacy measures in place at all. “These consumer privacy opinion survey findings validate the work we’ve been doing as an industry over the past year to create a set of guiding principles, designed to help protect customer privacy and trust in the security industry and member companies, and to unify ourselves around them,” said Frank Cona, Chief Privacy Officer at ADT. Consumer privacy initiative Previously on Data Privacy Day, ADT announced the Consumer Privacy Initiative, an industry-level initiative to unite the smart home security industry and produce clear guiding principles and best practices for how security providers manage consumer data and protect their privacy. Participants, including producers of security products and security related software, implementers and other service providers, and industry associations joined together during the past year to develop a baseline of industry-wide guiding principles for consumer privacy, with input from consumer advocates. The guiding principles are being developed with the understanding that providers of smart home security products and services must continually earn the trust of their customers by prioritizing their privacy as well as their safety. The principles will evolve with the changing smart home and security landscape, addressing top-of-mind issues such as facial recognition and analytics. Current areas of focus include: Privacy by Design - Consumer privacy should be embedded in all areas of the security industry, and that begins with the design of the products used to help protect and connect customers. Transparency - Providers of security products and services must spell out in clear and understandable terms how they collect, use, share, and retain sensitive data. Handling of Audio and Video - Security providers will only share audio or video with first responders with their customers’ prior consent, or as required by law, and will not otherwise access a customer’s audio or video without the customer’s knowledge. Data Correction and Deletion - Security providers will create an easily accessible process for customers to request that personal information collected by that provider be deleted. Customers can also request that data errors be corrected. Guidance and Use - Providers of security products and services will equip customers with information that empowers them to use their security products and services in a manner that better enhances everyone’s privacy. This could involve adjusting data collection settings, setup of cameras, or establishing video and audio data retention timeframes that work best for them. Accountability - Providers of security products and services will commit to additional accountability measures, such as independent privacy assessments. The Consumer Privacy Initiative is an ongoing effort. To date, the following organisations have collaborated in developing the guiding principles, and ADT invite other organisations to join in support of this effort: ADT, a provider of security, automation, and smart home solutions serving consumer and business customers in the United States. Alarm.com, a platform for the intelligently connected property. Electronic Security Association, a trade association in the United States representing the electronic security and life safety industry. Security Industry Association (SIA), a trade association for global security solution providers, with more than 1,000 innovative member companies representing thousands of security leaders and experts who shape the future of the security industry. Sercomm, a manufacturer and supplier of telecom equipment. TrustArc/Nymity, who provides solutions to manage privacy compliance for the GDPR, CCPA and other global privacy regulations. Vector Security, a provider of intelligent security solutions tailored to the needs of the customer.
Axis Communications, the provider of network video technology, publishes its latest whitepaper, Cyber security: the biggest threat to retail which highlights the increasing threat posed by cyber-attacks to today’s retail industry. The paper documents the measures that should be understood by data controllers, loss prevention & security personnel through to heads of operations to ensure the highest levels of security and provide the appropriate education and training for all key stakeholders to effectively mitigate the mounting cyber security threat. Modern retail organisation It has been reported that in the last 12 months there have been 19 significant data breaches The growth in and use of IoT devices and cloud technologies have opened up boundless possibilities for the modern retail organisation across physical and digital platforms. However, customer data is at the heart of a frictionless shopping experience and presents an attractive commodity to cyber criminals, with attacks growing in number on those retailers whose systems are inadequately secured. It has been reported that in the last 12 months there have been 19 significant data breaches, which present a major risk for both retailers and customers. In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. Furthermore, GDPR related fines from the ICO can now be as much as €20m or 4% of global annual turnover, whichever is higher, and demands that necessary steps be taken to guard against attack and protect existing infrastructure. Personally identifiable information Axis’ whitepaper creates awareness of the challenges being faced and looks at how effective cybersecurity lifecycle management of IoT devices will help to better manage security and ultimately maintain customer trust. Collaboration with system vendors, integrators and installers is also hugely important" “Any organisation that generates or manages personally identifiable information (PII), effectively any data that could potentially identify a specific individual, must comply with GDPR. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. The key is to ensure that everyone involved understands the security implications of a breach and how to prevent one.” “Collaboration with system vendors, integrators and installers is also hugely important, and conversations across the supply chain will ensure requirements are met and security risks are adequately addressed,” Steven Kenny, Industry Liaison Architecture and Engineering, Axis Communications. Surveillance camera technology Alongside greater awareness of the need to comply with the GDPR, the Axis whitepaper stresses the importance of looking to guard against system vulnerabilities by working with trusted vendors who can install only those security technologies that are deemed to be Secure by Default. These technologies have been built from the ground up with cybersecurity considerations at the forefront. Technologies that are cyber secure offer peace of mind when connected to a network Technologies that are cyber secure offer peace of mind when connected to a network, and come with assurances that stringent guidelines are followed during the design and manufacturing process. Surveillance camera technology designed and manufactured in this way assures retailers that these security solutions will not be used as a backdoor into the network; such is the risk of introducing non-secured hardware. Addressing cybersecurity risks Key points covered in the retail whitepaper include: Review of cybersecurity challenges – Supply chain attacks, IoT vulnerabilities, the impact of operational downtime GDPR, data protection and privacy – Examining the necessary actions to ensure full compliance with the GDPR and DPA 2018 Video surveillance insights – Understanding how data analysis can inform security and business decisions, and supply chain evaluation Managing security effectively – Processes and tools to help the design, development and testing of systems in accordance with cybersecurity principles Converged security – A collaborative approach to addressing cybersecurity risks Video surveillance systems Many organisations have re-evaluated their entire strategy in order to ensure full GDPR compliance" “The retail industry is deemed the most at risk to cyber threats. It is crucial to find the balance between enhancing the customer experience and maintaining GDPR compliance; providing adequate security whilst not violating customer privacy,” says Graham Swallow, Retail segment lead, Northern Europe, Axis Communications. “While video surveillance systems are a necessity within the retail environment, many organisations have re-evaluated their entire strategy in order to ensure full GDPR compliance. Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies.” Connected physical security systems This whitepaper provides retailers with expert guidance, highlighting the appropriate policies and procedures around the cybersecurity of IoT devices, and reinforces the importance of selecting trusted vendors and partners. Axis is passionate about using technology to help create a smarter and safer world. This is demonstrated by a commitment to helping retailers understand the benefits of connected physical security systems that deliver on the promise of better protection of the business and customer.
The automatic or semi-automatic analysis of data plays an increasingly important role in video security technology. Here, the image quality is decisive for the result of the analysis. At the GPEC 2020 trade fair, Messe Frankfurt, Europe's closed specialised exhibition for police and security authorities, from 18 to 20 February 2020, Hall 11, Booth E068, the German manufacturer of video information technology Dallmeier will show visitors how they can implement future-proof video analysis applications. A lecture by Dallmeier Safe City expert Frank Salder at the conference "Video Intelligence 2020" completes the trade fair presence. Precisely defined image quality There is hardly a better way to extract all kinds of data from complex contexts with relatively little effort than a video image. The possibilities range from "crowd analysis" for counting people in public spaces to the securing of "sterile areas" with the help of AI-based object classification. Despite all the enthusiasm for such innovative assistance systems, one thing is often underestimated; the importance of data quality. As a result, according to the rule "Quality In, Quality Out", the quality of the analysis results can of course only be as good as the image quality and thus the quality of the input data. Already during the planning stage Dallmeier offers customers the possibility to precisely define the so called "pixel density" values defined according to DIN EN 62676-4, such as 62.5, 125, 250 pixels per metre (px/m) in every part of the monitored area, depending on whether, for example, 62.5 px/m is required for an AI-based object classification or 250 px/m for court usability to identify individuals. Patented Panomera technology The imageless data acquisition to generate anonymised data also plays an important role The patented multifocal sensor cameras "Panomera" from Dallmeier, which have recently been awarded the European patent in addition to the German patent for their functionality, can provide the required minimum resolution for video analysis even over large areas. Even if several operators independently zoom in on relevant events, the system continues to record the remaining scene. This combination of the advantages of PTZ and megapixel cameras enables police and security officers to obtain an optimal overview of the situation, while still being able to search with the required minimum resolution, even within recorded footage. Since a Panomera system replaces many individual single-sensor cameras and their infrastructure, operators can keep the total cost of ownership to a minimum. Data protection Dallmeier's AI-based systems support emergency services not only by means of an intelligent pre-selection of events, people counting, automatic object tracking or forensic evaluation. The imageless data acquisition to generate anonymised data also plays an important role. Regardless of the video analysis application, the German manufacturer Dallmeier equips its technology components with state-of-the-art functions for data protection and data security. This ensures that police and security authorities can use Dallmeier systems in the most diverse scenarios in absolute compliance with data protection regulations, e.g. according to GDPR.
“Normally when we talk about trends and the future, we are actually thinking more about the present. The reason we are keen on understanding trends is because we want to know how they will affect our current business and how we should act now to avoid being outdated.” Significant changes have shaped the security industry during the last decade, and more exciting innovations should be expected in the 2020s. Emerging technologies and applications, such as multi-dimensional perception, UHD, low light imaging, artificial intelligence, and cloud technology, open new possibilities for the security industry. At the same time, millions of cameras and other security devices are being connected into networks, making the security industry a very important part of the future IoT world. Hikvision shares their thoughts on a few key trends that will affect the security industry in 2020, and probably even longer into the future. Multi-dimensional perception Video cameras integrated with centimetre and millimetre wave radars are becoming popular in object detection For security cameras, image capturing simulates the sense of sight, extending the power of people’s “eyes.” But what if security cameras could use other kinds of “senses,” like “hearing,” “smelling,” or even detections that are beyond visual range, to identify and respond to incidents? For example, video cameras integrated with centimetre and millimetre wave radars are becoming popular in object detection. With deep integration of radar and video, a multi-dimensional camera extends perception beyond visual range to improve the detection of objects and movement tracking, up to a distance of 100 meters and in any weather. Another approach is the integrated automobile horn-detection camera. Equipped with sonar arrays, this camera can precisely detect and locate the source of a vehicle’s horn, while identifying the vehicle and generating photos and videos of the event as evidence. This ability can help reduce noise pollution on roadways and in communities with rules against the unnecessary use of horns. More “senses,” like smoke detection, heat detection, or even pressure detection, can be embedded in cameras to precisely monitor and report events or incidents. The multi-dimensional perception trend will powerfully shape security systems and endow them with more capabilities to create safety in the near future. Multi-intelligence cameras The computing power of security cameras has been enhanced greatly with the increased performance of AI chips Artificial intelligence applications have been slowly emerging in the security industry for many years already, but most AI-powered security cameras can only run a single algorithm because of the limitation of computing power, which means they can incorporate only one intelligent function at a time, counting people or counting cars, for example. Now, the computing power of security cameras has been enhanced greatly with the increased performance of AI chips. Multi-intelligence technology will be the trend for the next generation of AI-empowered cameras as several intelligent tasks will be accomplished by one camera. Vehicle intersections can be used as an example. In many cities one can see ten or more cameras installed at intersections to detect traffic flow, to identify violations, to detect vehicle types and license plate numbers, protect sidewalks, and so on. But now, with multi-intelligence cameras, two or three cameras will be enough for an intersection. Since fewer cameras will be equipped for one application scenario, the cost of equipment, installation and maintenance and management will all be reduced. Moreover, scenario-defined cameras will become common as manufacturers can insert different algorithms into security cameras according to specific application scenarios, allowing customers to choose customised functions for their needs. Proactive and comprehensive security systems Proactive video analysis enables deployment of valuable comprehensive security systems Merely reactive CCTV systems will no longer meet the demands of security operations teams as they are often looking for new opportunities to enhance their operational efficiency. Many customers are now asking for proactive and comprehensive security systems that combine CCTV monitoring, alarm systems, access control, and even fire protection. With the development of AI technology, monitoring processes of CCTV systems are becoming more automated by analysing live and recorded video to detect, classify and track predefined objects. These processes can be especially effective in proactively identifying events as they happen and extracting information instantly from recorded video. Meanwhile, proactive and intelligent video analysis enables deployment of valuable comprehensive security systems and improves the return on investment for integration of CCTV and non-CCTV systems. For example, now, when a camera detects an incident, a linkage will trigger the alarm system automatically, telling security personnel to check the surveillance camera live feed. Conversely, when alarm, access control or fire protection systems report an incident, the CCTV system will be activated to verify what actually happened. Digital transformation to increase productivity is a business imperative for most organizations nowadays, and proactive and comprehensive security systems will be the direction for security operations to increase their efficiency and value. Ultra-high definition UHD is benefiting from improvements in transmission and encoding technologies People want to see more and see with more clarity; thus pursuing ever higher image resolution has been a key driving force in the development of security industry technology. After the HD era, the Ultra High Definition (UHD) era will be the natural next step. UHD used to mean “expensive cost”, but now UHD is benefiting from improvements in transmission and encoding technologies. It is becoming more and more cost-effective for large-scale use in the security industry, from entry levels to the top. With greater bandwidth and lower latency transmission technology, the smooth transmission of UHD images is becoming possible, and widespread adoption of 4K and 8K resolution cameras will meet real opportunities. Furthermore, continuously optimised encoding technology, which is vastly decreasing the bitrate of video, is another stimulus for UHD applications in the security industry. As the bitrate of recorded footage is greatly reduced, bandwidth and storage costs are reduced as well. Visibility, any time and any condition Low light imaging technologies have become more and more popular in the security industry Most security incidents happen at night, but images and footage from conventional security cameras may easily lose colours and critical details in ultra-low light environments. Low light imaging technologies have become more and more popular in the security industry, enhancing the visibility of objects for identifying details at any time and in any condition. Another important innovation is thermal imaging, which can detect the heat information of any object with a temperature above absolute zero. Taking advantage of heat zone imaging, thermal imaging technology allows cameras to “see” in low-visibility conditions, such as fog, smog, rain, and snow, even at night. And thermal cameras have huge potentials in various applications, like perimeter defence, fire detection and temperature measurement. Moving to the cloud As mentioned at the beginning, more security devices, including cameras, are being connected over the Internet, making them parts of the IoT world. Thus, “moving to the cloud” has been a focus for the security industry, especially for video surveillance operations. Why are people enthusiastic about the cloud? It’s because cloud services can bring vast benefits in efficiency, flexibility, cost-effectiveness, and security. Among security operations, video surveillance as a Service (VSaaS) has been a major trend in the security industry as it is an ideal choice for small and medium-sized businesses to move their video-based security systems to the cloud. It is a technology to host the hardware and software of security operations in the cloud, so that users can access their IP cameras and IoT devices and check video footage or alarm linkage from anywhere. Since no on-site server installation and system configuration is needed, it is often more convenient than traditional video surveillance solutions. On the cloud, users can distribute costs over a contract term and pay for exactly and only the services that are used. With VSaaS, system integrators are able to provide services for their clients using the cloud For enterprises running chain stores, demands on VSaaS are increasing greatly. Moving video surveillance services to the cloud, these businesses can quickly and economically centralize their security operations and remotely check the status of their stores. To greet the “moving to the cloud” trend, security system integrators are also taking hold of VSaaS as it is a good chance to strengthen their business models. With VSaaS, system integrators are able to provide services for their clients using the cloud, such as system checks and remote maintenance, and consistently scale their business with efficiency. Higher demands on cybersecurity With millions of security devices being connected in IoT, security systems are evolving from single and isolated to open and connected. People are getting more and more concerned about the security of their data and privacy, and accordingly have set higher demands for the security industry on cybersecurity. To help minimise the risk of security breaches, a multi-layered approach, including network, application, and device layering, that addresses a full range of cybersecurity threats concurrently will be demanded and expected by security organisations and IT departments. Security manufacturers, will also have to cover the security of their products throughout the whole lifecycle. 5G, big data affect the industry Just as 2020 is the beginning of a new decade, we expect to see a new decade of innovation in technologies and applications. Along with the prominent security industry trends mentioned above, other trends such as 5G, big data, smart enterprise operations, and stricter data protection regulations like EU’s GDPR, might also greatly affect the industry in the 2020s.
ExtraHop, the leader in cloud-native network detection and response, announced its top predictions for the cybersecurity and technology industries in 2020. Informed by insight from customers, partners and industry analysts and insiders, ExtraHop leaders predict a year of tool consolidation, headline-grabbing breaches and a shifting industry focus on what makes a successful tech start-up. The Year of Deeper Scrutiny for Fast-Growth Companies: “2019 was a tough year for heavily hyped, fast-growth companies going public in Silicon Valley. Several companies that raised huge rounds ultimately failed to deliver expected results or even approach profitability after they went public, and Wall Street was not amused. In 2020, we expect the investment community to more deeply scrutinise companies' financials and business fundamentals, ultimately leading to the support of companies who deliver on their promises, are capital-efficient with sound vision and innovation, and have truly sustainable business results and models to back them up.” - Arif Kareem, CEO File hashing has been the default mechanism for detecting malicious threat activity" Antiquated Threat Detection Methods like File Hashing and Signature-Based IDS Waste Time: “Since the 1990s, file hashing has been the default mechanism for detecting malicious threat activity, despite the fact that it's ineffective against modern attacks that use polymorphic or fileless methods to go undetected. The same goes for signature-based IDS, which are extremely noisy while providing very little actual alert context. Security teams will continue to rely on these antiquated methods of detection because they are expected to, regardless of how well they work in today's threat landscape.” - Jesse Rothstein, CTO and co-founder Accountability for the Ethical Use of Users’ Data: “Recent headlines tell of giant data corporations like Google and Facebook monetising users' data and lacking sufficient transparency in these activities. There’s already been significant social backlash, but in 2020 we predict that users will demand companies not just follow the often-dated laws, but that they also do what’s right. Regulations like GDPR and CCPA are helping to bring more clarity around what’s appropriate, but 2020 will be the year that the industry is held accountable for the ethical, in addition to regulatory-compliant, use of personal data.” - Raja Mukerji, CCO and co-founder A Slowing Economy Will Force Tool Consolidation: “In security programs, it's been very difficult to turn tools off. What gaps will I create? What unintended consequences will I see? As the economy has rolled along over the last decade, most security programs have had the necessary funding to add new tools and retain legacy tools under the guise of risk management. Economic slowdown is likely to change all of that, as investments in new technology will require cost savings elsewhere. A tighter economy will finally cause us to pull the plug on legacy security tools.” - Bill Ruckelshaus, CFO A tighter economy will finally cause us to pull the plug on legacy security tools""Observability" Will Gain Ground as Both a Concept and a Vocabulary Term in Security and DevOps: “Observability is a term that several companies are using to describe the practice of capturing metrics, logs and wire telemetry, or sometimes other data sources, mostly in the DevOps space. The value of correlating insights from these data sources has gained enough ground that vendors need a word for it. Observability, The SOC Visibility Triad, and other terms have been spotted in marketing materials and on big screens and main stages at security and analytics conferences. In 2020, we'll see heated competition to control the vocabulary and mental models that enterprises and vendors use to discuss and market security best practices regarding gathering multiple data sources and correlating insights between them.”- John Matthews, CIO A Major Information Leak from a Cloud Provider is Coming: “In 2020, we are likely to see a major information leak from a cloud provider. While at the same time the cloud providers are providing many useful built-in tools, it's not clear that they are using their own tools to secure themselves. As a further prediction, the leak will not effectively diminish migration to the cloud. As we have noticed with other breaches, they do not significantly erode confidence in the services.” - Jeff Costlow, CISO 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers" The Wave Begins Towards Security Tool Consolidation: “Organisations will take a strong look at the number of security vendors within their ecosystem in 2020 to determine overlap and begin a move towards consolidation of tools. The winners will include those that have proven their API superiority and ability to work together within an organisation’s ecosystem. The losers will be those who have not proven their ability to strengthen core security.” - Chris Lehman, SVP of Worldwide Sales A Vendor Will Be Responsible for a Major Breach of Data Due to Phoning Home: “In 2019, ExtraHop issued a security advisory about the vendor practice of phoning data home and how this is happening without the knowledge of customers. The problem with this practice is that it expands the attack surface via which that data can be breached, exposing it to threats within the vendor’s environment. 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers. Regulations like GDPR have imagined exactly this type of scenario and laid out specific requirements for data controllers and data processors. But when such a breach occurs, it will have broad impact and implications.” - Matt Cauthorn, VP Security The Big IoT Breach is Coming: “In 2017, major ransomware attacks crippled the networks, and operations, of major global organisations. While those attacks did billions in damage, for the most part, IoT devices were left unscathed. But sooner or later, and probably sooner, the big IoT breach is coming, and it could have global implications. Whether it happens in the US or abroad, in healthcare, shipping and logistics, or manufacturing, IoT devices around the globe are fertile hunting grounds for attackers. Taking down every connected device, from telemetry sensors to infusion pumps to mobile points-of-sale, could easily grind operations to a halt.” - Mike Campfield, VP of Global Security Programs
SureCloud, the provider of cloud-based, Integrated Risk Management solutions, has been placed on Gartner’s Magic Quadrant for IT Vendor Risk Management Tools for the first time after being recognised on Gartner’s Magic Quadrant for Integrated Risk Management Solutions back in July 2019. The quadrant names 16 key solution vendors identified by Gartner as offering vendor risk management (VRM) solutions. VRM solutions enable organisations to accurately ascertain the security and compliance risks associated with their IT third-parties, creating a centralised register of these parties and integrating this with wider risk management processes. Highly configurable software-as-a-service We think it underlines our ability to offer a truly comprehensive third-party risk management solution" Richard Hibbert, CEO and Co-Founder at SureCloud, said: “We are delighted that SureCloud has been included in the Magic Quadrant for IT Vendor Risk Management Tools; we think it underlines our ability to offer a truly comprehensive third-party risk management solution.” “Our flexible, scalable and highly configurable software-as-a-service (SaaS) delivery model, combined with managed service options, is proving particularly attractive to organisations looking to build a robust, central view of their vendor assurance program.” Security and risk management Third-party risk management is a vital part of any organisation’s cybersecurity posture, with many third parties having access to highly sensitive data and offering criminals a potential route into their organisations. Demonstrating a clear awareness of each third party’s approach to security and risk management is also an increasingly significant element of privacy regulations such as the GDPR. In response, SureCloud’s Vendor Risk Management solution is designed to offer a smooth and scalable means for organisations to assess and review all their IT third party vendors for potential risks. IT risk management processes The SureCloud Vendor Risk Management solution offers: A centralised register of all third-party IT vendors, giving a holistic view of risk A dynamically generated risk-assessment for each third party, ensuring they are only asked questions which apply to them Automated third party notifications and response reporting. Full integration with wider IT risk management processes and data privacy programs.
There’s a lot of hype around the term ‘digital transformation.’ For some, it’s the integration of digital technology into everyday tasks. For others, it’s the incorporation of innovative processes aimed at making business optimisation easier. In most cases, digital transformation will fundamentally change how an organisation operates and delivers value to its customers. And within the security realm, the age of digital transformation is most certainly upon us. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality. No longer are the cloud, Internet of Things (IoT) and smart cities foreign and distant concepts full of intrigue and promise. Enhancing business operations We’re increasingly seeing devices become smarter and better able to communicate with each other These elements are increasingly incorporated into security solutions with each passing day, allowing enterprises the chance to experience countless benefits when it comes to enhancing both safety and business operations. The term ‘connected world’ is a derivative of the digital transformation, signifying the increasing reliance that we have on connectivity, smart devices and data-driven decision-making. As we become more familiar with the advantages, flaws, expectations and best practices surrounding the connected world, we can predict what issues may arise and where the market is heading. We’re increasingly seeing devices become smarter and better able to communicate with each other through the IoT to achieve both simple goals and arduous tasks. Within our homes, we’re able to control a myriad of devices with commands (‘Hey Google...’ or ‘Alexa...’), as well as recall data directly from our mobile devices, such as receiving alerts when someone rings our doorbell, there’s movement in our front yard or when a door has been unlocked. Analytics-driven solutions The focus is now shifting to the business impacts of connectivity between physical devices and infrastructures, and digital computing and analytics-driven solutions. Within physical security, connected devices can encompass a variety of sensors gathering massive amounts of data in a given timeframe: video surveillance cameras, access control readers, fire and intrusion alarms, perimeter detection and more.As the data from each of these sensors is collected and analysed through a central platform, the idea of a connected world comes to fruition, bringing situational awareness to a new level and fostering a sense of proactivity to identifying emerging threats. The connected world, however, is not without its challenges, which means that certain considerations must be made in an effort to protect data, enhance structured networking and apply protective protocols to developing technology. Physical security systems We can expect to see the conversations regarding data privacy and security increase as well As the use of connected devices and big data continue to grow, we can expect to see the conversations regarding data privacy and security increase as well. Connectivity between devices can open up the risk of cyber vulnerabilities, but designing safeguards as technology advances will lessen these risks. The key goal is to ensure that the data organisations are using for enhancement and improvements is comprehensively protected from unauthorised access. Manufacturers and integrators must be mindful of their products' capabilities and make it easy for end users to adhere to data sharing and privacy regulations. These regulations, which greatly affect physical security systems and the way they're managed, are being implemented worldwide, such as the European Union's General Data Protection Regulation (GDPR). In the United States, California, Vermont and South Carolina have followed suit, and it can be expected that more countries and U.S. states develop similar guidelines in the future. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality Automatic security updates Mitigating the concerns of the ‘connected world’ extends beyond just data privacy. IoT technology is accelerating at such a pace that it can potentially create detrimental problems for which many organisations may be ill-prepared - or may not even be able to comprehend. The opportunities presented by an influx of data and the IoT, and applying these technologies to markets such as smart cities, can solve security and operational problems, but this requires staying proactive when it comes to threats and practicing the proper protection protocols. As manufacturers develop devices that will be connected on the network, integrating standard, built-in protections becomes paramount. This can take the form of continuous vulnerability testing and regular, automatic security updates. Protocols are now being developed that are designed to ensure everything is encrypted, all communications are monitored and multiple types of attacks are considered for defensive purposes to provide the best security possible. IoT-connected devices Hackers wishing to do harm will stop at nothing to break into IoT-connected devices Built-in protection mechanisms send these kinds of systems into protection mode once they are attacked by an outside source. Another way for manufacturers to deliver solutions that are protected from outside threats is through constant and consistent testing of the devices long after they are introduced to the market. Hackers wishing to do harm will stop at nothing to break into IoT-connected devices, taking every avenue to discover vulnerabilities. But a manufacturer that spends valuable resources to continue testing and retesting products will be able to identify any issues and correct them through regular software updates and fixes. ‘IoT’ has become a common term in our vocabularies and since it’s more widely understood at this point and time, it's exciting to think about the possibilities of this revolutionary concept. Providing critical insights The number of active IoT devices is expected to grow to 22 billion by 2025 — a number that is almost incomprehensible. The rise of 5G networks, artificial intelligence (AI) and self-driving cars can be seen on the horizon of the IoT. As more of these devices are developed and security protocols are developed at a similar pace, connected devices stand to benefit a variety of industries, such as smart cities. Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches to ensuring a city is well-run and safe. For example, think of cameras situated at a busy intersection. Cameras at these locations have a variety of uses, such as investigative purposes in the event of an accident or for issuing red-light tickets to motorists. But there are so many other possible purposes for this connected device, including providing critical insights about intersection usage and traffic congestion. These insights can then be used to adjust stoplights during busy travel times or give cities valuable data that can drive infrastructure improvements. Physical security market The impact of connected devices on cities doesn’t stop at traffic improvement. The possibilities are endless; by leveraging rich, real-time information, cities can improve efficiencies across services such as transportation, water management and healthcare. However, stringent protections are needed to harden security around the networks transmitting this kind of information in an effort to mitigate the dangers of hacking and allow this technology to continuously be improved. Whether you believe we’re in the midst of a digital transformation or have already completed it, one thing is certain: businesses must begin thinking in these connectivity-driven terms sooner rather than later so they aren’t left behind. Leveraging smart, connected devices can catapult organisations into a new level of situational awareness, but adopting protections and remaining vigilant continues to be a stalwart of technological innovation within the physical security market and into the connected world.
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced approach to data security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The importance of data-at-rest encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring drives to be Common Criteria compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing an additional layer of security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries in need of data-at-rest encryption Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing every hardware and software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.
Securing New Ground, the security industry’s annual executive conference this week in New York, offered food for thought about current and future trends in the security marketplace. Highlights from SNG 2019 included keynote remarks from security leaders at SAP, Johnson Controls and the Consumer Technology Association, discussions on how CSOs mitigate security risks, topic-focused thought leadership roundtables and a lively networking reception. Top trends observed at the event include cybersecurity, data privacy, facial recognition and artificial intelligence. A "View from the Top" session covered the need for companies to consider responsible use and ethics around technology; responsibility should extend throughout the organisation. A panel of security leaders emphasised the need to understand the diversity of risks that end users face. As the Internet of Things (IoT) expands connectivity, the inputs, outputs and "attack surface" also expand. It's critical to have security "baked" into products themselves, and also to undertand the mission of the organisation being protected, the context and correlation. Technologies transforming security market Keynote speaker Gary Shapiro, President and CEO of the Consumer Technology Association, listed the many technologies that will impact the consumer electronics market – and the security market – in the near future: artificial intelligence (AI), voice recognition, the transition to 5G and self-driving cars.As the Internet of Things expands connectivity, the inputs, outputs and "attack surface" also expand “What we're seeing today is a huge turning point in where the world is going,” said Shapiro, whose organisation presents the giant CES trade show each year in Las Vegas. “It’s not just about jobs and technology, but who we are and how we address fundamental human rights.” Privacy is a component of human rights, but “in the world of AI, there is a tradeoff between innovation and privacy”. Balance between security standards Shapiro sees Europe as representing one extreme of privacy, epitomised by General Data Protection Regulation (GDPR), which he sees as stifling innovation. Meanwhile, China is pushing innovation using massive amounts of data with no regard to privacy. The United States, therefore, should look for a balance that acknowledges the inevitability of innovation while respecting privacy and realising it is “always situational.”With new technologies, biometric ID and cybersecurity issues, your business is in a strong and growing place" Too much concern for privacy comes at a cost, Shapiro said. “Privacy zealots are killing facial recognition, step by step by step,” he said. “Regulators should not throw away the baby with the bathwater. Every technology in history has been used to cause evil and to do good. Throughout history any new technology could have been banned and made illegal.” Shapiro offered encouraging words to the security marketplace, even in the wake of large tech firms such as Amazon entering the market. “With new technologies, biometric ID and cybersecurity issues, your business is in a strong and growing place,” he said. “There is opportunity. There will be increasing new things people want, and always new threats. People will want what you're providing, which is physical and technology security in their facility.” Scott Schafer, Chairman of the Board of the Security Industry Association (R), interviewed Steve Jones, CEO, Allied Universal, on stage about the importance of merging technology with security officers Allied Universal CEO Steve Jones discussed holistic approach Steve Jones, CEO, Allied Universal, was interviewed on stage about the importance of merging technology with security officers for a holistic approach to securing a facility. “Today, customers are asking us to look at their facility holistically and asking: What is my best approach?” said Jones. A holistic approach includes protecting people, the facility, intellectual property (IP), and how to handle visitors. Manguarding perspective on security Allied Universal looks at security from a manguarding perspective and also from a technology perspective, based on their daily experience managing security for 40,000 customer sites across the United States and Canada.Allied Universal has a new handheld technology platform that uses AI “We are in a unique position in the channel,” said Jones. “We know the stats at any customer site. We know the last time there were repairs on cameras, which card reader is malfunctioning, how long the systems company takes to respond to a call. We are at these locations 24/7 and have an intimate relationship with customer. We are a significant influencer in the decision-making process. We have an opportunity to have a voice, and to build a business around it.” Predictive security “We are looking for technology that will enhance the security of the customer,” said Jones, including situational awareness and analysis of data to predict patterns. Allied Universal has a new handheld technology platform that uses artificial intelligence (AI) to analyse data, predict outcomes, and prescribe optimum responses. Workforce development – hiring and training new employees – is a big issue for Allied Universal, which last year interviewed more than a million applicants to find around 100,000 employees. They are targeting every demographic, and last year hired 33,000 veterans. The company is using technology to help with the massive recruiting effort, including AI to analyse applicant qualifications and a computer-generated avatar to conduct the first online interview. Future security challenges Jones sees the rapid increase in the homeless population in the United States as one of the biggest security challenges of coming years. The rapid increase in the US homeless population is one of the biggest security challengesMany businesses face the prospect of homeless individuals living in front of their buildings, possibly using drugs or approaching customers. “It has become a real threat,” he said. “When they are living in front of your buildings, in many cases, there are ordinances that allow them to be there so the police will not get involved. It falls on the facility owner and private security to address the problem. Given the large homeless population we have now during good economic times, I don’t know what it will look like in an economic downturn.” Human side of security An SNG session on the human side of security observed that people are the biggest source of vulnerability. Companies should foster a "safety climate" in which security is integral to operations and viewed as something that helps employees rather than create hassles. Human resources is now a technology field and should work together with security to achieve shared goals. At the consumer and small business level, cybersecurity must also be top-of-mind and built into a security companies' DNA. SNG attendees heard about opportunities to move beyond providing products and devices to providing experiences, by partnering with customers to protect what matters most to them. While a bit of inconvenience comes along with security, products should be built in a way that is easy to use, with security baked in. The results are systems people are comfortable engaging with every day. Securing New Ground is presented by the Security Industry Association (SIA).
Ethics is a particularly important subject in an industry such as fire and security because the result of unethical actions might make the difference in life and death. For example, if an employee acts unethically when servicing a fire extinguisher, the result could be to burn down the building. Although ethics is not a common topic of discussion in the fire and security industry, perhaps it should be. Chubb Fire and Security is a company that provides an example of how an emphasis on ethics can benefit a company, their employees, their customers and the whole world. Fire safety and security risks “The fire and security industry is different than others because lives and people’s safety are on the line,” says Harv Dulay, Director of Ethics and Compliance at Chubb Fire and Security. “Our purpose is to protect clients from fire safety and security risks. This is a business where no one should take short cuts. It is important to do the right thing all the time, every time, and it’s about protecting lives and property.” At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start" “At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start,” says Dulay. “Within the bible are core fundamental rules about what’s acceptable and not acceptable. We lay it out for employees very specifically. They understand and embrace the code of ethics, which is based on trust, integrity, respect, innovation and excellence.” “If you get those right, the business moves in the right direction. A key piece of our ethics policy is based on trust. We relate to others with openness, transparency, and empathy. It makes Chubb a better place to work and enables us to provide better service to customers.” Fire audit For Chubb, ethics is not just theoretical, but ethical concepts play out every day in practical ways. An example might be an engineer who goes to a customer’s site and is asked to do a task that is outside his or her duties and/or not allowed under the ethics policy. The pressure might be even greater if the employee is struggling to meet a sales figure. The code of ethics addresses specific situations and outlines the behaviour that is expected. In another example, a customer asked a Chubb technician to forge a certificate saying the customer had previously passed a fire audit in order to validate his previous year’s insurance. Showing ethical integrity, the technician was able to cite the company’s Code of Ethics and refuse to do it. The technician also reported the situation to his Ethics and Compliance Officer. Customers benefit, too. Delivering ethics excellence It’s a message heard from the top down, from everyone in the company" One of Chubb’s sales associates immediately reporting a situation in which all the tenders and competitors’ prices were visible as they prepared a tender for upload to a customer portal. Not only did the sales associate deliver ethics excellence by reporting the issue, he also helped a grateful customer who thereby avoided anti-trust issues, says Dulay. “Ethics is not just a current issue,” says Dulay. “It’s embedded in our values and has been since the beginning. Ethics is making sure people do the right things.” Ethics is integrated into the Chubb business model, and everyone knows what is expected of them. “It’s a message heard from the top down, from everyone in the company.” On-line training modules Ethics discussions begin for employees at Chubb when they join the company; clear instructions about ethics are included as part of employee induction. There are nine modules of ethics training during employee orientation, and a discussion with an Ethics and Compliance Officer is part of the onboarding process. The training program includes information about ethics, company expectations around ethics, where to go for questions about ethical issues, and details of the anonymous ombudsman program. Additionally, field staff are trained by their supervisors via regular face-to-face ethics toolbox talks. Office staff complete a series of on-line ethics training modules regularly. A series of supervisor-led trainings encourage managers to deliver face-to-face ethics training to their team, citing real-life examples. Healthy discussions are encouraged to deal with any ‘gray areas.’ Worldwide implementation of data security Some 14,000 employees globally have multiple options when it comes to reporting an issue Dulay estimates that ethics and compliance officers spend about half their time answering questions and clarifying for employees what’s expected in the code of ethics. Some 14,000 employees globally have multiple options when it comes to reporting an issue, and there are full-time Ethics and Compliances Officers in every country where Chubb does business. A reflection of Chubb’s global approach to compliance is their worldwide implementation of data security requirements of Europe’s General Data Protection Regulation (GDPR); the company saw the benefits of the program for any jurisdiction. Training and education are part of Chubb’s investment in ethics. For example, a recent module on ‘respect in the workplace’ covered the need to create a company culture in which everyone feels respected. “Training and continuous communication are embedded in the organisation,” says Dulay. Managing potential conflicts proactively “We invest in the process,” says Dulay. “We have had employees who left the company and then come back. They realised the importance of ethics and rejoined us. We start with the foundation that we would rather lose business than give up our ethical standards,” says Dulay. Some business is not worth getting if you don’t adhere to your values" “We won’t abandon our policies even if there is money at stake. Some business is not worth getting if you don’t adhere to your values. We manage potential conflicts proactively by creating and instituting methods in which employees have access to tools they can use to be successful and adaptable in times of change,” says Dulay. “Also, we will not tolerate retaliation against any employee who reports wrongdoing – regardless of the outcome of the investigation.” Forming good ethics behaviour And while there is no specific monetary value assigned to good ethical practices, success can be measured. “We measure it by people’s conduct, the number of cases we have, and awareness,” says Dulay. “It’s good for employee morale, and it’s good for customers and our business. It’s not measurable, but it is fundamental for business and customers.” “The work we do as a company can impact people’s lives so it is important that everyone has an understanding of the importance of their role,” says Dulay. A common misconception about ethics is: “If no one is watching, it must be ok.” However, Dulay says it is the things employees do when no one is watching or checking in on them that form good ethics behaviour. During training, Chubb emphasises that ethics is about doing the right thing, all the time even if no one is watching.
As police use of live facial recognition (LFR) is called into question in the United Kingdom, the concerns can overshadow another use of facial recognition by police officers. Facial recognition is incorporated into day-to-day police operations to identify an individual standing in front of them. This more common usage should not be called into question, says Simon Hall, CEO of Coeus Software, which developed PoliceBox, a software that enables police officers to complete the majority of their daily tasks from an app operating on a smart phone. Time-consuming process There are two different use cases for facial recognition in the context of law enforcement" “Verifying the identity of an individual standing in front of you via facial recognition should be no more controversial than taking a fingerprint for the same purpose,” says Hall. “We are not talking about mass surveillance here, but the opportunity to use technology to make an officer’s day more efficient. Verifying a person’s ID is a time-consuming process if you have to take them to the station, so being able to do this more quickly should be welcomed as a positive step to modernise policing.” Because the use of facial recognition by police has proven to be a divisive topic, Simon is eager to highlight the distinction between the use of facial recognition for ID verification and the more controversial mass surveillance that some police forces have trialed. “There are two different use cases for facial recognition in the context of law enforcement,” says Hall. Number-plate recognition “Firstly, there is facial recognition to verify a person’s identity (typically done face-to-face with the individual concerned and using the Police National Computer [PNC] database). This is no more controversial than taking an individual’s fingerprint to verify their ID but can be conducted more quickly if the officer has the capability on their smart phone. The second common use of facial recognition is to identify suspects quickly via mass surveillance. This is more controversial.” The focus for PoliceBox is ID verification only, he adds. The focus of facial recognition for PoliceBox is ID verification only First, there is the matter of consent. In the context of facial recognition in public situations, it is very difficult to inform everyone that they are being observed, so they cannot give their informed consent, says Hall. Then there is the inability for people to ‘opt out’ of the process. Unlike with driving a car, where one can technically opt-out of the rules of the road (and avoid technologies like number-plate recognition) by choosing not to drive, there is no such option for facial recognition. National surveillance system Secondly, many-to-many matching (matching lots of images to lots of database records) is more likely to produce false matches, resulting in possible perceived harassment of individuals who happen to match a person of interest, notes Hall. The government is openly exploring plans to develop a national surveillance system using facial recognition Lastly, Hall says there are legitimate concerns that the technology could be misused for discrimination or exerting control over populations. In China, for example, where facial recognition technology is already widely used in the commercial sector, the government is openly exploring plans to develop a national surveillance system using facial recognition. “Mass surveillance can be used in two ways; real-time, whereby ‘people of interest’ are flagged up as soon as a match is detected, and historical, where the movements of individuals around the time of a reported crime are established after the event,” says Hall. Repeated false matches “These two modes probably require different types of safeguards. For example, it may be appropriate to obtain a warrant to search historical data, to prevent Cambridge-Analytica style mining of personal data. For real time data, safeguards against repeated false matches are needed to prevent harassment of falsely matched individuals.” Properly implemented, facial recognition can be consistent with the GDPR. The principles are no different from obtaining a fingerprint to confirm identity, where consent would normally be given. For PoliceBox, using fingerprint or facial identification is typically a time-saving solution, benefitting both parties, instead of going to the police station and establishing identity there. Signed consent can be obtained on the spot using a secure on-screen signature. The PoliceBox solution is based on the UK legal framework and would also be appropriate for countries whose laws are similar to the UK Facial recognition algorithms Fingerprints and facial images can be automatically deleted once used to establish identity. There are special provisions for the collection of personal data for law enforcement purposes without consent, and some test cases for mass surveillance could go through the Information Commissioner’s Office (ICO). This is particularly significant where private operators are concerned. PoliceBox solution is also internationalised and can be used in different languages The PoliceBox solution is based on the UK legal framework and would also be appropriate for countries whose laws are similar to the UK. It is also internationalised and can be used in different languages. Facial recognition algorithms and databases are typically implemented by the relevant law enforcement body (such as the Home Office) and not directly within the product, which acts as a front-end to those systems. Public sector organisations Hall sees several remaining challenges related to police use of facial recognition: The adoption of cloud-based software-as-a-service (SaaS) solutions within the public sector. The existing infrastructure in the public sector has evolved over a number of years and there are significant legacy systems in place that need to be refreshed/replaced; Need for proven technology. Public sector organisations are risk-averse and often insist on being able to reference existing installations, which creates a Catch 22 problem when introducing new technology as someone has to be first; Interrupting business-as-usual. Most organisations already have some form of an existing solution. Even if this system provides poor ROI and is extremely dated, one must still overcome ‘the better the devil you know’ policy; A reluctance by some suppliers to share information with other solutions via APIs. This has stifled innovation for some time. Improving officers’ wellbeing These challenges are slowly being overcome. “I am confident we will soon see an accelerated adoption of platforms such as ours to deliver the financial and efficiency savings that are needed to bring the public sector into the 21st century,” says Hall. One of the biggest themes to come out of the recent Home Office Review into frontline policing was the need to improve officers’ wellbeing. Law enforcement has to deal with some of the most difficult and harrowing situations on an almost daily basis. The administrative burden can also be problematic, says Hall. “If we can help to reduce the administrative burden placed on officers – even by a little bit – the overall improvements in effectiveness and well-being when magnified across a whole force will be significant.”
hagebau is an association of some 360 trading companies offering building products at more than 1700 locations across Europe. Employing around 500 staff, the Schneider group of companies has its headquarters in Erlstätt and runs 13 hagebaumarkt stores around Traunstein, most of them in the Upper Bavaria region. Thousands of customers visit these stores every day to browse the wide range of products on offer. Busy day-to-day operations and a high turnover of goods pose significant challenges in terms of the safety of customers and employees, as well as on-site inventory protection. Cybersafe and 100% GPDR-compliant “Introducing digital solutions into our locations is one of our biggest challenges,” explains Martin Wohlmayer, Head of IT and Organisation at Jos. Schneider GmbH. “To do this, we need highly reliable solutions that are cybersafe and 100% GPDR-compliant.” User rights can be assigned, meaning that access to the video material is 100% GDPR-compliant" The in-store video surveillance system has an enormous amount to monitor on a daily basis. Theft, burglary and incidents in parking lots are just a few of the key sensitive issues. The company’s forward-looking strategy also means that any current investments need to be flexible, straightforward and expandable to tackle future challenges. Managed via MxManagementCenter The Traunstein store is the ninth hagebaumarkt in the Schneider Group to be fitted with MOBOTIX technology. 134 MOBOTIX cameras have been installed in total, 19 of them in Traunstein. Special MOBOTIX outdoor cameras monitor the outdoor area, delivering crystal-clear images at any time of year, day or night. This means that all incidents that occur in parking lots or in outside areas are captured. The cameras are managed via MxManagementCenter (MxMC.) Various levels of user rights can be assigned, meaning that access to the video material is 100% GDPR-compliant. MxMC also features an interface to the POS system so that any POS discrepancies can be immediately resolved. Customer counts and footfall analysis are also integrated to further optimise customer service and customer satisfaction. Monitoring the retail space Using just the MOBOTIX cameras that were monitoring the retail space in Traunstein hagebaumarkt, inventory discrepancies resulting from theft were able to be resolved. But MOBOTIX camera surveillance offers much more than anti-theft protection: The user can analyse the footage, allowing them to adjust the range of products as required and improve product positioning — an optimal approach for increasing sales potential.
Genetec Inc., a technology provider of unified security, public safety, operations and business intelligence solutions, announces its solutions have been selected by the Royal Borough of Windsor and Maidenhead (RBWM) for region-wide CCTV monitoring and community safety purposes. The new system will result in better coverage across the borough and enable information to be quickly shared with regional police as and when required. At the heart of the programme is a completely refurbished monitoring centre, equipped with the Genetec flagship unified security platform Security Center and other complementary Genetec security solutions. KiwiVision privacy protector The open federated architecture of the Genetec infrastructure provides the foundation for a system that can scale and evolve as needs change These include the KiwiVision Privacy Protector to simplify GDPR compliance, Genetec Mission Control to guide operators in providing a consistent response to incidents and Genetec Clearance for the easy and secure sharing of evidence with local law enforcement. The open federated architecture of the Genetec infrastructure provides the foundation for a system that can scale and evolve as needs change. It also allows RBWM to protect its past investments by retaining the majority of its existing cameras, alongside the 200 that will be added, upgraded or relocated. “The safety of residents and visitors in the borough is a priority, and we are pleased to be installing a new-state of the art system that delivers this,” said Cllr. Mike Airey, cabinet member for environmental services. Improved information sharing “We not only benefit from reduced operating costs and improved information sharing with local police, but we also gain access to cutting edge privacy controls that make it far simpler for us to maintain our compliance with the EU GDPR and other data protection regulations.” The project began when specialist town centre video surveillance consultancy firm Global MSC Security (MSC) was called in to assess the Royal Borough’s existing analogue video surveillance system, its fitness for purpose and how it could be cost-effectively improved. This resulted in a competitive tendering exercise won by Computerised & Digital Security Systems Ltd. Cost-effective response (CDS) who designed a state-of-the-art wireless camera system to support the Genetec open architecture video management system (CDS) who designed a state-of-the-art wireless camera system to support the Genetec open architecture video management system. Some of the key technical benefits delivered by CDS include full HD recording, advance graphical mapping, advanced incident response, customisable and extended video storage retention, and various features to aid data protection regulation compliance such as automated pixelisation of images and end-to-end encryption to enhance privacy controls “Genetec is delighted to see our solutions chosen by the Royal Borough of Windsor & Maidenhead for this well thought out upgrade that will benefit the council, local police and citizens”, added Dan Meyrick, Regional Sales Manager, Genetec Inc. “I would like to thank and congratulate our partner CDS for producing a high quality and cost-effective response that delivered against the customer’s requirements.”
Round table discussion
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week’s Expert Panel Roundtable: How are standards shaping change in the physical security market?
ISC West 2019 is in the industry’s rear-view mirror, and what a show it was! The busy three days in April offered a preview of exciting technologies and industry trends for the coming year. We asked this week’s Expert Panel Roundtable: What was the big news at ISC West 2019?
RFID and smartphone readers in physical access controlDownload
Access control & intelligent vehicle screeningDownload
How plate reader technology increases your perimeter securityDownload
Genetec to host its first virtual tradeshow Connect’DX 2020 to connect with physical security professionals