Police in the United Kingdom have been testing the effectiveness of live facial recognition (LFR) for several years now, but future uses of the technology have been called into question. The Information Commissioner’s Office (ICO), an independent authority that seeks to uphold information rights in the public interest, has weighed in on issues of data privacy related to LFR, and Members of Parliament (MPs) have called for a moratorium on uses of the technology. The big question is whether...
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
Milestone XProtect Corporate 2019 R2 is the first major video management software product to obtain a complete GDPR-ready certification from EuroPriSe. XProtect Corporate 2019 R2 is the first major video management software product to obtain the highly sought-after EuroPriSe (European Privacy Seal) GDPR-ready certification. With the GDPR-ready certification from the independent and recognised institute EuroPriSe, end-users can be confident that they have the right foundation to build a GDPR com...
Time for an indepth review of IFSEC 2019 in London. This show had fewer exhibitors than previous shows, and the ‘vibe’ was definitely more low-key. Fewer exhibitors meant larger aisles and plenty of room to breathe, and the slower pace provided time for exhibitors to reflect (often negatively) on the return on investment (ROI) of large trade shows. There was little buzz on the first day of the show, but spirits picked up on the second day (when, not coincidentally, some exhibitors...
UK organisations are failing to make progress towards strong cybersecurity and are facing paralysis as cybercriminals become more advanced. This is the conclusion drawn from the findings of the 2019 Risk:Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialised security company and centre of excellence in security for NTT Group. Examining the attitudes of 2,256 non-IT decision makers to risk and the value of security to th...
Ping Identity, the pioneer in Identity Defined Security, announced a significant update to PingOne for Customers, the cloud-delivered Identity-as-a-Service (IDaaS) offering built for developers. The API-first solution can now deliver seamless and secure push notifications from custom mobile applications that can be used for passwordless and advanced multi-factor authentication. The cloud identity solution helps development teams speed time to launch their applications, while also taking securit...
Tavcom Training, part of Linx International Group and IFSEC’s education partner, revealed details of the 24 free-to-attend and CPD-accredited education sessions, which will be presented at the Future of Security Theatre (Stand: IF3140), this year at IFSEC International in London. Tavcom Training has compiled an education programme that addresses many of the most talked about trends and issues amongst security practitioners. Topics being presented by Tavcom Training’s expert tutors include how to counteract the menace of cybercrime, the impact of artificial intelligence on electronics security, future-proofing CCTV networks and improving security through integration. Cybersecurity best practices guidance The BSIA will also join Tavcom Training in the theatre to provide cybersecurity best practices guidanceSessions will also be dedicated to the threat of drone attacks and available countermeasures, the hackability of autonomous vehicles, and whether the security sector is ready for 5G, as mobile operators begin switching on UK networks this year. Also, with issues regarding the use of facial recognition currently hitting the headlines and a year on from the introduction of GDPR, the challenge of running effective video surveillance that balances privacy and security will be debated. The BSIA will also join Tavcom Training in the theatre to provide cybersecurity best practices guidance, whilst the SSAIB will deliver an intruder alarm standards update involving PD6662. Learning to address the security issues Tavcom Training is proud to once again be IFSEC’s education partner and Head of Sales Andrew Saywell, comments: “This year, we have put together a packed programme of the most pertinent topics, delivered by world-leading subject matter experts. Over the three-days, we are offering security practitioners an unmissable opportunity to learn how they can address the issues affecting them today, whilst readying them for what lies ahead.” The Future of Security Theatre will open at 10.45am each day of IFSEC International with an introduction to the Certified Technical Security Professional (CTSP) Register, which is operated by Tavcom Training and supported by the BSIA and SSAIB. CTSP is a publicly searchable online Register of those fulfilling technical roles including installation, maintenance and commissioning of technicians/engineers, auditors and consultants. It is an important initiative that is helping to raise standards throughout the sector.
The world's first fully managed Video Surveillance as a Service (VSaaS) system - Ocucon - has announced that it will provide a free CCTV hardware upgrade for customers of its cloud-based storage as it launches a first-of-its-kind zero capital expenditure model. Breaking new ground in surveillance technology, Ocucon delivers a powerful, cloud-based storage and retrieval platform, combining intelligent data analytics with the facility to store, analyse and retrieve unlimited amounts of HD video surveillance footage from within the Ocucon portal. We’re now able to offer customers the benefits of new CCTV hardware alongside our industry-leading cloud storage"In an industry first, the surveillance technology start-up has announced that customers of its standard cloud-based storage package will now be able to upgrade their CCTV infrastructure at no additional cost. With Ocucon already in talks with 6 out of 10 of the largest retailers in the world, the new business model is expected to further increase demand. Removing hardware costs completely Ocucon Co-Founder Gary Trotter commented: “Whereas some SaaS providers talk about removing upfront costs for hardware but add these in elsewhere, our new Ocucon business model removes hardware costs completely. From the outset, Ocucon’s aim has been to break new grounds in surveillance technology and revolutionise the way in which businesses and organisations record, store and access their CCTV footage. “We know that many businesses are struggling with legacy CCTV systems that are costly to replace and prevent them from utilising industry-leading software and analytics. By working closely with our partners and reimagining the typical surveillance business model, we’re now able to offer customers the benefits of new CCTV hardware alongside our industry-leading cloud storage, with zero capital expenditure from the customer.” Defending against fraudulent cases of slips Ocucon’s innovative pixelation service delivers intelligent cloud-based video redaction tools for GDPR complianceLaunched in October 2017, Ocucon’s award-winning technology revolutionises the ability of businesses to defend against fraudulent cases of slips, trips and falls – currently estimated to cost the UK economy alone more than £800 million a year – by removing physical limitations on the amount of surveillance footage an organisation can save. Since its launch, Ocucon has seen significant interest in both the UK and US and has been recognised by leading UK business awards for its digital technology innovation. Last year, the North East-based firm also launched Ocucon Pixelate. Harnessing the power of artificial intelligence and machine learning, Ocucon’s innovative pixelation service delivers intelligent cloud-based video redaction tools for General Data Protection Regulation (GDPR) compliance. Ocucon recently announced that Pixelate will be launching automatic full body redaction as part of a second generation roll out of its intuitive web-based software. The pioneering new technology will allow users to simply select the people they do not wish to pixelate before footage is automatically redacted in a matter of seconds.
The Boring Lab announced that The Boring Toolbox, a set of performance and maintenance tools to help customers more efficiently manage Milestone Systems’ XProtect video surveillance networks, has added key features for enterprise and large-scale sites with 5,000+ cameras and 100,000+ devices. The Boring Toolbox V3 offers a smoother user experience and optimised performance features, both of which were necessary to support larger installations. The Boring Toolbox allows customers to maintain a higher level of security through streamlining management tools (including bulk password changing, camera settings modifications across dissimilar devices, and providing optimised and hassle-free report generation in Excel). The Boring Toolbox assists in data protection regulation compliance, such as GDPR Assists in data protection regulation In addition, The Boring Toolbox assists in data protection regulation compliance, such as GDPR, since customers can manage medium-to-large scale datasets within VMS systems, rather than having to work on each device separately. Enhancements to Boring Toolbox V3 include: Optimised to reduce loading times of the application by 85% Optimised for large data sets of 4000+ device groups, 100,000+ devices Optimised generating camera report by approximately 60% Bulk IP address updating Compatible with Sivelliance VMS The Boring Toolbox can now manage camera deployments from Arecont, Axis, Hanwha, Sony and BoschThe Boring Toolbox is now compatible with new systems and devices. Siemens Building Technology verified that it is compatible with Sivelliance VMS (video management system). The Boring Toolbox can now manage camera deployments from Arecont, Axis, Hanwha, Sony and Bosch. “The initial release of The Boring Toolbox has been applauded by the Milestone community. After coming off of our recent win as Milestone Solution Partner of the year, we’ve delivered Version 3 to support larger enterprise installations tackle surveillance network issues around cybersecurity and GDPR compliance,” said Ronen Isaac, CEO of The Boring Lab. “Additional integrations with Siemens and camera manufacturers further extends the Boring Toolbox’s value and our promise to make Milestone installations less boring to manage.” The Boring Toolbox V3 is available immediately. Visit The Boring Lab at ISC West in the Milestone Partner Pavilion at booth # 18053.
Honeywell announced a technology integration with Intel that will enable new artificial intelligence (AI) capabilities in its MAXPRO® connected security platform. The new security platform, which will support MAXPRO Network Video Recorders (NVR) and Video Management Systems (VMS), will incorporate Intel® Vision products that enable advanced analytics, deep learning and facial recognition capabilities. These greatly enhanced security solutions will drive cost and time savings by significantly reducing false alarms and will meet compliance requirements such as General Data Protection Regulation (GDPR) through identity anonymisation. Commercial building security “Ensuring the security of commercial buildings and the safety of those within them has always been Honeywell’s top priority,” said Pete Lau, President, Commercial Security, Honeywell. “With emerging technology like analytics, facial recognition and deep learning, Honeywell and Intel are connecting buildings and protecting people like never before.” End users require a solution that combines both building security and IT systems to address the challenge Advances in security and surveillance technology have increased demand for high-definition video and imaging offered by Internet Protocol (IP) cameras. The video surveillance global market is estimated to exceed $68 billion by 2023. At the same time, the technology to properly process the surge in vision data has lagged. End users require a solution that combines both building security and IT systems to address the challenge. AI capabilities and enhanced site security The integration of Intel Vision Products into the Honeywell MAXPRO NVR and VMS products will result in solutions that enhance site security and operator productivity. These integrated, customisable products will accelerate the processing time of each video stream and increase the number of cameras that can stream in real time through a single device. The adoption of Intel® Vision Accelerator Design products will provide Honeywell’s security offerings with advanced AI capabilities with computational efficiency, allowing them to analyse video data with improved detection accuracy. Securing buildings, campuses and banks The Honeywell MAXPRO solution allows customers to process and analyse visual data" “With rapid advances in AI technology fuelled by the influx of enormous amounts of visual data, our customers are presented with powerful new opportunities in multiple areas including edge video analytics and security,” said Jonathan Ballon, Vice President, Intel Internet of Things Group. “The Honeywell MAXPRO solution, powered by Intel Vision Products, allows customers to process and analyse visual data in near real-time to make decisions faster, drive faster time to results and help ensure secure buildings, campus environments and banking institutions.” OpenVINO™ toolkit Beyond the software and hardware integrations, the partnership will also leverage the Intel® Distribution of OpenVINO™ toolkit, which fast tracks the development of computer vision and deep learning inference into vision applications. Through the toolkit, end users can accelerate computer vision performance, shorten vision solution development, and streamline deep learning inference and deployment. The toolkit’s deep learning capabilities will support Honeywell’s Face Recognition analytics, providing another layer of detail in the software that allows it to learn faces of known entities in an organisation. The software is also capable of removing face recognition data it doesn’t recognise in compliance with GDPR requirements. Intel IoT RFP Ready Kits are focused technology offerings that solve a class of market problems IoT Solutions Alliance Honeywell will join the Intel IoT Solutions Alliance (ISA) and participate in Intel IoT RFP Ready Kits. A global organisation comprised of more than 250 technology companies, ISA is dedicated to the development of scalable IoT and machine internet solutions. Intel IoT RFP Ready Kits are focused technology offerings that solve a class of market problems, have been deployed and tested in the field, and provide bundled hardware, software and support. The technology is designed to grow with customer requirements. Honeywell MAXPRO and Face Recognition are among a suite of vision security solutions alongside Xtralis LoiterTrace, an image analysis tool that identifies and tracks suspicious activity, and Xtralis IntrusionTrace, a video analytics program for real-time intrusion detection. The solutions suite is ideal for high traffic, sensitive environments including enterprise campuses, pharmaceutical companies, and banking and financial institutions.
Ocucon’s intelligent video redaction service - Ocucon Pixelate - is set to drastically reduce the cost of CCTV GDPR compliance with the launch of new automatic full body video redaction. Part of a second generation roll out of Ocucon Pixelate’s intuitive web-based software, the introduction of the pioneering full body redaction technology will allow users to simply select the people they do not wish to pixelate before footage is automatically redacted in a matter of seconds. In addition, a new user-friendly manual redaction tool will allow additional features, such as car registration numbers or credit card details to be redacted quickly and easily. Users of Ocucon Pixelate will also notice a new look and feel to the web-based portal as part of the roll out of its intuitive second-generation software. Residential security market Ocucon Pixelate is partnering with Videcon, its main UK distributor, to exhibit at the event and can be found on stand SE50 The new automatic full body redaction functionality will be unveiled at The Security Event, a major new exhibition for the commercial and residential security market at The NEC Birmingham from 9th – 11th April 2019. Ocucon Pixelate is partnering with Videcon, its main UK distributor, to exhibit at the event and can be found on stand SE50. The second generation Ocucon Pixelate software will also be exhibited at Retail Risk London, the risk management and loss prevention event for the retail industry on the 11th April 2019; Security TWENTY 19 in Glasgow on the 30th April 2019; and the Retail Industry Leaders Association (RILA) Retail Asset Protection Conference 2019 in Denver, Colorado from the 5th – 8th May 2019. Harnessing the power of artificial intelligence and machine learning, Ocucon’s innovative pixelation service delivers intelligent cloud-based video redaction tools for General Data Protection Regulation (GDPR) compliance. Outsourced redaction services Whereas traditional outsourced redaction services are time consuming and costly, Ocucon Pixelate allows users to quickly upload and redact CCTV files via a secure web-based portal for a fraction of the cost, with monthly subscriptions starting from as little as £20 per month. Ocucon Co-Founder, Gary Trotter, commented: “Many businesses and organisations don’t realise that if they record and store CCTV footage they could be subject to costly subject access requests. Tougher restrictions around personal data following the introduction of GDPR, can result in organisations needing to pixelate significant amounts of footage and the cost of outsourcing this can be extremely high. Our cost-effective, web-based service, Ocucon Pixelate, already allows organisations to quickly and easily upload and redact video footage and with the introduction of a first-of-its-kind full body redaction functionality, we’re yet again setting a new standard in surveillance technology as the most intuitive and cost effective video redaction service on the market.” Ocucon Pixelate’s key features Pixelate’s innovative software is already used by a number of grocery retailers Originally launched in 2018, Pixelate’s innovative software is already used by a number of grocery retailers, high-street retail and food chains, local authorities and major transport providers. The introduction of the new functionality is expected to drive further demand. Ocucon Pixelate’s key features include: GDPR compliance – including auditable log of video redaction and UK processed data Intelligent automated redaction - select the people you want to pixelate Quick upload via easy-to-use web-based portal Suitable for all types of camera footage, including body-worn cameras Avoidance of high costs associated with traditional outsourcing of video redaction Significantly reduced redaction time compared to manual video redaction methods End-to-end advanced encryption of all footage and secure user access control via multi-factor authentication Intelligent data analytics Customers who already use Ocucon’s powerful, cloud-based storage and retrieval platform also have full access to Ocucon Pixelate and can select video clips to redact from within the cloud. Recognised by business awards for its digital technology innovation, Ocucon combines intelligent data analytics with the facility to store, analyse and retrieve unlimited amounts of HD video surveillance footage from within the Ocucon cloud-based portal. Since its launch Ocucon has seen significant interest in both the UK and US and is currently delivering a number of confidential pilots for supermarkets and retail chains.
Cyberattacks targeting IoT devices and consequently video systems as well are growing more frequent at an unprecedented rate. The things users should consider in their security strategy are highlighted in an information package from the Regensburg-based video equipment manufacturer with information and specific recommended measures. They show that the essential aspects extend beyond the classic instruments of cybersecurity. Security specialists at many banks in several different countries were undoubtedly completely blindsided in 2013 when Russian hacker groups ‘purloined’ a sum totalling more than a hundred million euros in the course of the ‘Carbanak’ campaign: Comprehensive strategy Video systems also make excellent targets in ‘Denial of Service’ attacks, as was demonstrated by the infamous ‘Mirai’ and ‘Persirai’ campaigns In these attacks, surveillance cameras inside the financial institutions were compromised, allowing the perpetrators to secretly view screen contents and keyboard entries and identify employees as spear phishing targets from their name tags or employee IDs, for example. Video systems also make excellent targets in ‘Denial of Service’ attacks, as was demonstrated by the infamous ‘Mirai’ and ‘Persirai’ campaigns. If a company wants to protect itself successfully from attacks of this kind, it is essential to implement a fully comprehensive strategy. The Regensburg-based video technology company Dallmeier identifies five crucial aspects which must function in harmony: consideration of security issues as early as the planning phase, integration in the IT strategy, cybersecurity functions in the systems, data protection, and not least the credibility of the manufacturer. Hardened operating systems Due consideration of security questions should be included in the planning stage, for example by intelligent use of 3D technology. Secondly, it is important to ensure that the planned system is consistent with the company's IT strategy: More and more often, essential resources such as server capacities, or even the entire video security system fall within the purview of the IT department. The fourth aspect should really be practically self-evident since the entry into force of the GDPR For the actual core function ‘cybersecurity’, it is important that systems are equipped with all the requisite "IT security" functions, from hardened operating systems to capabilities for separating networks and up to and including encryption technologies and attack detection capabilities. The fourth aspect should really be practically self-evident since the entry into force of the GDPR, that is to say consideration of data protection issues. Finally, customers should also think very carefully about the manufacturer itself: What steps are taken to safeguard the systems during development and production, is the manufacturer potentially exposed to political pressure, and what provisions are made for security aspects when integrating the systems with each other and integrating third party systems?
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced approach to data security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The importance of data-at-rest encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring drives to be Common Criteria compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing an additional layer of security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries in need of data-at-rest encryption Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing every hardware and software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.
We’re here again. The end of another calendar year, and a time when many organisations are assessing their performance over the past 12 months and finalising strategic plans for 2019. Taking time to reflect on where our industry is at – and what’s likely to happen in the future – is important for all organisations as they set out their long-term goals and tactics. Here are some of the key trends to watch in the months to come and some predictions on their potential to influence, or disrupt, in 2019 and beyond. Providing value with A.I. computer vision No one will be surprised to see artificial intelligence (A.I.), computer vision and similar content analytics listed as a major trend shaping the physical security industry. Solutions employing A.I. (performing a task that would normally require human intelligence) and/or computer vision (extracting, analysing and understanding information extracted from digital images or video) are everywhere. And most would agree our industry has only scratched the surface in terms of their potential. We’re seeing organisations working hard to develop content analytics that perform in an effective, efficient and accurate manner While many companies are focussed on the efficacy of these analysis technologies, there’s been less discussion about how to best leverage them in real-world applications. Ensuring the accuracy of these products is certainly a must, as no one wants to repeat the cycle we saw with security analytics a decade ago, when their promise initially fell far short of expectations. Identifying the real benefit of analytics With A.I., computer vision and similar content analytics, it will be interesting to watch the companies that take the next step beyond proving viability for security purposes to deliver true business applications to the market. Right now, we’re seeing organisations working hard to develop content analytics that perform in an effective, efficient and accurate manner. Many of these organisations are true A.I. and/or computer vision companies, and they are spending a lot of money developing very advanced algorithms. However, there’s still work to be done identifying the real benefit of these analytics for customers as part of comprehensive business intelligence solutions. Until that happens, and customers understand how those benefits apply to them directly, adoption will continue to be lower than all the marketing hype would suggest. Hybrid solutions for data storage Expect to see more hybrid solutions on offer in 2019, incorporating both on-premise storage and cloud storage Another trend that will continue this year is the push toward centralised cloud storage, particularly in enterprise organisations. Expect to see more hybrid solutions on offer in 2019, incorporating both on-premise storage and cloud storage for the retention of more critical data for longer periods. Despite the buzz around cloud solutions the last few years, uptake has not been significant to date for several reasons. A majority of cloud solutions in the physical security space have been pure cloud solutions as opposed to hybrid solutions, and many organisations have yet to embrace the costs and understand the benefits. Most corporations considering a cloud solution are focussed on leveraging cloud storage as a back-up to on-premise storageMost corporations considering a cloud solution today are focussed on leveraging cloud storage as a back-up to on-premise storage in case of a hard drive failure or for archiving video for an extended period. But that’s only the starting point for the power of centralised data. The real benefits will be clear when organisations start applying cloud-based analytics to enhance business intelligence and improve operations including inventory management, marketing and customer service. Expect this to be a growing theme in 2019. Access to affordable bandwidth will also help with cloud adoption. While bandwidth remains an issue for some organisations, it’s becoming less of a barrier as enterprise customers continue to update their networks and capacity. Impact of GDPR on organisations Data protection was another key focus this past year, especially as Europe’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR has impacted not only European organisations but most organisations doing business in Europe. Whether you’re a bank based in Dubai or a retailer headquartered in the U.S., more than likely you’re touching European soil at some point, and therefore you must follow GDPR legislation. The GDPR has impacted not only European organisations but most organisations doing business in Europe It’s now clear that the regulation is casting a much wider net that some anticipated. Expect to see a stream of announcements from manufacturers in 2019 as they continue to enhance and offer new features to customers to support GDPR compliance, or play catch up in some instances. In addition, we will certainly see other jurisdictions issuing their own versions of data protection legislation. California, for example, passed a similar Consumer Privacy Act in June 2018. Often considered a bellwether state, California’s Act likely signals the start of more data privacy legislation to come across the U.S. New companies entering the AI and analytics sector There are a number of startup companies focussed on A.I., computer vision and similar analytics emerging in our marketA final industry shift to track in 2019 is the entry of new companies in the physical security space. As I noted above, there are a number of startup companies focussed on A.I., computer vision and similar analytics emerging in our market. While the majority of them likely won’t make it as standalone companies, many of them will be acquired by larger organisations looking to enter the video-based business intelligence space and/or accelerate market penetration. Because data analytics are becoming such a significant component of today’s ‘big data’ solutions, watch for a number of large, enterprise software companies to start focussing on the security industry. This shift will create a huge disruption in our industry and cause further consolidation. Those are my top predictions for 2019, following what I would consider to be a pivotal past 12 months. It’s a time ripe with opportunity for those companies with a clear vision that correctly anticipates future market demand, and the ability to execute. I look forward to seeing how these next few months unfold.
Attendees strolling the exhibit hall at IFSEC International, 18-20 June, 2019, at ExCel London, will be hearing a lot about artificial intelligence, convergence and GDPR. These industry hot topics are representative of major trends in the industry, from new technologies to new ways of designing systems to new privacy requirements. The education sessions at IFSEC International will also address these timely subjects – and provide a welcome chance to sit down and consider the ‘bigger picture.’ Here are some sessions to consider: Artificial Intelligence The session will examine the ‘connectionism’ aspect of AI with reference to machine learning and neural networks A session on artificial intelligence asks: ‘Will AI change the face of the Electronic Security Industry?’ The session will examine the ‘connectionism’ aspect of AI with reference to machine learning and neural networks. Connectionism, or neuronlike computing, developed out of our understanding of how the human brain works at the neural level. Each neuron in the brain is akin to a simple digital processor, and the brain as a whole is like a computing machine. Has the time come for artificial intelligence and machine learning for security? That’s the focus of another session that will explore where AI is headed and if it can help move security practice from prevention to real-time threat detection. Is AI a technology looking for a problem to solve? Is it mature enough for mainstream usage in security scenarios? Does AI present a ‘double-edged risk’ (i.e., because enterprises and attackers have access to the same tools)? Convergence A combined security approach – unifying physical security and cybersecurity – is a real and immediate need in today’s high-risk and high-threat environment. By leveraging disparate sources of data, organisations can effectively manage a situation in real-time without having to go to multiple individual subsystems to get the job done. A panel session at IFSEC will discuss the concept, reality, and evolution of both physical and cybersecurity teams collaborating in the same Security Operations Centre. Here are some other sessions related to convergence of physical and cybersecurity: How converged security centres respond in real-time to physical and online threats How converged technologies ease prevention and response to unauthorised physical/logical access to corporate facilities and networks How chief security officers can benefit from data analytics and converged platforms to understand the complex physical and cyber risks posed to transport systems. GDPR Whilst the regulations provide a more comprehensive basis in law for the management of personal data The introduction in 2018 of the EU General Data Protection Regulations (GDPR) and Data Protection Act 2018 have elevated compliance requirements for video surveillance systems. That’s the subject of the session ‘GDPR – Video Surveillance: Balancing Privacy and Security.’ Whilst the regulations provide a more comprehensive basis in law for the management of personal data, they are part of a wider legal consideration for security technologies. Transparency, accountability and impacts on privacy must be actively integrated into security systems from the outset to retain the trust of those they affect. The work of the Information Commissioner (ICO) and the Surveillance Camera Commissioner (SCC) with their respective Codes of Practice provide a bedrock for effective governance. The 2018 Biometrics Strategy for the Home Office and their partners addresses the need for clear and transparent arrangements to ensure risks to privacy are weigh alongside the benefits. The session will examine these complexities and look at what owners and operators of security systems must consider when striving to balance privacy and security.
The focus of the global security industry will shift to London this month for IFSEC International, Europe’s ‘integrated’ security event focusing on the latest technologies and the opportunity to learn from the industry’s top leaders and experts. IFSEC will be held from 18-20 June, 2019, at ExCel London, welcoming 27,000 security directors and managers, installers, integrators and distributors. The exhibition at IFSEC may not be as large as previous years, and several big players are conspicuously absent. Even so, there will be plenty of innovation on display, including big exhibitors such as Avigilon, Axis, Dahua, dormakaba, FLIR, Genetec, Hanwha Techwin, HID Global, Hikvision, IDIS, and Uniview. Exhibitions will likely reflect a continuing shift in emphasis away from individual products and toward integrated solutions, including some end-to-end solutions provided by single manufacturers. Also, likely to be abundantly evident at IFSEC will be a trend toward manufacturers who partner together to provide integrated solutions. For example, look for some manufacturers to host other manufacturers at kiosks within their stands. Texecom will explain the value of training and digital services and their impact on the future of the industryValue of security training Emphasis will continue to be on the practical aspects of using technology: Throughout the show floor, designated technicians wearing ‘Show Me How’ badges will provide demonstrations of products and solutions on display at the various stands. Texecom will explain the value of training and digital services and their impact on the future of the industry. The Loss Prevention Certification Board (LPCB) Attack Testing Zone features LPCB’s security experts conducting live attack tests on a range of perimeter and façade security products, as well as safes, security enclosures and padlocks. More than 35 hours of seminar sessions will cover timely topics such as ‘Future Proof your CCTV Networks’, ‘Social Media and Internet Security’ and ‘AI and Machine Learning for Security’. Security topics at the Keynote Arena This year, topics will include video analytics, AI, machine learning, GDPR, Brexit and security in smart citiesThe new programme will replicate last year’s successful changes. The Keynote Arena will again be placed at the heart of IFSEC, sponsored by Western Digital. The Keynote Arena will host influential speakers and real-life case studies to inspire attendees. Topical issues will take front and centre, from cybersecurity to ethical and legal challenges to extremism. This year, topics will also include video analytics, AI, machine learning, GDPR, Brexit and security in smart cities. The Future of Security Theatre will present CPD-accredited sessions and presentations that share a vision of the industry’s future and answer burning questions about critical topics, technologies and issues. Education partner Tavcom will present the programme of education dedicated to the ideas, products and innovations driving the industry’s development. The Converged Security Theatre will highlight new approaches that combine cyber and physical defences to tackle dangerous security threats. Included will be real-time technical solutions enhanced by artificial intelligence, powered by Vidsys and partners. Participation by government organisations The Government Pavilion will feature representatives from government bodies such as JSaRC, DIT, and DSOFor the third consecutive year, The Government Pavilion will feature representatives from government bodies such as JSaRC (Home Office & Counter Terror Unit), the Department of International Trade (DIT), and the Defence & Security Organization (DSO). New this year will be participation by the British Transport Police. IFSEC 2019 will again present a snapshot of how manufacturers from across video, access control and intrusion detection are continuing to innovate and collaborate to stay competitive in the challenging market. Innovations first unveiled in the spring at the ISC West 2019 show in the United States will be promoted anew for the European and global markets. IFSEC will be co-locating with FIREX International, a dedicated fire safety event that attracts 18,000 fire prevention and protection professionals; the FACILITIES Show highlighting building management and workplace technologies; and the Safety & Health Expo, dedicated to innovative health and safety products. IFSEC attendees can access the Smart Buildings Expo, the Workplace Wellbeing Show, and the Sprinkler & Suppression Presentation Area within the co-located events.
Despite any negativity you may hear, Hikvision is optimistic about their role in the U.S. market. “We demonstrate that we can be trusted, and that we should be trusted,” says Jeffrey He, Vice President, Hikvision, and President, Hikvision USA and Hikvision Canada. “We have sound products and technology. Our mission in the security industry is to protect, not to harm. Otherwise why would we be in this industry?” Hikvision is committed to investing in the North American market, where there was ‘positive year-over-year growth’ in 2018 and ‘strong’ sales in Q1 this year, according to Eric Chen, General Manager of Hikvision USA and Hikvision Canada. HikCentral central management software The company’s U.S. focus is shifting from products to solution sales, with emphasis on ‘mid-market’ small- and medium-sized businesses (SMBs). The largest verticals are retail and education, and there are emerging opportunities in the cannabis market. Launch of the HikCentral central management software (CMS) is a component of the company’s solution-sales approach. Launch of the HikCentral central management software is a component of the company’s solution-sales approachMr. He acknowledges the growth of ‘anti-China sentiment’ in the United States and other parts of the world, which he says will impact Hikvision’s operations globally. Specifically, in the U.S., ‘political’ elements impacting Hikvision’s business include ongoing tariffs and a trade war, Congressional calls for export controls and sanctions, and a provision of the National Defense Authorization Act (NDAA) that bans use of Chinese video surveillance products in government applications. Specifying cybersecurity initiatives at ISC West In spite of it all, Hikvision’s message at the recent ISC West show was overwhelmingly positive, and the company also detailed cybersecurity initiatives they say put the Chinese company ahead of many competitors in the industry. Eric Chen came in as General Manager last year; he previously spent a decade working for Hikvision in China. Chen reports solid 18.8% year-over-year growth for Hikvision globally, totalling $7.4 billion last year. He notes the company saw 40% compounded growth between 2010 and 2018. Globally, there are 34,000 employees, 16,000 of whom are research and development (R&D) engineers. Hikvision’s expanding global footprint includes 46 international branches. There are three manufacturing facilities in China, in addition to one in India. HikRewards program for HDP customers At ISC West, Hikvision’s theme was ‘Focus on Your Success’, including introduction of the HikRewards program that provides rebates to HDP (Hikvision Dealer Partner) customers, their core dealer base. A new online Hikvision Knowledge Library for HDPs provides training and reference materials dealers can share with employees. A new tech centre, introduced in December, provides data sheets, product information, and support resources. There is also a North American R&D team headquartered in Montreal. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls A customer satisfaction survey launched in March provided good feedback from customers. “They know who to call if they have a problem,” says Chen. “We want to focus on making customers successful.” The success theme also extends to Hikvision employees, who are featured in videos describing their jobs and enthusiasm for Hikvision. There are some 400 employees in the North American operation. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls. Half of the booth was focussed on solutions, especially retail and education, and also gaming and commercial real estate. Security products displayed at ISC West A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS systemProduct highlights at the ISC West booth included the 32-megapixel PanoVu multi-sensor dome camera, whose 180-degree panoramic image was displayed on a 65-inch monitor. A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS system. Some products new to the North American market, including intercoms, turnstiles, emergency call stations, and under-vehicle inspection, were displayed. Hikvision’s deep learning products are moving into their second generation, including the ability to obscure private information on videos to comply with GDPR/privacy requirements (previewed at ISC West and released later in the year). Algorithm components of Hikvision’s DeepInMind artificial intelligence are being adapted into a platform called AcuSense for value-priced products, which can recognise a human or vehicle and help filter out false alarms. Also being adapted to products with lower price points are the ColorVu system that incorporates visible light LEDs to provide colour images at night, and DarkFighter low-light capabilities. Penetration testing of cameras and NVRs As a global manufacturer, Hikvision faces a high level of scrutiny about cybersecurity, which Mr. Chen says is “a good thing for us,” enabling them to highlight the steps they are taking to improve cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity In September 2017, Hikvision began working with third parties (including Rapid7) for penetration testing (ethical hacking) of its cameras and recorders. That same month, Hikvision set up a Cybersecurity Hotline open to anyone with questions about cybersecurity, including white-hat hackers and researchers. Even before that, Hikvision had an open-door policy on cybersecurity and a program for patching and disclosing responsibility. In February of 2018, Hikvision released a 40-page Cybersecurity White Paper describing cybersecurity testing and processes built into the software development lifecycle. That same month, Hikvision launched an Opened Source Code Transparency Center and offered an open invitation to anyone wanting to inspect Hikvision’s source code and let them know of any vulnerabilities. FIPS 140-2 certification by NIST Hikvision has also become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), which ensures their patching and incident reporting programs have been reviewed by a CNA partnering company. Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVRsIn August, Hikvision received Federal Information Processing Standard (FIPS) 140-2 certification, a U.S. government encryption standard created by the National Institute of Standards and Technology (NIST). Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVR products. Davis said the FIPS 140-2 certification process began before the NDAA ban on use of Hikvision products in the U.S. government, and in any case is a standard that ensures a high level of encryption. “We wanted to make sure we had the same level of technology,” he says. “It was not to win over the government.” Making industry more cybersecure “We are really trying to have third parties test and certify our equipment,” adds Davis. “We are trying to be open and transparent. Education and awareness are key.” “We need the trust of customers in the security community,” says Mr. He. “No matter what, we have to follow the highest standards to offset the concerns and accusations.” In April 2018, Davis became a member of the Security Industry Association (SIA) Cybersecurity Advisory Board to help make the entire industry more cybersecure through education, awareness and standards. Hikvision has also joined the Forum of Incident Response and Security Teams (FIRST at first.org), a global cybersecurity incident response consortium that cooperatively handles computer security incidents and promotes incident prevention programs. Davis has presented Cybersecurity Road Shows in 22 cities in the United States and Canada, and also in Australia and New Zealand. The 90-minute presentations focus on education awareness around cybersecurity and seek to get attendees engaged and aware about cybersecurity in business and also in their homes.
Genetec Inc., a technology provider of unified security, public safety, operations and business intelligence solutions, announces its solutions have been selected by the Royal Borough of Windsor and Maidenhead (RBWM) for region-wide CCTV monitoring and community safety purposes. The new system will result in better coverage across the borough and enable information to be quickly shared with regional police as and when required. At the heart of the programme is a completely refurbished monitoring centre, equipped with the Genetec flagship unified security platform Security Center and other complementary Genetec security solutions. KiwiVision privacy protector The open federated architecture of the Genetec infrastructure provides the foundation for a system that can scale and evolve as needs change These include the KiwiVision Privacy Protector to simplify GDPR compliance, Genetec Mission Control to guide operators in providing a consistent response to incidents and Genetec Clearance for the easy and secure sharing of evidence with local law enforcement. The open federated architecture of the Genetec infrastructure provides the foundation for a system that can scale and evolve as needs change. It also allows RBWM to protect its past investments by retaining the majority of its existing cameras, alongside the 200 that will be added, upgraded or relocated. “The safety of residents and visitors in the borough is a priority, and we are pleased to be installing a new-state of the art system that delivers this,” said Cllr. Mike Airey, cabinet member for environmental services. Improved information sharing “We not only benefit from reduced operating costs and improved information sharing with local police, but we also gain access to cutting edge privacy controls that make it far simpler for us to maintain our compliance with the EU GDPR and other data protection regulations.” The project began when specialist town centre video surveillance consultancy firm Global MSC Security (MSC) was called in to assess the Royal Borough’s existing analogue video surveillance system, its fitness for purpose and how it could be cost-effectively improved. This resulted in a competitive tendering exercise won by Computerised & Digital Security Systems Ltd. Cost-effective response (CDS) who designed a state-of-the-art wireless camera system to support the Genetec open architecture video management system (CDS) who designed a state-of-the-art wireless camera system to support the Genetec open architecture video management system. Some of the key technical benefits delivered by CDS include full HD recording, advance graphical mapping, advanced incident response, customisable and extended video storage retention, and various features to aid data protection regulation compliance such as automated pixelisation of images and end-to-end encryption to enhance privacy controls “Genetec is delighted to see our solutions chosen by the Royal Borough of Windsor & Maidenhead for this well thought out upgrade that will benefit the council, local police and citizens”, added Dan Meyrick, Regional Sales Manager, Genetec Inc. “I would like to thank and congratulate our partner CDS for producing a high quality and cost-effective response that delivered against the customer’s requirements.”
Round table discussion
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week’s Expert Panel Roundtable: How are standards shaping change in the physical security market?
ISC West 2019 is in the industry’s rear-view mirror, and what a show it was! The busy three days in April offered a preview of exciting technologies and industry trends for the coming year. We asked this week’s Expert Panel Roundtable: What was the big news at ISC West 2019?
In many regards, 2018 was a turbulent year for the physical security marketplace, driven by evolving technologies and changing customer needs, among other factors. Year-end is a great time to reflect, so we asked our Expert Panel Roundtable: What caused the most disruption in the physical security marketplace in 2018?