Acronis, a globally renowned provider of cyber protection, announced the acquisition of CyberLynx, a renowned Israel-based cyber security consultancy firm with a presence in the U.K., Switzerland, and Luxembourg. This acquisition marks Acronis’ third in the past year, which continues the company’s accelerated growth plan. As a premier provider of security audits, penetration testing, and proprietary training solutions, CyberLynx enjoys a global customer presence built on cutting-edg...
Sonatype, the globally renowned provider of innovation-friendly open source security tools, has announced entering into a strategic partnership with Fugue, the company putting engineers in command of cloud security, to deliver the first Infrastructure-as-code (IaC) solution that shifts cloud security left into the developer workflow. Sonatype and Fugue partnership The partnership further advances the missions of Sonatype and Fugue to empower software developers with best-in-class tools so they...
Recently contacted by your credit card company because of a data breach or were you a victim of identity theft? Many of us have either been affected by identity theft or know someone who has been affected. Many consumers are seeking a secure environment that is also user-friendly. Businesses are seeking the same, with absolute certainty, that only valid users can access critical data. How can your company tackle these security and usability requirements while ensuring customer satisfaction...
MOBOTIX AG proudly confirms that all MOBOTIX products and systems comply with the requirements of the United States National Defense Authorization Act (NDAA) and are 100% NDAA-compliant. The NDAA Section 889 contains a new set of guidelines that allow for increased protection against espionage and hacker attacks. In addition, there are named Chinese companies that produce components used for telecommunications purposes, (including security products) that will be no longer be acceptable. For cla...
Fugue, the company putting engineers in command of cloud security, announced next-generation cloud security posture management (CSPM) capabilities to help customers bring their cloud infrastructure into compliance and demonstrate that cloud environments adhere to enterprise security policies. The new features leverage Fugue’s cloud state machine, which captures every resource configuration over time in a cloud environment, and Fugue’s policy engine based on Open Policy Agent (OPA),...
SentryBay, the specialist cybersecurity company well known for its range of solutions designed to proactively protect employees and customers of financial institutions from malicious attackers, has streamlined its browser-based product, Armored Browser. The enhancements speed up implementation and maximise security for users of online banking, brokerage, wealth management, insurance, healthcare, government and eCommerce web portals. The Armored Browser, which is usually branded by the provider...
The renowned intelligent video redaction tool, Pixelate by Ocucon, has been updated with a range of AI features that makes protecting members of the public in CCTV footage quicker and easier, whilst giving more control to the end-user. Pixelate 3 with auto-detection Pixelate 3 has introduced auto-detection and additional functionality, such as a zoom in/out ability, as well as improving on the existing ground-breaking features of this web-based software, including: GDPR compliance – Including auditable log of video redaction and UK processed data Intelligent automated redaction – Built on AI, this feature quickly blurs out individuals Suitable for all types of camera footage, including body-worn cameras Quick upload via easy-to-use web-based portal with new, updated user dashboard Significantly reduced redaction time compared to manual video redaction methods Intelligent video redaction service The update has come as the demand for subject access requests for CCTV footage is set to increase, with the general public’s awareness of GDPR laws continuing to rise. Any member of the public can request footage of themselves, however other individuals featured in the footage must be concealed, blurred, or pixelated to hide their identity. Whereas existing outsourced redaction services are time consuming and costly, Ocucon’s intelligent video redaction service allows users to quickly redact CCTV files via Pixelate’s secure web-based portal for a fraction of the cost, with monthly subscriptions starting from as little as £20 per month. Deploying AI technology Gary Trotter, Co-Founder and CEO of Ocucon said, “We are proud to launch this latest version of Pixelate. After listening to feedback from our clients, the team has worked tirelessly to create a smoother, quicker, and easier experience for users to redact people and sensitive information in CCTV footage.” Ocucon is currently delivering a number of confidential pilots for major supermarkets and retail chains He adds, “Pixelate truly is unique in its offering and Ocucon continues to research and develop AI technology that will only make GDPR compliance even easier and smarter in the future.” Cloud-based storage and retrieval platform Since its launch in 2018, Pixelate has redacted over 8,500 faces in 1,429 minutes of footage across 367 different videos. Customers who already use Ocucon’s powerful, cloud-based storage and retrieval platform also have full access to Ocucon Pixelate and can select video clips to redact from within the cloud. Recognised by top business awards for its digital technology innovation, Ocucon combines intelligent data analytics with the facility to store, analyse and retrieve unlimited amounts of HD video surveillance footage from within the Ocucon cloud-based portal. Since its launch, Ocucon has seen significant interest in both the UK and US, and is currently delivering a number of confidential pilots for major supermarkets and retail chains.
Hanwha Techwin’s position as global in video surveillance has been reaffirmed with the announcement that Wisenet7, the company’s next generation proprietary camera chipset, has achieved UL Cybersecurity Assurance Program (UL CAP) certification. With cybersecurity being a top priority for the electronic security industry, the certification enables Hanwha Techwin to validate that its latest generation of Wisenet cameras are equipped with the highest possible levels of protection from the activities of cyber criminals. UL CAP is a certification program run by UL, a company which has been a global in safety science for over 100 years. The program assesses potential cybersecurity issues and the level of risk from hackers in respect of network-connectable hardware devices and software. UL CAP certification With the support of the certification, Hanwha Techwin is able to provide peace of mind to system integrators and end-users Hanwha Techwin is among only a handful of manufacturers within the video surveillance industry that have so far achieved the UL CAP certification for their products and is the only one within Korea to have done so. With the support of the certification, Hanwha Techwin is able to provide peace of mind to system integrators and end-users seeking to comply with GDPR by ensuring confidential data cannot be accessed, copied or tampered with. Although it usually takes in the region of 8 to 10 months, Hanwha Techwin was able to complete the certification process within 3 months as the company’s in-house Security Computer Engineering Response Team (S-CERT) had already been working on addressing any potential security vulnerabilities in Wisenet hardware and software. This ensured that Wisenet7 was able to meet all of UL’s thorough evaluation criteria, such as penetration test, access control and user authentication, encryption and software updates. Wisenet7 chipset Wisenet7 chipset boasts a list of technologies which are designed to improve cybersecurity credentials The ground-breaking Wisenet7 chipset boasts an impressive list of technologies which are designed to significantly improve the cybersecurity credentials of Wisenet cameras. These include: Secure Boot Verification: This provides an extra layer of security by sandboxing different elements of a camera’s operating system, which means they are in a protected space. A full boot is completed before there is communication with any other part of the system. This prevents interruption to the boot process which could be exploited by a hacker. Secure OS: Wisenet7 uses a separate secure operating system (OS) for encryption and decryption, as well as for verifying that apps have not been modified or are not forgeries. A separate Linux based API is needed to access the Secure OS, without which there is no way to make any changes from the outside of a camera. Security features By enforcing restricted and secure access to the UART port, Wisenet7 allows the debugging process to be safely completed Anti-Hardware Clone: This functionality prevents Wisenet7 from being cloned. In addition to protecting intellectual property, this ensures that a Wisenet7 chipset with a Hanwha Techwin label is a genuine copy and removes the risk of a cloned device which may contain malicious software being used to steal sensitive data, such as passwords. Secure JTAG: JTAG ports are hardware interfaces which are used to programme, test and debug devices. Cyber criminals can gain low level control of a camera via a JTAG port and perhaps replace firmware with a malicious version. Wisenet7 prevents this from happening as it secures JTAG ports via a key-based authentication mechanism to which only authorised personnel working for Hanwha Techwin have access. Secure UART: UART ports are serial interfaces typically used for debugging cameras. They allow administrator access to a camera and are therefore a target for hackers attempting to access sensitive information, such as password keys. By enforcing restricted and secure access to the UART port, Wisenet7 allows the debugging process to be safely completed without opening the door to cyber criminals. Global provider in cybersecurity Cybersecurity is essential for network video surveillance products as it allows us to provide end-users with confidence" “Cybersecurity is essential for network video surveillance products as it allows us to provide end-users with confidence in knowing that their confidential data will be kept safe from hackers,” said Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe. “Achieving UL CAP certification for Wisenet7 underscores our commitment to equip our next generation of cameras with innovative features that set a new standard for cybersecurity.” “The certification helps us maintain our position as a global leader in a number of different ways. In Europe, Middle East and US, for example, major projects which are subject to a tender process often stipulate that UL CAP certification is required. In the private sector, it is not unknown for sensitive facilities such as laboratories and banks to insist that a supplier should have the certification.” “As such, Wisenet7’s CAP certification enables us to more actively promote our cybersecurity features as one of Hanwha Techwin’s strengths.”
Fingerprint Cards AB (Fingerprints™) and Sentry Enterprises, a US-based manufacturer of converged biometric identification solutions, have entered into a global licence agreement for Fingerprints’ software platform for access, FPC-BEP, as well as a volume agreement for the FPC T-Shape® sensor module to incorporate into its SentryCard™ security credential. The agreement features converged biometric credentials for physical and logical access to address the increased market demand for enhanced security across every industry, including financial institutions, healthcare and pharmaceutical companies. Standalone biometric solutions The SentryCard replaces standalone biometric solutions while leveraging the existing infrastructure for physical access control, supporting multiple industry standard protocols. With enrolled fingerprint biometrics stored and then matched on the physical card, the SentryCard supports compliance with GDPR and CCPA regulations as well as broader privacy standards addressing the key concerns of security professionals. “We chose biometric technology from Fingerprints as it is the leading biometrics company with proven and cutting-edge biometric performance. Our collaboration is wide ranging from product design and integration to system design and manufacturing,” said Mark Bennett, President and CEO of Sentry Enterprises. Trusted biometric solutions More secure and seamless access and authentication methods are now in high demand “We are pleased to collaborate with Sentry Enterprises and to see our sensors and software continuing to gain new ground within the access control market, where there is an increased demand for secure, convenient and trusted biometric solutions,” said Michel Roig, SVP Business Line Payment & Access at Fingerprints. With PINs and passwords offering a poor user experience, as well as being susceptible to compromise, more secure and seamless access and authentication methods are now in high demand and on the agendas of large multinational enterprises to keep the workplace safe in a more convenient and cost-effective way, both for physical access and to login to corporate systems and applications. Personal security credentials Biometrics can not only play a role in securing the modern workplace, but can also improve convenience, saving time and giving employees greater flexibility over how, when and where they work. Remote working is a trend that has accelerated in recent times. Also, in the wake of the pandemic, many people want to avoid touching surfaces in public environments as far as possible. Personal security credentials such as SentryCard offer a hygienic and convenient way of authenticating oneself. Sentry’s first-of-its-kind converged biometric credential launched in August and Sentry Enterprises will make its SentryCard generally available in Q4 2020.
Dallmeier electronic, one of the manufacturers of video security systems, introduces the remote-controlled "Privacy Shield" for their Panomera® cameras. With a few mouse clicks, government authorities, police forces as well as private businesses can cover the lenses of the cameras with a kind of "privacy curtain" in order to protect the privacy rights of individuals concerned. The use-cases could be during peaceful public assemblies, company staff meetings or strikes. Data protection One important prerequisite for the acceptance of video surveillance in public and business environments is that the privacy of data subjects must be respected. In early 2020 for example, several German courts ruled the following: During peaceful gatherings, not only must permanently-installed video systems be switched off, but this must also be "sufficiently reliably evident" to all participants in the public assembly. Moreover, a growing number of companies must also protect the right to privacy of their employees, not least in response to the requirements of the EU GDPR or other national data protection laws. Substantial logistical effort Until now, deactivating surveillance cameras visibly has caused a substantial logistical effort Until now, deactivating surveillance cameras visibly has caused a substantial logistical effort: The police or security personnel must disguise each camera individually, at great expense with the aid of elevating platforms. Returning the installations to their original condition is equally time-consuming. Given the several hundred assemblies per year held in larger cities, shift changes or strikes in businesses, this rapidly leads to substantial costs for additional manpower and the requisite equipment such as elevating platforms. Furthermore, the police and security personnel are unable to activate the cameras again at short notice if indications of possible dangers become evident. Camera technology The German video security manufacturer Dallmeier has developed a system called "Privacy Shield" to tackle these issues: Users can remotely control a kind of "blind" – that is made of a special non-transparent material – directly via the GUI in the control centre, and within a few seconds cover the lenses of the Dallmeier Panomera® systems. The Privacy Shield has a highly visible colour and bears the printed image of a crossed-out camera The Privacy Shield has a highly visible colour and bears the printed image of a crossed-out camera, showing clearly for any person: there is no video observation or video surveillance. This solution could also be used in business environments if area or car park surveillance is to be deactivated at certain times, for example, such as during shift changes, company meetings or strikes. The system is not only available in the latest Panomera® generation; existing systems can also be upgraded easily. Full information on this subject is available from the manufacturer. Efficient and sustainable "As a German manufacturer, we have mastered the topic of data protection and data security through years of cooperation with authorities. This is why it was important to us to make a system available for government authorities, and private businesses as well, which addresses these many requirements in a single solution," says Dieter Dallmeier, Founder & CEO at Dallmeier electronic. "This includes the need for comprehensive protection of the privacy of citizens, or employees, to be able to comply with the legal provisions and to be able to comply with the requirement to deactivate and activate surveillance at reasonable expense. With our Dallmeier Privacy Shield, we demonstrate once again that innovation "Made in Germany" is not just an empty phrase, but offers clearly identifiable added value for all parties involved. The fact that the system can also be retrofitted, underscores our efforts to ensure sustainability."
Provider of Gartner recognised Integrated Risk Management (IRM) solutions and cybersecurity services, SureCloud, teams up with Australian information security, governance, risk and compliance specialist FirmGuard to deliver a suite of pioneering tech-based services. The strategic partnership combines SureCloud’s award-winning technology and methodologies with FirmGuard’s expertise in compliance readiness and advisory solutions across global and regional security standards and regulatory frameworks such as GDPR, APRA CPS234/CPG235 and ISO 27001. FirmGuard powered by SureCloud Using the SureCloud platform and the Secure Controls Framework™ (SCF), FirmGuard will deliver faster and more comprehensive readiness and mobilise engagements across multiple standards and control domains. The SureCloud platform offers enhanced end-user experiences, real-time reporting, digestible dashboards and other automation. These capabilities enable organisations to act on readiness findings and remediate them prior to compliance or certification and manage ongoing compliance obligations post-audit. Cyber and risk services This on-demand and subscription-based service will revolutionise the way clients consume cyber and risk services The partnership will also enable FirmGuard to provide a range of innovative cybersecurity services including an “as-a-service” proposition that gives its users access to SureCloud’s Cybersecurity-as-a-Service and PTaaS (Pen Testing as a Service) offering. This unique, on-demand and subscription-based service will revolutionise the way clients consume cyber and risk services with a focus on strategic outcomes with fixed cost and on-demand support. Governance and compliance frameworks Ben Jepson, VP Cyber Services, SureCloud said, “We are delighted to be partnering with FirmGuard to bring our unique-tech enabled services underpinned by our GRC platform into the ANZ & APAC markets. These markets present an exciting opportunity for us and the combination of SureCloud technology and FirmGuard’s experience and knowledge in the local cyber, risk and compliance market creates an ideal partnership. Our proposition which has supported a variety of organisations across EMEA and North America since 2006, will bring a unique user experience to clients making it easier to manage multiple governance and compliance frameworks, and providing a flexible subscription model to consume our accredited services.” National and international regulatory reforms Dan Ussher, Founder & CEO at FirmGuard said, “Organisations need to adapt to new regulatory frameworks while dealing simultaneously with a vast range of other national and international regulatory reforms. Compliance and InfoSec are complicated and often misunderstood. The partnership with SureCloud delivers enhanced capability to optimise existing services to deliver and manage multiple governance and compliance frameworks, fast." "Our on-demand advisory services are complimented with SureCloud’s proven processes and client base. We are excited to be powered by SureCloud and we see a bright future for two organisations with shared capability, technology and values to come together.”
Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organisations’ premises to conduct essential re-certification audits during the current coronavirus pandemic. Worldwide, hundreds of thousands of certifications are at risk of lapsing as lockdown conditions look set to continue for the foreseeable future. Current UKAS guidelines - unchanged since August 2016 - state that: If [a] recertification assessment cannot be undertaken within six months of the anniversary of the certificate being issued], the certificate should be suspended, and a new initial assessment will be required. Business compliance requirements An average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities" To restore their certifications, affected organisations may incur financial costs easily three times higher than they were expecting to pay for their annual audits - plus considerably higher levels of time and resources - as well as having to remove any reference to their certifications from their websites and other collateral in the meantime. The issue has been raised by InfoSaaS, a provider of industry-renowned software solutions that help customers achieve information security, data protection and business compliance requirements, up to and including ISO management system certification level. ISO management system Peter Rossi, Co-Founder of InfoSaaS, said: “Across just three [ISO9001, ISO27001 and ISO45001] of the five ISO management system standards that we help organisations to achieve, an average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities - never mind all other ISO standards, and notwithstanding any backlog of audits, whenever they can resume at scale.” The International Organisation for Standardisation (ISO) doesn’t publish figures for the number of certifications granted across every standard. However, there are more than 1.3 million certifications worldwide across 12 standards for which it has most recently published numbers, in the form of the ISO Survey 2018 (including ISO9001, ISO14001, ISO20000, ISO22000, ISO22301, ISO27001, ISO28000, ISO45001, ISO50001, ISO 13485, ISO37001 and ISO 39001). Health and safety management Some organisations may decide not to be re-audited and simply to let their ISO certifications lapse" Worldwide there are over 870,000 certifications for ISO9001 alone, indicating that - six months on from the start of lockdowns - over 70,000 per month may be at risk of lapsing should surveillance audits remain halted. “The uncomfortable truth is that, under current circumstances, some organisations may decide not to be re-audited and simply to let their ISO certifications lapse. Any such de-prioritisation may, in turn, lead to an unwanted decline in standards for the likes of information security, environmental management, health and safety and quality management. This is not a good outcome for anyone,” explained Rossi. Remote surveillance audits Remote audits are impossible when organisations rely on outdated approaches tools such as multiple spreadsheets, which require in-person explanation, justification and cross-reference. Accordingly, InfoSaaS wants to see Certification Bodies conducting remote surveillance audits where the candidate organisation is using an integrated, platform-based solution such as InfoSaaS’s own Compliance Framework platform, which make it easy for auditors to conduct the necessary surveillance and auditing activities. Enhanced security control ISO certifications to various standards have become increasingly important to organisations “Frankly, it’s unnecessary and inefficient for any organisation still to be using the likes of spreadsheets for this purpose. It would make achieving business compliance objectives via a modern platform even more attractive if organisations could be confident that remote audits were not only possible but preferred,” Rossi added. InfoSaaS’s platform helps organisations achieve and retain several ISO certifications: ISO27001 (information security management), ISO27017 and ISO27018 (enhanced security control sets for cloud services), ISO9001 (quality management) and ISO45001 (health and safety risks) - as well as data protection workflows in support of GDPR. Management system certificates ISO certifications to various standards have become increasingly important to organisations operating in increasingly competitive markets around the world: having valid ISO management system certificates clearly communicates relevant or important competencies to potential customers. In particular, demonstrating certification against industry standards and evidencing a mature approach to the protection of sensitive information and personal data have become baseline requirements in many markets and for some customers.
At ISC West this year, emerging technologies will be on display to help organisations manage their environments, from the building itself to who’s on the premises and what’s going on at any given moment. Top of mind this year is cybersecurity, compliance and management of security assets as threats rise and governing bodies put regulations in place that businesses need to react to. The good news is that the shift in approach to holistic monitoring of cyber and physical assets can move enterprises to a place of digital transformation and proactive management rather than reactive practices based on threats and changing regulations. The show provides an opportunity for both vendors and potential customers to learn from each other about what’s out there and what’s needed in terms of future solutions as the industry evolves. Are you in cyber and physical security compliance? At this year’s show, we’ll continue to see developments focused on integration of cyber physical security that will lead to deeper understanding of the relationship between devices, device monitoring and spaces in which all devices physically reside. Digital solutions help achieve a digital transformation which stitches the data relationships together to provide better threat vector impact and overall understanding of risk. The technologies in smart buildings are subject to cyberattacks, which pose not just a threat to data and privacy but can compromise the physical space as well. Think of the locked door in a smart building that now is opened with access control via key cards or mobile devices given only to certain members of staff. These integrations increase safety and restrict access across the enterprise, but a bad actor can access and duplicate the necessary data to open the door with a copycat device while hiding the event from the surveillance system. By having a comprehensive cyber whitelist of installed devices, potential rouge devices are prevented from transmitting on the network, therefore providing an automated guard against internal and external attacks. When systems are compromised due to a hack or physical intervention, it puts what’s behind the door at risk, whether it’s money in a bank or information in a sensitive work environment, such as a laboratory. Digital solutions help achieve a digital transformation which stitches the data relationships together It’s increasingly important to highlight the relationship between cyber and physical security. A great illustration of this is the digital twin. A digital twin is a replica of a physical space that uses both informational and operational technology to give real-time information about what’s going on in a space. These can include things like floor plans for the building as well as real-time sensor data from the building management system, HVAC systems, lighting, fire, security, and more. By getting a complete picture of the physical and digital assets of an organisation, it becomes possible to monitor all systems from one central location to see how they’re working together and act on the insights they provide. So, in the example of a breach from before, it’s possible to flag that hack, isolate its exact location and devices involved, and resolve it quickly while maintaining preservation of evidence. Compliance: how to get there safely, efficiently and effectively As these threats evolve, governing bodies are taking action to ensure that data is protected to minimise these kinds of threats and ensure that organisations feel confident in the security of their data. Norms and compliance measures are emerging quickly, such as General Data Protection Regulation (GDPR) which began to be enforced in March 2018, and the California Cybersecurity Law, which went into effect in the US just this past January. The regulations of what can be done with data mean that companies need to react or face penalties such as fines, which can be as high as 4% of worldwide annual revenue of the previous year. These are also fluid and can change rapidly, meaning flexibility is important in compliance solutions. However, this presents an opportunity for companies to invest in innovation to ensure they’re prepared for those changes and to protect the safety of not just employees, customers and target markets, but of the larger organisation. Getting to a place of compliance can seem costly and time consuming at the beginning Getting to a place of compliance can seem costly and time consuming at the beginning, especially for larger organisations. They may have thousands of security assets (cameras and sensors, for example) and might not even be fully aware of what they have, where they are, and whether those assets are functional, never mind compliant with data protection legislation. The right solution takes all the steps to becoming safe and compliant into account, beginning with inventory and mapping of all assets to get a complete picture of where things stand and where changes need to be made. One large financial institution, upon embarking on this journey, identified an additional 10% of assets that they didn’t know they had, and additional ones that were nonfunctioning and needed to be repaired or replaced for compliance and safety. Monitoring: centralised and remote for rapid response Once assets and data are centralised and a complete inventory is taken, it’s much easier to effectively monitor the complete enterprise. At this year’s show, smart technologies will be on display that reduce cybersecurity risks and monitor assets for compliance. If something changes, that can be flagged, and appropriate parties can be quickly notified to act and neutralise security threats or avoid the expensive penalties that come with noncompliance. Since all these components are centralised in one location, it becomes possible to monitor much more effectively and fix issues remotely in minutes rather than scheduling a trip to a location that may not happen for days or even weeks. A security camera for a large chain enterprise such as a retail store or bank in a small-town location deserves service just as quickly as one in a major city, since the threat that each non-functional device poses is the same to who and what it is there to protect. Keeping it up: a proactive approach to service and maintenance One of the ways that emerging technologies can be a game changer is when it comes to the cost and approach One of the ways that emerging technologies can be a game changer is when it comes to the cost and approach to systems maintenance and operation. In addition to performance and compliance, other types of data, such as historical events, can also be monitored centrally. This gives context to security events and can move organisations from a reactive to a proactive approach to their security as well as operations. If small problems are identified and resolved before they become larger problems, it means that security events can be mitigated more quickly or prevented entirely due to early intervention. On the operations side, early insights into asset performance means that fewer resources are expended on noncompliance fees and large-scale, emergency repairs. These resources can take the form of money, but also of time spent by employees and enforcement agencies to ensure continued compliance. Staff can spend time engaged in active monitoring rather than generating reports, since that can now be automated. In the new decade, it’s time to use the technological resources available to better protect systems for smarter, safer and more sustainable environments. On every level, compliance is important not just for its own sake, but so are the other benefits associated with intelligent management. The show presents an educational opportunity for vendors and customers alike. Walking around the show floor and talking to everyone is a unique way to see what’s out there and evaluate what is and isn’t working for a business while getting information from all the industry experts. Even if they’re not ready for a complete overhaul, taking stock of what’s available, where things are heading and how their operations and mission can be better served by implementing one or more of the solutions showcased is more important than ever. On our end, those conversations about needs and concerns are invaluable in driving innovation.
Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation. Customers have never had as much control over purchasing decisions as they do today, with the ability to make transactions at the touch of a button for goods and services from the comfort of their own homes or on the move. However, the customer data lying at the heart of this frictionless shopping experience presents an ever more attractive commodity to cyber criminals. Attacks are growing in number and this presents a major problem for both retailers and customers. Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. With GDPR related fines from the ICO now as much as €20m or 4% of an organisation’s global annual turnover, whichever is higher, the resulting combination of the cost of the breach itself, reputational erosion and any crippling fines can be devastating. It is therefore essential that retailers are aware of the steps and procedures they should be following to ensure full data compliance and to guarantee the integrity of their IT infrastructure. Ensuring full GDPR compliance It’s vital to ensure that everyone understands the security implications and knows how to respond effectively in the event of a breach. Internally, all teams and departments should have the confidence to raise the alert if a breach is suspected. Externally, companies should look to encourage conversations across the entire supply chain to ensure requirements are effectively met and security risks are adequately addressed. It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems. Effective cybersecurity lifecycle management of IoT devices, such as network video surveillance cameras, is an example of a measure which should be put in place to help prevent such devices from being compromised, mitigating risk and ultimately maintaining customer trust. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. Evolving physical systems For protection of the physical retail environment, the move away from legacy security solutions such as traditional CCTV, which typically sat outside of a company’s IT operation, to the modern cloud-enabled security technologies we see today, allows retailers to unlock a wealth of business benefits previously impossible with analogue technologies. Today’s systems provide far greater accuracy of detection, vastly improved image quality, even in low light, and an array of business intelligence options to aid operations, such as people counting, queue monitoring and stock control. Protecting the physical security of the retail environment The ability to create live security alerts as well as forensic evidence for later analysis allows security teams to be proactive rather than reactive. In addition, the growing use of edge capabilities to process data within the cameras themselves negates the additional time and potential lag associated with continually passing surveillance information back and forward to servers, streamlining and therefore vastly improving operations. System vulnerabilities equals vulnerable data For network cameras being introduced onto an IT network, it’s essential to ensure that they do not become compromised and used as a backdoor to gain entrance to a business’s innermost workings and most valuable commodity; its data. The importance of guarding against system vulnerabilities cannot be ignored and it is therefore vital to ensure that all installed technologies are Secure by Default; built from the ground up with cybersecurity considerations at the forefront, to strengthen system security. In addition, software updates and firmware upgrades will keep the devices protected in line with the evolving threat landscape. The importance of guarding against system vulnerabilities cannot be ignored Forging and maintaining relationships with stakeholders is key to establishing a healthy supply chain built on mutual trust and respect. Only by following such an approach can the integrity of systems be fully guaranteed, with trusted vendors and installers working together to ensure that ethical practices are followed, and cybersecurity principles are adhered to. Due diligence should be carried out to make sure that all stakeholders involved in the manufacture, supply and installation of security software and systems understand the importance of keeping security best practice at the forefront of everything they do. Addressing the ongoing challenge Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies. By following procedures around the cybersecurity of IoT devices, and realising the importance of implementing high quality products and services through relationships with trusted vendors and partners, retailers will benefit from connected physical security systems that deliver on the promise of better protection of the business and customer, to effectively mitigate the mounting cyber security threat.
There’s a lot of hype around the term ‘digital transformation.’ For some, it’s the integration of digital technology into everyday tasks. For others, it’s the incorporation of innovative processes aimed at making business optimisation easier. In most cases, digital transformation will fundamentally change how an organisation operates and delivers value to its customers. And within the security realm, the age of digital transformation is most certainly upon us. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality. No longer are the cloud, Internet of Things (IoT) and smart cities foreign and distant concepts full of intrigue and promise. Enhancing business operations We’re increasingly seeing devices become smarter and better able to communicate with each other These elements are increasingly incorporated into security solutions with each passing day, allowing enterprises the chance to experience countless benefits when it comes to enhancing both safety and business operations. The term ‘connected world’ is a derivative of the digital transformation, signifying the increasing reliance that we have on connectivity, smart devices and data-driven decision-making. As we become more familiar with the advantages, flaws, expectations and best practices surrounding the connected world, we can predict what issues may arise and where the market is heading. We’re increasingly seeing devices become smarter and better able to communicate with each other through the IoT to achieve both simple goals and arduous tasks. Within our homes, we’re able to control a myriad of devices with commands (‘Hey Google...’ or ‘Alexa...’), as well as recall data directly from our mobile devices, such as receiving alerts when someone rings our doorbell, there’s movement in our front yard or when a door has been unlocked. Analytics-driven solutions The focus is now shifting to the business impacts of connectivity between physical devices and infrastructures, and digital computing and analytics-driven solutions. Within physical security, connected devices can encompass a variety of sensors gathering massive amounts of data in a given timeframe: video surveillance cameras, access control readers, fire and intrusion alarms, perimeter detection and more.As the data from each of these sensors is collected and analysed through a central platform, the idea of a connected world comes to fruition, bringing situational awareness to a new level and fostering a sense of proactivity to identifying emerging threats. The connected world, however, is not without its challenges, which means that certain considerations must be made in an effort to protect data, enhance structured networking and apply protective protocols to developing technology. Physical security systems We can expect to see the conversations regarding data privacy and security increase as well As the use of connected devices and big data continue to grow, we can expect to see the conversations regarding data privacy and security increase as well. Connectivity between devices can open up the risk of cyber vulnerabilities, but designing safeguards as technology advances will lessen these risks. The key goal is to ensure that the data organisations are using for enhancement and improvements is comprehensively protected from unauthorised access. Manufacturers and integrators must be mindful of their products' capabilities and make it easy for end users to adhere to data sharing and privacy regulations. These regulations, which greatly affect physical security systems and the way they're managed, are being implemented worldwide, such as the European Union's General Data Protection Regulation (GDPR). In the United States, California, Vermont and South Carolina have followed suit, and it can be expected that more countries and U.S. states develop similar guidelines in the future. Technology is already a part of our day-to-day lives, with smart devices in our homes and the ability to perform tasks at our fingertips now a reality Automatic security updates Mitigating the concerns of the ‘connected world’ extends beyond just data privacy. IoT technology is accelerating at such a pace that it can potentially create detrimental problems for which many organisations may be ill-prepared - or may not even be able to comprehend. The opportunities presented by an influx of data and the IoT, and applying these technologies to markets such as smart cities, can solve security and operational problems, but this requires staying proactive when it comes to threats and practicing the proper protection protocols. As manufacturers develop devices that will be connected on the network, integrating standard, built-in protections becomes paramount. This can take the form of continuous vulnerability testing and regular, automatic security updates. Protocols are now being developed that are designed to ensure everything is encrypted, all communications are monitored and multiple types of attacks are considered for defensive purposes to provide the best security possible. IoT-connected devices Hackers wishing to do harm will stop at nothing to break into IoT-connected devices Built-in protection mechanisms send these kinds of systems into protection mode once they are attacked by an outside source. Another way for manufacturers to deliver solutions that are protected from outside threats is through constant and consistent testing of the devices long after they are introduced to the market. Hackers wishing to do harm will stop at nothing to break into IoT-connected devices, taking every avenue to discover vulnerabilities. But a manufacturer that spends valuable resources to continue testing and retesting products will be able to identify any issues and correct them through regular software updates and fixes. ‘IoT’ has become a common term in our vocabularies and since it’s more widely understood at this point and time, it's exciting to think about the possibilities of this revolutionary concept. Providing critical insights The number of active IoT devices is expected to grow to 22 billion by 2025 — a number that is almost incomprehensible. The rise of 5G networks, artificial intelligence (AI) and self-driving cars can be seen on the horizon of the IoT. As more of these devices are developed and security protocols are developed at a similar pace, connected devices stand to benefit a variety of industries, such as smart cities. Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches Smart cities rely on data communicated via the IoT to enhance processes and create streamlined approaches to ensuring a city is well-run and safe. For example, think of cameras situated at a busy intersection. Cameras at these locations have a variety of uses, such as investigative purposes in the event of an accident or for issuing red-light tickets to motorists. But there are so many other possible purposes for this connected device, including providing critical insights about intersection usage and traffic congestion. These insights can then be used to adjust stoplights during busy travel times or give cities valuable data that can drive infrastructure improvements. Physical security market The impact of connected devices on cities doesn’t stop at traffic improvement. The possibilities are endless; by leveraging rich, real-time information, cities can improve efficiencies across services such as transportation, water management and healthcare. However, stringent protections are needed to harden security around the networks transmitting this kind of information in an effort to mitigate the dangers of hacking and allow this technology to continuously be improved. Whether you believe we’re in the midst of a digital transformation or have already completed it, one thing is certain: businesses must begin thinking in these connectivity-driven terms sooner rather than later so they aren’t left behind. Leveraging smart, connected devices can catapult organisations into a new level of situational awareness, but adopting protections and remaining vigilant continues to be a stalwart of technological innovation within the physical security market and into the connected world.
Securing New Ground, the security industry’s annual executive conference this week in New York, offered food for thought about current and future trends in the security marketplace. Highlights from SNG 2019 included keynote remarks from security leaders at SAP, Johnson Controls and the Consumer Technology Association, discussions on how CSOs mitigate security risks, topic-focused thought leadership roundtables and a lively networking reception. Top trends observed at the event include cybersecurity, data privacy, facial recognition and artificial intelligence. A "View from the Top" session covered the need for companies to consider responsible use and ethics around technology; responsibility should extend throughout the organisation. A panel of security leaders emphasised the need to understand the diversity of risks that end users face. As the Internet of Things (IoT) expands connectivity, the inputs, outputs and "attack surface" also expand. It's critical to have security "baked" into products themselves, and also to undertand the mission of the organisation being protected, the context and correlation. Technologies transforming security market Keynote speaker Gary Shapiro, President and CEO of the Consumer Technology Association, listed the many technologies that will impact the consumer electronics market – and the security market – in the near future: artificial intelligence (AI), voice recognition, the transition to 5G and self-driving cars.As the Internet of Things expands connectivity, the inputs, outputs and "attack surface" also expand “What we're seeing today is a huge turning point in where the world is going,” said Shapiro, whose organisation presents the giant CES trade show each year in Las Vegas. “It’s not just about jobs and technology, but who we are and how we address fundamental human rights.” Privacy is a component of human rights, but “in the world of AI, there is a tradeoff between innovation and privacy”. Balance between security standards Shapiro sees Europe as representing one extreme of privacy, epitomised by General Data Protection Regulation (GDPR), which he sees as stifling innovation. Meanwhile, China is pushing innovation using massive amounts of data with no regard to privacy. The United States, therefore, should look for a balance that acknowledges the inevitability of innovation while respecting privacy and realising it is “always situational.”With new technologies, biometric ID and cybersecurity issues, your business is in a strong and growing place" Too much concern for privacy comes at a cost, Shapiro said. “Privacy zealots are killing facial recognition, step by step by step,” he said. “Regulators should not throw away the baby with the bathwater. Every technology in history has been used to cause evil and to do good. Throughout history any new technology could have been banned and made illegal.” Shapiro offered encouraging words to the security marketplace, even in the wake of large tech firms such as Amazon entering the market. “With new technologies, biometric ID and cybersecurity issues, your business is in a strong and growing place,” he said. “There is opportunity. There will be increasing new things people want, and always new threats. People will want what you're providing, which is physical and technology security in their facility.” Scott Schafer, Chairman of the Board of the Security Industry Association (R), interviewed Steve Jones, CEO, Allied Universal, on stage about the importance of merging technology with security officers Allied Universal CEO Steve Jones discussed holistic approach Steve Jones, CEO, Allied Universal, was interviewed on stage about the importance of merging technology with security officers for a holistic approach to securing a facility. “Today, customers are asking us to look at their facility holistically and asking: What is my best approach?” said Jones. A holistic approach includes protecting people, the facility, intellectual property (IP), and how to handle visitors. Manguarding perspective on security Allied Universal looks at security from a manguarding perspective and also from a technology perspective, based on their daily experience managing security for 40,000 customer sites across the United States and Canada.Allied Universal has a new handheld technology platform that uses AI “We are in a unique position in the channel,” said Jones. “We know the stats at any customer site. We know the last time there were repairs on cameras, which card reader is malfunctioning, how long the systems company takes to respond to a call. We are at these locations 24/7 and have an intimate relationship with customer. We are a significant influencer in the decision-making process. We have an opportunity to have a voice, and to build a business around it.” Predictive security “We are looking for technology that will enhance the security of the customer,” said Jones, including situational awareness and analysis of data to predict patterns. Allied Universal has a new handheld technology platform that uses artificial intelligence (AI) to analyse data, predict outcomes, and prescribe optimum responses. Workforce development – hiring and training new employees – is a big issue for Allied Universal, which last year interviewed more than a million applicants to find around 100,000 employees. They are targeting every demographic, and last year hired 33,000 veterans. The company is using technology to help with the massive recruiting effort, including AI to analyse applicant qualifications and a computer-generated avatar to conduct the first online interview. Future security challenges Jones sees the rapid increase in the homeless population in the United States as one of the biggest security challenges of coming years. The rapid increase in the US homeless population is one of the biggest security challengesMany businesses face the prospect of homeless individuals living in front of their buildings, possibly using drugs or approaching customers. “It has become a real threat,” he said. “When they are living in front of your buildings, in many cases, there are ordinances that allow them to be there so the police will not get involved. It falls on the facility owner and private security to address the problem. Given the large homeless population we have now during good economic times, I don’t know what it will look like in an economic downturn.” Human side of security An SNG session on the human side of security observed that people are the biggest source of vulnerability. Companies should foster a "safety climate" in which security is integral to operations and viewed as something that helps employees rather than create hassles. Human resources is now a technology field and should work together with security to achieve shared goals. At the consumer and small business level, cybersecurity must also be top-of-mind and built into a security companies' DNA. SNG attendees heard about opportunities to move beyond providing products and devices to providing experiences, by partnering with customers to protect what matters most to them. While a bit of inconvenience comes along with security, products should be built in a way that is easy to use, with security baked in. The results are systems people are comfortable engaging with every day. Securing New Ground is presented by the Security Industry Association (SIA).
Ethics is a particularly important subject in an industry such as fire and security because the result of unethical actions might make the difference in life and death. For example, if an employee acts unethically when servicing a fire extinguisher, the result could be to burn down the building. Although ethics is not a common topic of discussion in the fire and security industry, perhaps it should be. Chubb Fire and Security is a company that provides an example of how an emphasis on ethics can benefit a company, their employees, their customers and the whole world. Fire safety and security risks “The fire and security industry is different than others because lives and people’s safety are on the line,” says Harv Dulay, Director of Ethics and Compliance at Chubb Fire and Security. “Our purpose is to protect clients from fire safety and security risks. This is a business where no one should take short cuts. It is important to do the right thing all the time, every time, and it’s about protecting lives and property.” At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start" “At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start,” says Dulay. “Within the bible are core fundamental rules about what’s acceptable and not acceptable. We lay it out for employees very specifically. They understand and embrace the code of ethics, which is based on trust, integrity, respect, innovation and excellence.” “If you get those right, the business moves in the right direction. A key piece of our ethics policy is based on trust. We relate to others with openness, transparency, and empathy. It makes Chubb a better place to work and enables us to provide better service to customers.” Fire audit For Chubb, ethics is not just theoretical, but ethical concepts play out every day in practical ways. An example might be an engineer who goes to a customer’s site and is asked to do a task that is outside his or her duties and/or not allowed under the ethics policy. The pressure might be even greater if the employee is struggling to meet a sales figure. The code of ethics addresses specific situations and outlines the behaviour that is expected. In another example, a customer asked a Chubb technician to forge a certificate saying the customer had previously passed a fire audit in order to validate his previous year’s insurance. Showing ethical integrity, the technician was able to cite the company’s Code of Ethics and refuse to do it. The technician also reported the situation to his Ethics and Compliance Officer. Customers benefit, too. Delivering ethics excellence It’s a message heard from the top down, from everyone in the company" One of Chubb’s sales associates immediately reporting a situation in which all the tenders and competitors’ prices were visible as they prepared a tender for upload to a customer portal. Not only did the sales associate deliver ethics excellence by reporting the issue, he also helped a grateful customer who thereby avoided anti-trust issues, says Dulay. “Ethics is not just a current issue,” says Dulay. “It’s embedded in our values and has been since the beginning. Ethics is making sure people do the right things.” Ethics is integrated into the Chubb business model, and everyone knows what is expected of them. “It’s a message heard from the top down, from everyone in the company.” On-line training modules Ethics discussions begin for employees at Chubb when they join the company; clear instructions about ethics are included as part of employee induction. There are nine modules of ethics training during employee orientation, and a discussion with an Ethics and Compliance Officer is part of the onboarding process. The training program includes information about ethics, company expectations around ethics, where to go for questions about ethical issues, and details of the anonymous ombudsman program. Additionally, field staff are trained by their supervisors via regular face-to-face ethics toolbox talks. Office staff complete a series of on-line ethics training modules regularly. A series of supervisor-led trainings encourage managers to deliver face-to-face ethics training to their team, citing real-life examples. Healthy discussions are encouraged to deal with any ‘gray areas.’ Worldwide implementation of data security Some 14,000 employees globally have multiple options when it comes to reporting an issue Dulay estimates that ethics and compliance officers spend about half their time answering questions and clarifying for employees what’s expected in the code of ethics. Some 14,000 employees globally have multiple options when it comes to reporting an issue, and there are full-time Ethics and Compliances Officers in every country where Chubb does business. A reflection of Chubb’s global approach to compliance is their worldwide implementation of data security requirements of Europe’s General Data Protection Regulation (GDPR); the company saw the benefits of the program for any jurisdiction. Training and education are part of Chubb’s investment in ethics. For example, a recent module on ‘respect in the workplace’ covered the need to create a company culture in which everyone feels respected. “Training and continuous communication are embedded in the organisation,” says Dulay. Managing potential conflicts proactively “We invest in the process,” says Dulay. “We have had employees who left the company and then come back. They realised the importance of ethics and rejoined us. We start with the foundation that we would rather lose business than give up our ethical standards,” says Dulay. Some business is not worth getting if you don’t adhere to your values" “We won’t abandon our policies even if there is money at stake. Some business is not worth getting if you don’t adhere to your values. We manage potential conflicts proactively by creating and instituting methods in which employees have access to tools they can use to be successful and adaptable in times of change,” says Dulay. “Also, we will not tolerate retaliation against any employee who reports wrongdoing – regardless of the outcome of the investigation.” Forming good ethics behaviour And while there is no specific monetary value assigned to good ethical practices, success can be measured. “We measure it by people’s conduct, the number of cases we have, and awareness,” says Dulay. “It’s good for employee morale, and it’s good for customers and our business. It’s not measurable, but it is fundamental for business and customers.” “The work we do as a company can impact people’s lives so it is important that everyone has an understanding of the importance of their role,” says Dulay. A common misconception about ethics is: “If no one is watching, it must be ok.” However, Dulay says it is the things employees do when no one is watching or checking in on them that form good ethics behaviour. During training, Chubb emphasises that ethics is about doing the right thing, all the time even if no one is watching.
As police use of live facial recognition (LFR) is called into question in the United Kingdom, the concerns can overshadow another use of facial recognition by police officers. Facial recognition is incorporated into day-to-day police operations to identify an individual standing in front of them. This more common usage should not be called into question, says Simon Hall, CEO of Coeus Software, which developed PoliceBox, a software that enables police officers to complete the majority of their daily tasks from an app operating on a smart phone. Time-consuming process “Verifying the identity of an individual standing in front of you via facial recognition should be no more controversial than taking a fingerprint for the same purpose,” says Hall. “We are not talking about mass surveillance here, but the opportunity to use technology to make an officer’s day more efficient. Verifying a person’s ID is a time-consuming process if you have to take them to the station, so being able to do this more quickly should be welcomed as a positive step to modernise policing.” Because the use of facial recognition by police has proven to be a divisive topic, Simon is eager to highlight the distinction between the use of facial recognition for ID verification and the more controversial mass surveillance that some police forces have trialed. “There are two different use cases for facial recognition in the context of law enforcement,” says Hall. Number-plate recognition “Firstly, there is facial recognition to verify a person’s identity (typically done face-to-face with the individual concerned and using the Police National Computer [PNC] database). This is no more controversial than taking an individual’s fingerprint to verify their ID but can be conducted more quickly if the officer has the capability on their smart phone. The second common use of facial recognition is to identify suspects quickly via mass surveillance. This is more controversial.” The focus for PoliceBox is ID verification only, he adds. The focus of facial recognition for PoliceBox is ID verification only First, there is the matter of consent. In the context of facial recognition in public situations, it is very difficult to inform everyone that they are being observed, so they cannot give their informed consent, says Hall. Then there is the inability for people to ‘opt out’ of the process. Unlike with driving a car, where one can technically opt-out of the rules of the road (and avoid technologies like number-plate recognition) by choosing not to drive, there is no such option for facial recognition. National surveillance system Secondly, many-to-many matching (matching lots of images to lots of database records) is more likely to produce false matches, resulting in possible perceived harassment of individuals who happen to match a person of interest, notes Hall. The government is openly exploring plans to develop a national surveillance system using facial recognition Lastly, Hall says there are legitimate concerns that the technology could be misused for discrimination or exerting control over populations. In China, for example, where facial recognition technology is already widely used in the commercial sector, the government is openly exploring plans to develop a national surveillance system using facial recognition. “Mass surveillance can be used in two ways; real-time, whereby ‘people of interest’ are flagged up as soon as a match is detected, and historical, where the movements of individuals around the time of a reported crime are established after the event,” says Hall. Repeated false matches “These two modes probably require different types of safeguards. For example, it may be appropriate to obtain a warrant to search historical data, to prevent Cambridge-Analytica style mining of personal data. For real time data, safeguards against repeated false matches are needed to prevent harassment of falsely matched individuals.” Properly implemented, facial recognition can be consistent with the GDPR. The principles are no different from obtaining a fingerprint to confirm identity, where consent would normally be given. For PoliceBox, using fingerprint or facial identification is typically a time-saving solution, benefitting both parties, instead of going to the police station and establishing identity there. Signed consent can be obtained on the spot using a secure on-screen signature. The PoliceBox solution is based on the UK legal framework and would also be appropriate for countries whose laws are similar to the UK Facial recognition algorithms Fingerprints and facial images can be automatically deleted once used to establish identity. There are special provisions for the collection of personal data for law enforcement purposes without consent, and some test cases for mass surveillance could go through the Information Commissioner’s Office (ICO). This is particularly significant where private operators are concerned. The PoliceBox solution is based on the UK legal framework and would also be appropriate for countries whose laws are similar to the UK. It is also internationalised and can be used in different languages. Facial recognition algorithms and databases are typically implemented by the relevant law enforcement body (such as the Home Office) and not directly within the product, which acts as a front-end to those systems. Hall sees several remaining challenges related to police use of facial recognition: The adoption of cloud-based software-as-a-service (SaaS) solutions within the public sector. The existing infrastructure in the public sector has evolved over a number of years and there are significant legacy systems in place that need to be refreshed/replaced; Need for proven technology. Public sector organisations are risk-averse and often insist on being able to reference existing installations, which creates a Catch 22 problem when introducing new technology as someone has to be first; Interrupting business-as-usual. Most organisations already have some form of an existing solution. Even if this system provides poor ROI and is extremely dated, one must still overcome ‘the better the devil you know’ policy; A reluctance by some suppliers to share information with other solutions via APIs. This has stifled innovation for some time. Improving officers’ wellbeing These challenges are slowly being overcome. “I am confident we will soon see an accelerated adoption of platforms such as ours to deliver the financial and efficiency savings that are needed to bring the public sector into the 21st century,” says Hall. One of the biggest themes to come out of the recent Home Office Review into frontline policing was the need to improve officers’ wellbeing. Law enforcement has to deal with some of the most difficult and harrowing situations on an almost daily basis. The administrative burden can also be problematic, says Hall. “If we can help to reduce the administrative burden placed on officers – even by a little bit – the overall improvements in effectiveness and well-being when magnified across a whole force will be significant.”
Václav Havel Airport Prague (PRG), with its prime location in the Centre of Europe, is the largest and most important international airport in the Czech Republic. Prague Airport handled 17.8 million passengers in 2019 and received the Airport Service Quality Award 2019 awarded by ACI1 for the second time in a row. At Prague Airport, there are different types of areas restricted to authorised personnel. These are governed by an access control system fitted with approximately 1,000 readers and over 1,500 secured points (doors, locks, etc.). Mifare Desfire cards are predominantly in use for the time being. Among these, Security Restricted Areas (SRAs) are the highest security areas, with 60 access points of high importance. Contactless biometric technology Due to the critical nature of those areas, Prague Airport needed a very high level of security, and decided to implement a biometric solution, as the card itself (including with the use of a PIN code), would not be deemed as secure enough. The biometric system had to be able to cope with over 20,000 individuals, with the capability to increase to up to 30,000 users in the future. Prague Airport decided to keep the existing access cards but to add a biometric verification level for the SRAs. This means that the biometric solution would have to be used in combination with the existing cards through a two-step process. In order to avoid any physical contact with the devices, for user convenience as well as for hygienic considerations, it was decided to deploy a contactless biometric technology. Access control system The readers were installed at existing control points and are fully integrated into the airport access control system Prague Airport tested two technologies capable of connecting to its access control system, among which IDEMIA’s MorphoWave Compact contactless fingerprint terminal. After a thorough testing period, the choice was to go for IDEMIA’s technology for a number of reasons including: great user experience with an easy and quick hand gesture, as well as a strict GDPR compliance with users’ biometric information stored only in their cards. Prague Airport deployed more than 60 MorphoWave Compact in its SRAs. The readers were installed at existing control points and are fully integrated into the airport access control system. More than 20,000 users now have their biometric data in their access cards and the system is fully operational. Embedded card reader IDEMIA’s seamless biometric technology helps address health and safety issues. Employees appreciate the user experience provided by the solution deployed: it is easy to tap the access card onto the embedded card reader situated at the top of the reader and then to just wave the hand in a quick simple movement to get 4 fingerprint verified in less than 1 second, without the need to touch any part of the device. Airports is a key vertical among the many different ones served by IDEMIA. The biometric devices are used by 35+ of them throughout the world for staff access control, as here in Prague. The company’s biometric solutions are also used for border control and passenger flow facilitation, in more than 30 different airports.
Global professional services provider Equiom has 14+ offices across the globe with more than 600 employees. In 2014, Equiom employed just 200 people across two offices in two jurisdictions and had ambitious plans to grow into a global business. But while the business had plans to scale, its infrastructure was that of a small business and not able to support its ambitions. As such, the company undertook a review of its entire IT infrastructure, including the network, software, and servers, with a key focus on cybersecurity, to develop systems that could support the business’ growth strategy. External vulnerability testing Furthermore, Equiom believed its security had to be robust enough to provide peace of mind to regulators, investors, and shareholders. To address this challenge Equiom wanted to work with a specialist cybersecurity partner that could both help identify any weaknesses and vulnerabilities within the infrastructure and provide recommendations and training for improving its security posture. Equiom selected SureCloud to provide services globally including cybersecurity penetration testing services Following a competitive process Equiom selected SureCloud to provide services globally including cybersecurity penetration testing services, internal and external vulnerability testing and management, social engineering including simulated phishing exercises and simulated ransomware attacks and physical social engineering. All services were delivered as part of our Pentest-as-a-Service, which provides a centralised platform for managing of all elements of the projects, including Equiom’s vulnerability remediation programme. Cloud-based platform Stephen Roberts, Global Chief Information Officer for Equiom Group, commented: “SureCloud was the obvious choice as the team is extremely knowledgeable, and the company had invested heavily in its cloud-based platform to create a technical solution that is far more developed than anything else in the marketplace.” “We felt working with SureCloud would enable us to provide a single snapshot of our security posture at any given time. Ultimately, the platform offered us the ability to simplify the overall management process, which was a key differentiator for us. SureCloud takes what is, in reality, a highly complex set of requirements and makes it as simple as possible.” Accurately monitor progress “Through centralisation of all reports and data, including output from penetration tests, vulnerability scans and social engineering exercises, we have complete visibility over our infrastructure and can develop remediation action plans and accurately monitor progress in real time,” said Roberts. SureCloud provides peace of mind to our stakeholders and customers" “As we continue to grow, SureCloud provides peace of mind to our stakeholders and customers. When we compare new acquisitions to those parts of our business that have gone through the SureCloud process, we can see a very clear difference in the respective postures. This is a testament to SureCloud’s success in keeping our security posture in excellent health,” commented Roberts. Overall security posture “We have also worked with SureCloud to address additional challenges in the business. We are currently using its GDPR application, which feeds data back into the platform enabling us to assess our compliance status against our overall security posture. Now we have complete oversight of our infrastructure,” said Roberts. “The fact that SureCloud is easy to use and highly scalable means that as we work to triple the size of the business over the next four years, we can do so while confidently relying on the platform to ensure that security is not compromised during that process. Through SureCloud we have raised our security posture to a level where our systems can help detect threats so that we can prevent attacks before they impact the business”, concluded Roberts.
Shoppers in England are being told they need to cover up and wear a face covering when shopping from the 24th July, or they could face a fine of up to £100. But in many ways the responsibility to enforce this and keep the public safe is once again falling on battle wearied retailers, facilities managers, and operators of public spaces. Videcon is a British-based developer, designer, and provider of security solutions for businesses across the UK and the company has jumped to repurpose its deep learning, artificially intelligent software solutions in direct response to the Government’s announcement on Monday 13th July. Body temperature screening camera Thermi-screen, Videcon’s mass body temperature screening camera, can already pinpoint individuals in a shopping queue, or public space, containing up to 40 people, who may have an elevated temperature with ±0.3°C accuracy, but now it can also identify anyone not wearing a face covering. When triggered, the system automatically sends an alert to any designated controller or person in authority. Says Videcon’s managing director, Matt Rushall, “The message that members of the public must wear face coverings is out there but retailers and managers of public spaces are now finding, as an added burden, that they are being asked by the police and authorities to support them in upholding the law. Retailers have a duty to protect their customers and with Police, resources stretched to the limit at the moment, any technology that helps to manage enforcing the law and can make life easier and safer for all, is to be welcomed.” Crowd control camera systems Videcon is a pioneer in its field and the company already uses facial recognition and mask detection software Videcon is a pioneer in its field and the company already uses facial recognition and mask detection software in its Thermi-scan door access control panels but this is the first time deep learning AI technology has been embedded in crowd control camera systems of this type. Matt Rushall continued, “Our technology has been used by banks, airports, pharma companies and major retailers around the world and I am very excited at this new development. Thermi-Screen is an effective solution to help identify those with potentials symptoms, and our new capability for mask detection will be hugely beneficial to retailers and for the safety of staff and shoppers.” In addition to the new face coverings and mask detection feature, Videcon enhanced the system’s privacy settings which can now pixelate individuals and replace exact temperature readings with simple normal/elevated temperature messaging. Deep learning technologies This advanced privacy setting secures compliance with GDPR and ensures the maximum level of individual’s protection of information. The system comprises of a camera, a network video recorder, and a temperature calibrator. Using two camera lenses simultaneously, the system takes temperature readings from the forehead and upper region of the eye orbit. Algorithms and deep learning technologies then compare readings with other environmental factors like room temperature and direct sunlight. The accuracy of Thermi-Screen eliminates any false readings, such as a person carrying and sipping a hot drink and its fast response time reduces the need for single file detection accelerating the movement of people through a designated screening area or providing screening in public open spaces. Thermi-Screen is an effective solution to help identify those with potentials symptoms, and the new capability for mask detection will be hugely beneficial to retailers and for the safety of staff and shoppers.
The German video technology manufacturer Dallmeier is looking back on three extremely successful years in the "Safe City" market sector in Germany. To date, the inventor of the "Panomera" multifocal sensor technology with cameras, recording systems and software for video analysis and management has been able to execute 19 major projects in German cities. Successful investigations into recent incidents once again confirmed the quality of the systems. Essentially, three factors determine the success or failure of the use of video security technology in public spaces: on the one hand, it is important to guarantee a high and, above all, as consistent a minimum image quality as possible over the entire area to be recorded - this is the only way to ensure that the images can be used in court and, above all, to ensure positive results in the automatic analysis of these images. Multifocal sensor systems Breakthrough in the "Safe City" sector came at the end of 2016 with the commissioning of camera systems Secondly, this goal should, of course, be achieved with the fewest possible number of camera systems in order to keep overall costs, complexity and the workload of system operators low. And finally, the quality of the video management software used and the analysis of live images and recordings is of crucial importance. These three elements together form the essential added value of the patented "Panomera" multifocal sensor systems, which Dallmeier successfully launched on the market in 2011. The breakthrough in the "Safe City" sector came at the end of 2016 with the successful commissioning of the camera systems on the Domplatte (cathedral square) in Cologne. High resolution recordings Here, the police can observe an area of almost 9000 square metres with only eight Panomera cameras, and this with a minimum resolution density of 250 pixels per metre (px/m, according to DIN EN 62676-4). This very resolution is required to be able to recognise unknown individuals. With large-scale installations in 19 German cities, including Frankfurt, Essen, Wiesbaden, Chemnitz and Bremen, the manufacturer can look back on an extremely successful track record in the field of urban surveillance. "We have been using the Dallmeier Panomera technology since 2018 with great success. With the Panomera systems we benefit in particular from the fact that the entire overview of a scene is always maintained, whereby operators can zoom into different areas with high resolution even in the recording," says Thorsten Wünschmann, Head of the Hanau (a German City near Frankfurt) Public Order Office. Video security solutions "In this way, we achieve optimum control with minimum operator workload and, thanks to the fact that only a few systems are required, we also achieve low total cost of ownership". Dallmeier develops and manufactures all essential components of its solutions at its headquarters in Germany" A further, very important aspect for market acceptance is also data protection: Dallmeier fulfils this requirement by strictly observing the GDPR guidelines "Privacy by Design" and "Security by Design". Dallmeier develops and manufactures all essential components of its solutions at its headquarters in Germany, uses external service providers for extensive penetration and security tests and offers its customers comprehensive documentation and support in the implementation of video security solutions that comply with data protection regulations. Feedback from emergency services "We are very proud of our success in the Safe City sector over the past few years. Dallmeier technology is being used for more and more installations in large cities, but also increasingly in medium-sized cities." "Extremely rapid, successful investigations, not least with regard to the most recent events in Southern Germany, and consistently very positive feedback from the emergency services as well as the decision-makers attest to our strategy", says Frank Salder, Managing Director of Dallmeier Systems GmbH in Gladbeck and Germany-wide expert for Safe City within the Dallmeier group of companies. Extremely economical operation "The patented Panomera Multifocal sensor technology enables an extremely low number of systems required. For example, it is possible to cover 40,000 square meters with only 58 Panomera cameras at a minimum resolution density of 250 pixels per meter (px/m, according to DIN EN 62676-4). Together with the resulting much lower demands on the infrastructure, and of course, considerably fewer operator workstations, this also results in an extremely economical operation of the systems". Dallmeier Webinar on 28 May 2020, 4:30 PM – 5:15 PM CEST on the topic “Multifocal Sensor Technology for "Safe City": Functionality, Benefits, Real-World Examples” Special Issue "Video Extra”: Camera manufacturer recommends fewer cameras Dallmeier Solutions for Safe Cities
hagebau is an association of some 360 trading companies offering building products at more than 1700 locations across Europe. Employing around 500 staff, the Schneider group of companies has its headquarters in Erlstätt and runs 13 hagebaumarkt stores around Traunstein, most of them in the Upper Bavaria region. Thousands of customers visit these stores every day to browse the wide range of products on offer. Busy day-to-day operations and a high turnover of goods pose significant challenges in terms of the safety of customers and employees, as well as on-site inventory protection. Cybersafe and 100% GPDR-compliant “Introducing digital solutions into our locations is one of our biggest challenges,” explains Martin Wohlmayer, Head of IT and Organisation at Jos. Schneider GmbH. “To do this, we need highly reliable solutions that are cybersafe and 100% GPDR-compliant.” User rights can be assigned, meaning that access to the video material is 100% GDPR-compliant" The in-store video surveillance system has an enormous amount to monitor on a daily basis. Theft, burglary and incidents in parking lots are just a few of the key sensitive issues. The company’s forward-looking strategy also means that any current investments need to be flexible, straightforward and expandable to tackle future challenges. Managed via MxManagementCenter The Traunstein store is the ninth hagebaumarkt in the Schneider Group to be fitted with MOBOTIX technology. 134 MOBOTIX cameras have been installed in total, 19 of them in Traunstein. Special MOBOTIX outdoor cameras monitor the outdoor area, delivering crystal-clear images at any time of year, day or night. This means that all incidents that occur in parking lots or in outside areas are captured. The cameras are managed via MxManagementCenter (MxMC.) Various levels of user rights can be assigned, meaning that access to the video material is 100% GDPR-compliant. MxMC also features an interface to the POS system so that any POS discrepancies can be immediately resolved. Customer counts and footfall analysis are also integrated to further optimise customer service and customer satisfaction. Monitoring the retail space Using just the MOBOTIX cameras that were monitoring the retail space in Traunstein hagebaumarkt, inventory discrepancies resulting from theft were able to be resolved. But MOBOTIX camera surveillance offers much more than anti-theft protection: The user can analyse the footage, allowing them to adjust the range of products as required and improve product positioning — an optimal approach for increasing sales potential.
Every day, the 13 hagebaumarkt stores serve thousands of customers and process tens of thousands of products. The Schneider Group, based in Grabenstätt/Erlstätt, has the mammoth task of providing security for its customers and employees as well as monitoring and protecting its DIY stores against theft on a daily basis. It was therefore a top priority that the Group update its security and surveillance system as part of its digitalisation strategy. "Introducing digital solutions into our locations is one of our biggest challenges," explains Martin Wohlmayer, Head of IT and Organisation at Jos. Schneider GmbH. Security and monitoring system "We're well on our way to bringing our retail and wholesale stores into a digitalised future, focusing exclusively on reliable, future-proof solutions that are cyber-safe and 100% GDPR-compliant," says Wohlmayer. This was the starting point going into initial consultations with IT service provider CN H&D GmbH, in which they discussed a new security and monitoring system for hagebaumarkt stores. It became clear that the existing system would need to be replaced with a solution that included MOBOTIX cameras It quickly became clear that the existing system would need to be replaced with a solution that included MOBOTIX cameras. "We were completely won over by the 'Made in Germany' MOBOTIX cameras and solutions. This was thanks to their decentralised solution, the outstanding quality of both the hardware and software, the flexibility of the system, their compliance with the GDPR and the high level of cyber security," says Wohlmayer. Secure outdoor facilities "Our forward-looking approach involves checking all our current investments to see whether the new systems are flexible, open, expandable and secure with regard to future challenges. It quickly became clear that a MOBOTIX system would be the best way to meet our requirements," explains Matthias Ziegleder, Managing Director of CN H&D GmbH. The focus of the ongoing project in Traunstein is on installing MOBOTIX systems in the ninth hagebaumarkt store in the Schneider Group. There are currently 134 MOBOTIX cameras already in use, all of which are integrated into the MxManagementCenter. A total of 19 MOBOTIX cameras have been installed in Traunstein, as well as the MxThinClient for communicating with customers. This system has been connected to the central MxManagementCenter. Nine cameras have been installed to monitor and secure outdoor facilities, including parking lots. Specialised outdoor cameras The specialised outdoor cameras provide crystal clear images day or night throughout the year These specialised outdoor cameras provide crystal clear images day or night throughout the year, meaning that any incidents in the hagebaumarkt parking lots can easily be traced. Inside the store, ten MOBOTIX cameras monitor the sales floor. This helps determine the cause of any discrepancies in stock levels, which are usually due to theft. The MxManagementCenter (MxMC) is MOBOTIX's powerful, intuitive video management system for Windows and MacOS and is installed on a total of five computers in the store with different user profiles and access rights. The system is fully GDPR-compliant, with each user only having access to the video footage assigned to their profile. The data is remotely secured on the MOBOTIX cameras, providing highly effective protection against even the most complex and sophisticated cyber attacks. PoE-powered network device The MxThinClient completes the solution in the Schneider Group's hagebaumarkt stores. The PoE-powered network device is the intelligent, easy-to-use MOBOTIX solution for viewing the live feed from the cameras on a monitor or TV equipped with an HDMI port. This makes it possible to display content such as welcome messages, inform customers that surveillance equipment is being used in the store and show them the current products on offer in store. "We plan to equip the remaining four hagebaumarkt stores with the MOBOTIX solution and are working to develop and implement a mobile solution for targeted surveillance in known 'theft hotspots.' These cameras will be connected to their own company-wide MOBOTIX Wi-Fi network and can be moved at any time to monitor specific hotspots in the store," says Ziegleder, explaining the plans for the project. Interface to POS system "The support provided by CN H&D GmbH throughout the whole design and installation process, including follow-up support and training, has been excellent. The MOBOTIX system ensures security for us and our customers, and we'll gradually be starting to implement the other capabilities offered by the system. We've already set up the interface to the POS system," says Matthias Ziegleder. This means that any POS discrepancies can be prevented or immediately resolved in the hagebaumarkt store This means that any POS discrepancies can be prevented or immediately resolved in the hagebaumarkt store. A customer count and footfall analysis will also be integrated to further optimise customer service and customer satisfaction - not least through coordinated staff scheduling. Intelligent solutions Christian Heller, Sales Director of MOBOTIX DACH, explains: "Our solutions are used in many industries, and retail is an important market for us. Together with our technology partners, we have developed bespoke and intelligent solutions specifically for the retail and wholesale sector that make work easier and more secure." "We're pleased that the Schneider Group is using our solutions in all 13 of its hagebaumarkt stores in Germany and Austria to improve the security of its stores and to benefit its customers and employees."
Round table discussion
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week’s Expert Panel Roundtable: How are standards shaping change in the physical security market?
ISC West 2019 is in the industry’s rear-view mirror, and what a show it was! The busy three days in April offered a preview of exciting technologies and industry trends for the coming year. We asked this week’s Expert Panel Roundtable: What was the big news at ISC West 2019?