Physical security

On March 18, 2020, the exhibit floor at ISC West will host a virtual demonstration of PLAI, the emerging industry specification for enhanced identity management. Together with eight partners in access control and biometrics, the Physical Security Interoperability Alliance (PSIA) has organised an in-person experience for participants relying on a single trusted source. Biometrics and access control Attendees will receive an access card to be used at their choice of seven sites and can experience first-hand the simplified interoperability that is offered through industry standards. Upon receiving successful access or authentication at the sites, the attendees qualify for a drawing. David Bunzel, PSIA Executive Director, noted, “The PSIA recognised that we have an opportunity to provide a real world demonstration of PLAI on the ISC West show floor. Having seven access control and biometrics vendors sharing the same identity information, in a virtual environment, truly demonstrates the capabilities of PLAI in a commercial setting.” SiPass integrated PACS PLAI’s solution provides the answer to this by making a company’s security environment more robust and reliable" PSIA began planning this event mid-2019 involving a group of eight partner companies. “We are excited to be part of the PLAI Experience," said Rich Reidy, Security Segment Head, for Siemens Smart Infrastructure, adding “as it effectively demonstrates how a SiPass integrated PACS can share identity data in a multi-PACS environment”. Many of our customers prefer to be able to align to one trusted source within their security ecosystem. PLAI’s solution provides the answer to this by making a company’s security environment more robust and reliable.” Security industry professionals attending ISC West are able to register online for the PLAI Experience up until March 16, 2020. People who are not able to register in advance can do so on the show floor, further demonstrating interoperability across multiple sites through PLAI. PLAI Experience at ISC West The PLAI Experience at ISC West is on-trend for 2020 as industry publication Security Technology Executive declares interoperability ‘The Next Great Phase of Physical Access Control’.

3DX-Ray are pleased to announce the appointment of John Howell as their new IED/EOD Security Specialist for North America. John has a wealth of experience both as a senior Explosive Ordnance Disposal (EOD) technician and in the private sector. He started his career as an EOD Technician in the US Marines Elite Bomb Squad, where he was deployed worldwide serving in combat operations during the 1st Gulf war. Mitigation of explosive threats John was also a serving member of the US Army National Guard EOD unit In 1999 he moved to the US Department of State as the EOD Training Lead Instructor for the Diplomatic Security Explosive Countermeasures Unit, where he trained Special Agents on the detection and mitigation of explosive threats. In 2007 he joined the United States Marshals Service in charge of the agency's physical security for over 800 US Courthouses nationwide. During this period, John was also a serving member of the US Army National Guard EOD unit, training and overseeing all Team Leader certifications for EOD team members. Product development programmes John's work in the private sector has built him an enviable reputation as one of the leading professionals in the field, as well as pioneer in the USA for promoting the benefits of materials discrimination technology to assist the operators. Sales and Marketing Director of 3DX-Ray, Vince Deery, commented: "We are delighted to welcome John to the team. John's primary objective will be to develop our footprint in North America, but he will also support our product development programmes, sharing his extensive user and technical knowledge."

Agent Video Intelligence (Agent Vi) has announced its eighth annual Channel Partner Awards, honouring three exceptional members of its Channel Partner Program (CPP) in recognition of professionalism, excellence in sales, and deployment achievements during 2019. 2019 Channel Partner Awards Ikusi, part of Velatia Group, has been nominated as an Agent Vi Outstanding Partner for its superior sales and deployment performance of Agent Vi solutions in the Mexican physical security market. Ikusi is also recognised for its extraordinary diligence and commitment to the partnership, as evidenced by winning some large contracts that have opened new markets to Ikusi, chiefly the Security Project for the Corporate Headquarters of Daimler Group in Mexico City. Ikusi is a specialist provider of integration, engineering and technological development services for the transformation of digital businesses. The company works along with customers to better understand the peculiarities of their operations and help them develop new and better business outcomes by an efficient use of technology. Agent Vi Outstanding Partner SecuRex Solution Limited is named an Agent Vi Outstanding Partner for the significant projects won during 2019  SecuRex Solution Limited (SQX), a renowned Hong Kong-based value-added distributor (VAD), is named an Agent Vi Outstanding Partner for the significant projects won during 2019 with leading customers in the APAC region, including a very large government project. SecuRex is also recognised for continued dedication in promoting Agent Vi’s video analytics products; this is their second Agent Vi CPP award, following the 2013 CPP Award for introducing Agent Vi’s solutions into the Mainland China, Hong Kong and Macau markets. SecuRex was founded in 2004, focusing on professional surveillance solutions since day one. The company is one of the early starters in smart megapixel IP surveillance, and is highly regarded as a regional VAD in this field. SecuRex has local offices in various cities including Hong Kong, Macau, Shenzhen, Chengsha, Shanghai, Bangkok & Singapore, to provide local support to local customers. AI-powered video analytics solution Unlimited Technology, Inc. (UTI) is named as an Agent Vi Outstanding Partner for providing the latest in state-of-the-art technologies, having successfully implemented innoVi - Agent Vi’s AI-powered video analytics software as a service - at a number of major infrastructure & transportation projects in the Northeast U.S.A. Agent Vi also recognises UTI’s exceptional partnership in adopting and promoting the innoVi solution. Unlimited Technology, Inc (UTI) works with customers of all sizes (locally, nationally, and globally) on End-to-End Security Solutions, including: Physical Security, Video Surveillance, and Communications; Unlimited also offers Management of IT and Cyber Solutions; Exero, providing device agnostic, full network monitoring and protection for security and IT systems protecting personnel, customer, and IP data systems.

Identiv, Inc., a provider of physical security and secure identification, will exhibit at the WestPack Packaging Expo February 11 - 13, 2020 at the Anaheim Convention Centre. The company will also showcase its near-field communication (NFC) solutions as part of the Cannabis Packaging Summit, running alongside WestPack as a subset of the show. Expecting approximately 20,000 visitors, ranging from packaging engineers to executives and operations professionals, WestPack provides industry professionals with expert education and interactive activities designed to kick start new projects in the new year. Intelligent consumer packaging For WestPack, Identiv will be guests in the NFC Forum booth #5293, demonstrating a range of NFC products to make consumer packaging more intelligent. There will be a variety of NFC Forum members sharing the booth space, ensuring attendees are provided with a well-rounded, robust picture of NFC solutions. The Cannabis Packaging Summit is the first-ever conference and expo dedicated entirely to cannabis packaging. Identiv will share a booth (Level 3, Ballroom) with NXP Semiconductors and TPG Rewards to highlight their joint efforts in the development of Brand Verify. Brand Verify is a turn-key, intelligent, brand-protection program built specifically for the global cannabis industry. Though a subset of WestPack, this separate conference offers a rich curriculum designed specifically for packaging professionals. Attendees will receive direct access to leaders in legislative, legal, academic, and regulatory and compliance areas through hard-hitting sessions, keynote presentations and panels.

Galaxy Control Systems, a provider of integrated access control and security solutions, will demonstrate the latest enhancements to its flagship System Galaxy and Cloud Concierge Access Control Platforms at ISC West 2020 in booth 6089. The combined offering of best-in-breed on-premise and Cloud access control solutions provides users the ability to select and implement the solution they need most at the price point they can afford. Also featured will be a highly-versatile IP Intercom Entry System recently added to Galaxy’s product offering that makes entry communications easy and affordable. “The demand for high performance accessible access control solutions continues to rise as users look for more effective and efficient ways to protect people, property and assets,” said Rick Caruthers, President, Galaxy Control Systems. “By offering both on-premise and Cloud access control platforms, users can implement the solution that best meets their needs and budgets without ever sacrificing performance.” Enterprise-class access control System Galaxy offers a comprehensive portfolio of features that can be deployed in any combination System Galaxy is a complete, enterprise-class access control and security management solution that offers unsurpassed ability to satisfy the requirements of any credential management, access control or security application. With a highly-intuitive and easy-to-use user interface, System Galaxy offers a comprehensive portfolio of features that can be deployed in any combination to accommodate access control, alarm/event monitoring, intrusion detection, video surveillance, elevator control, identification and credential management, photo imaging and badging, time and attendance, visitor management, reporting, and more. Cloud Concierge is a powerful suite of cloud-based computing services that provides real-time monitoring, management and control of an access control system from virtually any location where there is Internet access using a PC, tablet, or mobile phone. The solution can be customised for integration with video surveillance, visitor management, elevator control, locks and turnstiles onto a unified platform. IP intercom entry system Galaxy Control Systems is also showcasing its new versatile and cost-efficient IP Intercom Entry System Cloud Concierge is offered in three configurations; on-site user-managed, remote user-managed, remote integrator managed. Cloud Concierge provides users with a highly cost-effective SaaS solution that is highly-attractive to users who could not otherwise afford the capital outlay required to implement physical security solutions with this level of performance. Galaxy Control Systems is also showcasing its versatile and cost-efficient IP Intercom Entry System. Users can gain entry to a facility using a traditional key fob, a PIN or a Bluetooth credential. System administrators can allow uses to enter a facility via a mobile app, apartment monitors, LCD concierge phone, or POTS line. The powerful browser-based access control solution can be used as a stand-alone product or can be integrated with access and video. All Galaxy Control System products and software are developed and made in the USA, and maintain the highest levels of certification to meet U.S. government requirements including compliance with the United States Department of Defence (DoD) Risk Management Framework (RMF).

BluBØX Security Inc., a renowned provider of cloud-based physical security solutions, announced that the United States Patent and Trademark Office has issued US Patent No. 10,554,758 entitled “Webcloud hosted unified physical security system.” The patent covers 30 claims around its flagship product BluSKY, a hosted web-cloud platform of unified BluBØX security applications. Cloud-based access control “We are so pleased to announce that BluSKY is now patented!” said Patrick Barry, CEO of BluBØX Security Inc. “It is so satisfying to finally own the patent to this industry changing invention. This patent represents the technology and architecture to deliver 4th generation security solutions. With this patent we look to help accelerate the adoption of real-time unified security systems that combine cloud, mobile, biometric, unified, open, smart, video, wireless and SIP technologies.” “Cloud-based access control and the application of Artificial Intelligence has enormous potential, offering groundbreaking capabilities to solve businesses’ most difficult security challenges. Our latest patent in this area reflects our ongoing commitment to explore ways to apply the best technologies at the right times for our clients to achieve better business outcomes.” Sean Dyer, Senior Vice President and Chief Software Architect at BluBØX Security Inc. Intellectual property portfolio Pursuing patent protection of BluBØX’s two premier products signals BluBØX’s ongoing commitment to protecting their products and the technology innovations that underpin them. It also reflects BluBØX’s highly unique and innovative approach to physical security. BluBØX will continue to take steps to protect its growing intellectual property portfolio and the rights of customers who use its derivative products and technology.

Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation. Customers have never had as much control over purchasing decisions as they do today, with the ability to make transactions at the touch of a button for goods and services from the comfort of their own homes or on the move. However, the customer data lying at the heart of this frictionless shopping experience presents an ever more attractive commodity to cyber criminals. Attacks are growing in number and it has been reported that in the last 12 months there have been 19 significant data breaches. This presents a major problem for both retailers and customers. Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. With GDPR related fines from the ICO now as much as €20m or 4% of an organisation’s global annual turnover, whichever is higher, the resulting combination of the cost of the breach itself, reputational erosion and any crippling fines can be devastating. It is therefore essential that retailers are aware of the steps and procedures they should be following to ensure full data compliance and to guarantee the integrity of their IT infrastructure. Ensuring full GDPR compliance It’s vital to ensure that everyone understands the security implications and knows how to respond effectively in the event of a breach. Internally, all teams and departments should have the confidence to raise the alert if a breach is suspected. Externally, companies should look to encourage conversations across the entire supply chain to ensure requirements are effectively met and security risks are adequately addressed. It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems. Effective cybersecurity lifecycle management of IoT devices, such as network video surveillance cameras, is an example of a measure which should be put in place to help prevent such devices from being compromised, mitigating risk and ultimately maintaining customer trust. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. Evolving physical systems For protection of the physical retail environment, the move away from legacy security solutions such as traditional CCTV, which typically sat outside of a company’s IT operation, to the modern cloud-enabled security technologies we see today, allows retailers to unlock a wealth of business benefits previously impossible with analogue technologies. Today’s systems provide far greater accuracy of detection, vastly improved image quality, even in low light, and an array of business intelligence options to aid operations, such as people counting, queue monitoring and stock control. Protecting the physical security of the retail environment The ability to create live security alerts as well as forensic evidence for later analysis allows security teams to be proactive rather than reactive. In addition, the growing use of edge capabilities to process data within the cameras themselves negates the additional time and potential lag associated with continually passing surveillance information back and forward to servers, streamlining and therefore vastly improving operations. System vulnerabilities equals vulnerable data For network cameras being introduced onto an IT network, it’s essential to ensure that they do not become compromised and used as a backdoor to gain entrance to a business’s innermost workings and most valuable commodity; its data. The importance of guarding against system vulnerabilities cannot be ignored and it is therefore vital to ensure that all installed technologies are Secure by Default; built from the ground up with cybersecurity considerations at the forefront, to strengthen system security. In addition, software updates and firmware upgrades will keep the devices protected in line with the evolving threat landscape. The importance of guarding against system vulnerabilities cannot be ignored Forging and maintaining relationships with stakeholders is key to establishing a healthy supply chain built on mutual trust and respect. Only by following such an approach can the integrity of systems be fully guaranteed, with trusted vendors and installers working together to ensure that ethical practices are followed, and cybersecurity principles are adhered to. Due diligence should be carried out to make sure that all stakeholders involved in the manufacture, supply and installation of security software and systems understand the importance of keeping security best practice at the forefront of everything they do. Addressing the ongoing challenge Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies. By following procedures around the cybersecurity of IoT devices, and realising the importance of implementing high quality products and services through relationships with trusted vendors and partners, retailers will benefit from connected physical security systems that deliver on the promise of better protection of the business and customer, to effectively mitigate the mounting cyber security threat.

It’s not just a new year, it’s a new decade. And somehow this makes it feel bigger. Almost like we’re moving faster or reaching farther. Technology is certainly advancing at an unprecedented pace. While there’s a lot to talk about, there are three big security trends that we think will continue to have a huge impact in the year to come. 1. What is artificial intelligence and is it going to take over? We’ve seen countless versions of artificial intelligence (AI) in pop culture—think of Sonny in the 2004 film I, Robot or Rachael in Blade Runner—so we feel we know the technology. And, based on this, we believe our anxieties around it are warranted. But, the truth is that the science to produce even far less sophisticated versions of these characters just doesn’t exist. AI today Computers use data to help improve performance without being explicitly programmed Today’s AI science is focused largely on machine learning. With machine learning, computers use data to help improve performance without being explicitly programmed. This means that, through the use of algorithms and training, a computer can be programmed to determine which features it should use in the identification process to efficiently produce the most accurate output. Over time and based on a trainer’s feedback, for example, a computer can determine that using color rather than shape to identify a flower is more efficient because the results are more accurate. Machine learning in the physical security industry In the security sector, we’re seeing good results with automatic license plate recognition (ALPR) systems that employ machine learning. Today’s ALPR cameras and systems are better at recognising license plates from different countries, states, or provinces because they’re more efficient at identifying an ever-expanding number of inputs. We don’t need to worry that AI will be running our lives So, we don’t need to worry that AI will be running our lives. And, in fact, we should be relieved that machine learning can be used to identify scofflaw plates as this will help keep our roads and spaces safer.   2. Can we move beyond the single, secured door? With increased globalisation and the rise of multinational companies, organisations everywhere are facing new challenges around visitor, and employee access management. Protecting your environment is no longer as easy as securing a single door. As the nature of work becomes more complex, organisations are going to have to take a different approach for managing the flow of people through their facilities. Organszations are going to have to take a different approach for managing the flow of people through their facilities The challenges of traditional access control We’ve seen that relying exclusively on a static access control system can increase workload and inefficiencies. With this approach, granting and revoking temporary access and provisioning employees is a labor-intensive process. It requires hands-on participation from security operators and front office staff. There is no guarantee that corporate or regulatory policies are being followed as well as little-to-no traceability. And, ultimately, the process is, by its very nature, prone to human error. Large conglomerates have been meeting these challenges by developing tailor-made solutions based on physical identity management. These systems are costly and require 3rd party support. Smaller organisations simply could not afford the time or resources necessary to implement them. Heading into 2020, we’re seeing an increase in out-of-the-box solutions that will allow organisations of all sizes to move to cloud-based identity management systems. How Physical Identity and Access Management (PIAM) systems can help More affordable Physical Identity and Access Management (PIAM) solutions will help organisations secure their systems and facilities by effectively managing access requests based on an individual’s identity and an organisation’s security policies. They can ensure that only those individuals who have the right to access a secured area can do so by managing and automating the process. In effect, by extending an access control system with a PIAM, organisations of any size will be able to reduce workloads, fully implement corporate policies, and better protect their spaces.   3. Should we be nervous about facial recognition? We shouldn’t be surprised by the public’s fear of facial recognition. The idea that private citizens can be identified and tracked in public is the stuff of political espionage and sci-fi thrillers. But, beyond the fictional examples, we’ve also seen cases where facial recognition gets it wrong. Incorrectly identifying an innocent man for a robbery twice or having difficulty distinguishing members of the same race are just some of the real-world reasons people don’t trust facial recognition. How facial recognition can increase security Facial recognition technology can play a huge role in helping keep people, assets, and spaces safe. It can monitor visitors to improve safety and efficiency, assist security personnel by helping to reduce response times, and aid in the investigation of incidents. Facial recognition technology can play a huge role in helping keep people, assets, and spaces safe In the coming year, we’re going to see a greater focus on developing solutions that use a privacy-by-design approach. For video surveillance applications, this will include the ability to automatically mask—through blurring or pixelation—persons in live and stored video feeds. The system itself will ensure that only authorised personnel can access un-pixelated or blurred images and only in cases that warrant it. Anonymisation Using this approach will help reduce concerns and increase protection, which will lead to greater accuracy and trust. In parallel, technology providers must continue to work with regulating bodies to ensure that the policies around implementing and using any surveillance technology, especially facial recognition, align with our values. With all these trends, we’re seeing the relationship between people and technology evolving. When we focus on improving the lives of people in our communities, we can harness the power in these advancements and make a real difference.

Back in the 1960s a lead engineer working in conjunction with the United States Navy for Lockheed’s Skunk Works team coined the acronym KISS, which translated to the design principle ‘keep it simple stupid’.  The KISS principle embraces the concept of simplicity, stating that most systems work best if they are kept simple rather than geared up to be more complicated. When it comes to physical security systems, this concept can also play a key element in its overall success. Secure work environments For years the tug of war in the security industry has pitted the need for a secure environment against the desire for technology that is convenient for users. However, finding a happy medium between the two has often seemed elusive. I believe you can design and have operational convenience at the same time as achieving high security" Jeff Spivey, a security consultant and the CEO of Security Risk Management, has this to say about it, “If there is an understanding of the security-related risks and their separate and/or collective impact on the organisation’s bottom line business goals, a resolution can be reached.” Jeff also does not think that convenience and high security have to be opposing each other. He says, “I believe you can design and have operational convenience at the same time as achieving high security.” Importance of secure access control The premise is that for organisations and spaces to be truly secure, they must be difficult to access. So, by its very nature, access control is designed to be restrictive, allowing only authorised staff and visitors to access a facility or other secured areas inside. This immediately puts convenience at odds with security. Most people will tolerate the restrictive nature of a controlled entrance using badge, card or biometric because they understand the need for security. When that technology gets in the way of staff traversing freely throughout the facility during the course of a business day, or hindering potential visitors or vendors from a positive experience entering the building, they become less tolerant, which often leads to negative feedback to the security staff. Enhancing corporate security Security consultants like Spivey and security directors all stress that understanding the threats and risk levels of an organisation will most likely dictate its physical security infrastructure and approach. All the technology in the world is useless if it is not embraced by those who are expected to use it and it doesn’t fit the culture of the organisation. Once employees and customers are educated about what security really is, they understand that they're not losing convenience, they're gaining freedom to move safely from point A to point B. Converged data and information shape new access options Migration of physical access control systems to a more network-centric platform is a game-changer for security technologies The migration of physical access control systems to a more network-centric platform has been a game-changer for emerging security technology options. The expansion of the Internet of Things (IoT), Near-Field Communication devices powered by Bluetooth technology, and the explosion of converged information systems and identity management tools that are now driving access control are making it easier than ever before for employees and visitors to apply for clearance, permissions and credentials. Wireless and proximity readers Advancements in high-performance wireless and proximity readers have enhanced the user’s access experience when presenting credentials at an entry and expediting movement throughout a facility. A user is now able to access a secured office from street-level without ever touching a key or card. Using a Bluetooth-enabled smartphone or triggering a facial recognition technology, they enter the building through a security revolving door or turnstile. A total building automation approach adds extra convenience, as well as seamless security, when access technology is integrated into other systems like elevator controls. A total building automation approach adds extra convenience and seamless security How to Meet Security Concerns at the Entry While security managers are charged with providing their facilities the maximum level of security possible, there is always the human element to consider. But does the effort to make people comfortable with their security system ecosystem come at a cost? Does all this convenience and the drive to deliver a positive security experience reduce an organisation’s overall levels of security? And if so, how can we continue to deliver the same positive experience including speed of entry – while improving risk mitigation and threat prevention? Door entrances, barriers Users can slip through the door or turnstile barriers while they are still open after a credentialed individual has gone through Let’s examine some of the various types of entrances being used at most facilities and the security properties of each. With some entrance types, there is the possibility for security to fall short of its intended goals in a way that can’t be addressed by access control technology alone. In particular, with many types of doors and barriers, tailgating is possible: users can slip through the door or turnstile barriers while they are still open after a credentialed individual has gone through. To address this, many organisations hire security officers to supervise the entry. While this can help to reduce tailgating, it has been demonstrated that officers are not immune to social engineering and can often be “talked into” letting an unauthorised person into a facility. Deploying video cameras, sensors Some organisations have deployed video surveillance cameras or sensors to help identify tailgaters after the fact or a door left open for longer than rules allow. This approach is not uncommon where facilities have attempted to optimise throughput and maintain a positive experience for staff and visitors. Security staff monitoring the video feeds can alert management so that action can be taken – but this is at best a reactive solution. It does not keep the unauthorised persons from entering, and so is not a totally secure solution. Optical turnstiles, speedgates Security staff should carefully evaluate its facility’s needs and consider the technology that is built into the door itself Security staff should carefully evaluate its facility’s needs and consider the technology that is built into the door itself. Not all security entrances work the same way. And, there will always be a balance between security and convenience – the more secure the entry, the less convenient it is for your personnel and visitors to enter your facility. For example, it takes more time to provide 2-factor authentication and enter through a mantrap portal than to provide only one credential and enter through an optical turnstile or speedgate. Perimeter protection So, it is an important first step to determine what is right at every entrance point within and around the perimeter. Remember that convenience does not equate to throughput. Convenience is the ease and speed of entry experienced by each individual crossing that threshold, while throughput relates to the speed at which many individuals can gain access to the facility. A more convenient entry makes a better first impression on visitors and is good for overall employee morale. Throughput is more functional; employees need to get logged in to begin their workday (and often to clock in to get paid), and they quickly become frustrated and dissatisfied when waiting in a long line to enter or exit the premises. Considering form and function when designing a security entrance can ensure that those requiring both high-security and convenience are appeased.

The Private Security Industry Act of 2001 gives the Security Industry Authority (SIA) the function of setting standards of conduct in the United Kingdom’s private security industry. Time is winding down to provide input during the SIA’s six-week consultation on a new draft code of conduct for SIA licence holders and applicants for SIA licences. The authority is inviting the industry, licence holders, and anyone with an interest in private security to have their say on the draft code of conduct by taking part in a survey. The consultation will end on 23 February.   “The ethos of the code of conduct is that it will improve standards and public safety by setting out the standards of conduct and behaviour we expect people to uphold if they are entrusted with protecting the public, premises and property,” says Ian Todd, Chief Executive, Security Industry Authority (SIA). Security's Code of Conduct A code of conduct sets out what standards of behaviour professionals have to meet in order to work in the profession In security as in many professions, a code of conduct sets out what standards of behaviour professionals have to meet in order to work in the profession. SIA is suggesting Six Commitments of behaviour that will apply to all licensed security operatives and to applicants. If the code of conduct is sanctioned by the U.K. Home Office, it would become mandatory and incorporated into SIA’s licensing criteria Get Licensed. A commitment to certain standards of behaviour is fundamental to what it means to be fit and proper, and to being part of a profession. The six commitments are: Act with honesty and integrity Be trustworthy Protect the people and property you are entrusted to protect Be professional at work Act with fairness and impartiality at work Be accountable for your decisions and actions “We will review the comments from the consultation once it concludes on 23 February, analyse the results and publish a report on our findings,” says Todd. “The SIA will then use the comments it has received to write a final version of the code of conduct. The introduction of a code of conduct will be subject to final approval by Home Office Ministers.” SIA’s current Standards of Behaviour provide guidance on professional behaviour but are not mandatory. The draft code of conduct builds on the Standards of Behaviour. Upholding SIA's Standards The SIA’s Partnership and Interventions team is the unit that enforces the Private Security Industry Act “The majority of licence holders uphold the standards of behaviour that the SIA, their employers and the public expect of them,” says Todd. “Their professionalism and dedication keep the public safe and tackle crime. However, there are incidents in which some licence holders do not behave in this way. This minority lower the standard of service the public receives, harm public safety, and bring themselves and the rest of the private security industry into disrepute.” The SIA’s Partnership and Interventions team is the unit that enforces the Private Security Industry Act. It is likely that they will be required to enforce the code of conduct should it become mandatory. The draft code of conduct is currently out for consultation and the proposal has been shared widely to licence holders, private security businesses, and enforcement partners encouraging them all to take part. “Once the consultation has concluded, we will analyse the findings from the feedback, produce a report and publish it on our website and share this widely via social media,” says Todd.

We live in an age when private customer data is constantly under attack from hackers. Cyber-threats have taken a front seat in the line-up of primary risks facing banks and financial institutions. The fact that cyber-attacks are becoming more prevalent isn't the only issue; they're also becoming more complex and therefore harder to address. And although the convenient interconnectivity of the Internet of Things (IoT) creates many advantages for financial institutions, there is also an increased risk to dangerous threats. Data capture form to appear here! The impact of cyber heists Money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion According to Cybersecurity Ventures, the amount of money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion overall for 2015, and this substantial amount is expected to double by 2021. In today’s environment, banks, credit unions, and financial organisations of all types are primary targets for hackers. But it’s not just the monetary loss that these businesses need to be concerned about — there is also a threat to the brand, customer trust, and employee safety. Banking surveys Banking choices are influenced by how secure consumers feel when conducting transactions, either in their local branch, at an ATM or online. In one survey, a vast majority of consumers (98%) felt most secure when conducting transactions at their local banking branch, compared with 92% when conducting transactions online and 85% using a mobile phone app. Further, 90% of consumers said they feel safer when they can see video surveillance cameras in their bank or credit union and would choose a financial institution with surveillance over one without, all other things being equal. Here are some other key findings from the survey: Half of consumers have walked away from an ATM without conducting their intended transaction because someone was loitering in the vestibule 60% of consumers noticed a fraudulent transaction before their financial institution, leaving plenty of opportunity for banks and credit unions to be more proactive when it comes to identifying and notifying customers about potential fraud “Banks and credit unions recognise that today’s consumers want a mix of in-person and online banking service options and have very high expectations when it comes to security and customer service,” said Peter Strom, President and CEO, March Networks, which provides security systems for banks. To increase security, biometric solutions are replacing PINs at physical ATMs To increase security, biometric solutions are replacing PINs at physical ATMs and providing a more fool-proof form of identification for banking security. Ways to increase banking security Popular use cases include a) PIN replacement at physical ATMs; b) proof-of-presence (such as pension benefit distribution) that requires liveness detection; c) more easily authenticating multiple transactions during a single ATM session; d) incorporating biometric information directly into a smart device; and e) the ability to leverage investments in biometric enrolment databases across multiple applications. An example of the latter is when fingerprint authentication on mobile devices used for payments and secure mobile banking is also used in conjunction with enrolled information for authentication at an ATM. The availability of interoperable authentication devices would permit cross-bank usage and pave the way for many new applications in the future. By enrolling a citizen’s fingerprints and then creating an ecosystem in which these transactions are strongly tied to that individual’s biometrics, the potential for fraud and identity theft approaches zero, and the process is simple and convenient for users. Read part two and part three of our banking security mini series.

Nigel Waterton recently joined cloud video company Arcules to lead the sales and marketing efforts as Chief Revenue Officer (CRO). He brings to the task the benefit of 22 years of experience building and managing large, high-growth technology organisations. Waterton joins Arcules from Aronson Security Group, an ADT Commercial Company, where he served as Senior Vice President of Corporate Strategy and Development. We caught up with the new CRO to discuss his position and to reflect on how industry changes are impacting integrators and manufacturers. Q: What fresh insights do you bring to Arcules from your previous positions? Waterton: Generally, most manufacturers don’t understand the business model of the integrator. And if they do, their programs don’t necessarily help achieve their goals. Since most manufacturers use integrators to get to the end user, they are often disconnected from truly understanding the customer, their organisation’s business and its impact on the value of the security program. In my previous role, I spent most of my time bridging the gap between these two worlds. It gives me a great platform for understanding how to achieve that with Arcules. Q: How is ‘Chief Revenue Officer’ different from your previous jobs? I have the responsibility of driving innovation for the companyWaterton: While the title is different, the ultimate role I’m in isn’t too different from previous roles that I’ve held in my career. I have the responsibility of driving innovation and strategy for the company, as well as serving as a leader for the sales and marketing team and developing a sales and marketing strategy for the company. This position allows me to build on what I’ve learned throughout my career from an end-user and integrator partner perspective and brings that expertise into the fold of this young, fresh, innovative company that’s paving the way for cloud-based innovation in the marketplace. Q: Is there an industry-wide ‘culture clash’ between the IT-centric nature of cloud systems and the physical security market? How can it be managed? Waterton: Adopters from the IT and physical security worlds are a little at odds over the software-as-a-service (SaaS) offerings as a result of a disconnect with how the cloud is defined in both spaces. A lot of people and companies are creating their own notion of what cloud and SaaS mean. And without a common nomenclature in place, there is a lot of confusion among all users. Similarly, there is a clash among integrators around how to monetise the SaaS offering. This gap can be closed through increased awareness, education and the reiteration of how ubiquitous the cloud already is in our everyday lives. Q: From the integrator perspective, what is the impact of a transition to a cloud/SaaS model on how revenue is managed in the increasingly service-oriented security market? Waterton: Transitioning to a cloud/SaaS model shifts the mindset of the integrator significantly, as the focus changes from project-centric to more customer service-based impact. Becoming more service-minded creates a greater awareness of what the client’s needs are on a day-to-day basis and how that can be improved over time. When operating with a per-project focus, it can be difficult to create a more long-term impact on an organisation. With a cloud-based, service-oriented model, integrators now have the ability to manage client expectations in real-time, which greatly increases their value proposition. Q: What about from the end user perspective? Waterton: There are so many benefits from the end user perspective, including the ability to remove the process of a large investment in capital expenditures (CapEx) and shift to a more manageable, predictable operational expenditure (OpEx). Not only does this allow organisations to adjust as needs change; it also prevents being locked into a long-term solution that might not be able to move with the speed of the company as it scales. That being said, the main benefit is the ability of SaaS/Cloud services to drive innovation and introduce new features as they’re introduced without additional investment from the end user. Q: What impact does the recurring monthly revenue (RMR) model have on the operations/management/cashflow of a supplier/manufacturer company? Waterton: Traditional manufacturers struggle with the introduction of a SaaS modelTraditional manufacturers struggle with the introduction of a SaaS model for many of the same reasons integrators struggle. They must sell the board and possibly their investors on a new valuation model as well as revenue recognition model. That is constraining their innovation in the market. Oddly enough RMR from a manufacturer’s perspective is very similar to the integrator model in that cash flow is more predictable in nature. An RMR model allows a company to grow strategically and innovate constantly, expanding and adjusting to cater to client needs on a daily basis while also providing the ability to look ahead and ensure we’re meeting the needs communicated to us in the market now and into the future. Q: What will be the biggest challenge of your new position at Arcules (and how will you meet the challenge)? Waterton: One of the biggest challenges we’re seeing — and one that will have a significant impact on my role — is the challenge of market adoption of SaaS/cloud services, as well as the awareness about why cloud is a significant part of the future of the industry. There’s also an opportunity to shift the conversation within Arcules from tech-focused outcomes to becoming practitioners of risk-based outcomes. We have to focus on the risk model for organisations, not technology. If we truly understand the risks to the organisation, the tool will become apparent. Answering the questions: Why does a retailer lose product? Why does a facility experience vandalism? We have to understand the sociology of it because that’s how we can address what the service does in the marketplace. Q: Taking the various elements into consideration, what will the ‘physical security industry’ look like five years from now? Waterton: In sum, wildly different. It’s much different than what it was five or even 10 years ago, and with each leap, the industry has moved forward. Products are maturing, bandwidth is improving and the knowledge that we have is exponentially more advanced. There is increasing use of outside perspectives aimed at shaking up the ‘this is how it has always been done’ mentality that many organisations have suffered from. It’s going to look very different five years from now, and cloud-based initiatives will be the key to the success of many organisations.

Airports, power plants, and data centres house mission-critical assets essential to everyday life. Without adequate physical security, these operations are at risk of intrusion and sabotage. The shutdown of any one of these critical infrastructure facilities would affect hundreds of thousands of people. Securing these entities from a physical breach starts by protecting the perimeter. While critical infrastructure sites pose their challenges for perimeter intrusion detection systems, new technologies, and solution integrations are addressing these pain points and enabling better detection, deterrence, and real-time response in the case of a threat. Trending technologies amplifying perimeter security Here are six trending technologies amplifying perimeter security for critical infrastructure: First-class thermal cameras - FLIR thermal cameras continue to remain the industry standard for 24-hour perimeter monitoring and are seeing strong adoption throughout the critical infrastructure sector. Greater thermal resolution, longer detection ranges, sophisticated edge analytics, and ONVIF compliance continue to distinguish premium choice FLIR thermal cameras from low-end options. Radiometric thermal cameras for business intelligence - Thanks to the emergence of artificial intelligence (AI) and machine learning technologies, critical infrastructure customers are looking for a return on investment beyond the traditional functionality of their security cameras. Electrical substations, for example, are deploying thermal cameras for intrusion detection and predictive maintenance. These sites are installing radiometric thermal cameras, integrated with temperature trending software, to identify issues with assets before a component malfunctions, overheats, or fails. Being able to prevent even one electrical fire can save the customer thousands if not millions of dollars in damages, liabilities, and insurance claims, well worth the cost of the solution. Radar for redundancy - Critical infrastructure facilities are deploying radar solutions to expand coverage beyond the fence line. Providing continuous coverage, a radar conducts a full 360-degree scan of a property every one to two seconds. Radio waves are undeterred by rain, fog, or other adverse weather conditions that hinder standard surveillance cameras, making them an ideal solution for rugged environments. Users are also increasingly pairing radar with thermal cameras to ensure redundancy and reduce false positives. If both the radar and thermal camera are alerted to the same event, remote operators can see it is likely a true alarm. Cyber-hardened features - Because network cameras and sensors are now standard for enterprise-class deployments, the need for perimeter security has extended beyond physical security to edge devices. In this digital age, it is imperative that cybersecurity precautions are put in place to safeguard the network and devices from cyber breaches. FLIR has focused its research and development in cybersecurity. Today, all new lines of FLIR cameras are built with cyber-hardened features. Standard cybersecure protocols for FLIR cameras include running penetration tests, eliminating backdoor accounts, removing default passwords, and enforcing end-to-end encryption through secured TLS connections. 4K and UHD video - While thermal and radar sensors improve detection, other devices are needed for threat assessment and identification. The emergence of HD, Ultra HD, and 4K cameras offers end users a heightened level of detail, optimal for evidence capture and investigation procedures. Critical infrastructure customers are beginning to upgrade their visible cameras for higher resolution models, and for this reason, are opting for the latest FLIR Quasar and Ariel cameras. These cameras are attractive options, as they offer low predictable bit rate, improved wide dynamic range, and enhanced image stabilisation features that enable crisp video quality, ideal for video analytics and suspect identification. Drones - For critical infrastructure sites like oil and gas refineries, dispatching security personnel to respond to an intrusion alert isn’t always easy, as these sites are often either remote or difficult to access. In order to improve response times, critical infrastructure sites are integrating unmanned aerial vehicles (UAV), or drones, with their overall security system. Upon a verified alarm, the drone is dispatched to the area of interest to provide additional surveillance. By equipping a drone with both an optical and thermal payload, operators can quickly get eyes and ears on the scene to assess the threat.

The Bower is a beautifully designed mixed-use development in London. Consisting of three modern spaces, the 320,000 sq ft development offers a contemporary environment for businesses as well as being a vibrant restaurant and retail destination. Companies occupying The Bower are forward-thinking and technologically advanced, so this development required an entrance solution to match its tenants’ high standards and security needs. Customised Fastlane Glassgate 250 turnstiles with an integrated access control system, capable of reading different types of card, have been installed at two entrances within the building complex. Integration with existing access control systems Customised Fastlane Glassgate 250 turnstiles with an integrated access control system, capable of reading different types of card, have been installed This integration was a key requirement for this particular project, as many of the building’s business occupiers have other offices located elsewhere – both in the UK and globally – each with their own existing access control systems and ID cards which they wanted to retain and be able to use when accessing this new premises. To facilitate a seamless visitor experience, a boarding pass visitor system was also required.  

There are many matters that must be taken into account when organising a casino. A top priority is the security of the entire workforce and clientele. An access control system that is reliable and easy to operate provides the basis for that. Casino Baden-Baden is open 358 days a year. In addition to various different pay scale groups and work-time models, a variety of bonuses need to be assigned. Pay may therefore be partly exempt of tax or liable to tax, with holiday bonuses and weekend pay. Recording staff work timings Intensive workshops and consultations were conducted to establish the specific requirements of the casino, so that the best possible solution could be developed. The main focus was on recording work times and transmitting that data to the casino's own specially developed shift schedule program. Given the various different work time models and wage types in numerous variants, complex manual procedures must be automated in future. IF-4735, IF-810, and IF-800 access control terminals Employees can use their passes for cashless payment in the cafeteria and at the vending machines In 1991, a solution for physical access control and time recording was implemented in the form of the IF-5020 software. Since 1998, the IF-6020 software solution has been in use. The hardware terminals IF-4735, IF-810, and IF-800 ensure smooth recording of work times and grant authorised employees access to the various separate areas. Also, the employees can use their passes for cashless payment in the cafeteria and at the vending machines. The system solution from Interflex, with its hardware and software components, now brings employees and administrators substantial time savings and a great deal of convenience. Central access control system All access permissions and work times are now recorded and controlled in one central system, eliminating the disruption of transferring from one system to another, such as to the program for pay and shift planning. This has brought considerable improvement in transparency and in the freshness of data, and paper has been completely banished from work time control.

HID Global, globally renowned trusted identity solutions provider, has announced support for Seos-enabled student IDs in Apple Wallet. Beginning this fall, students, faculty and staff at Clemson University will be able to add their IDs to Apple Wallet and use their iPhone and Apple Watch to access buildings on campus, purchase meals and much more. Seos-enabled student IDs “HID Global is excited to play an important role in creating transformative connected university experiences that make it easy for students to simply use their iPhone or Apple Watch to enjoy all that daily campus life has to offer,” said Stefan Widing, President and CEO with HID Global. HID’s technology and electronic locks from our parent company ASSA ABLOY are helping Clemson University students" Stefan adds, “HID’s broad range of technology and electronic locks from our parent company ASSA ABLOY are helping Clemson University students, faculty and staff take full advantage of convenient mobility applications. This fall, their Apple devices can be used for everything from entering buildings – such as residence halls and individual rooms – to buying meals, accessing the gym, and using secure print services and numerous other university resources.” iCLASS SE reader modules To support student IDs in Apple Wallet on iPhone and Apple Watch, HID provides Seos-enabled credentials, HID iCLASS SE and HID OMNIKEY readers, embedded HID iCLASS SE reader modules, and Corbin Russwin and SARGENT electronic locks from ASSA ABLOY. Through HID’s support of student IDs in Apple Wallet, Clemson students will be able to seamlessly access residence halls, libraries and fitness centers, buy lunch, make purchases at the university store, print documents and more by placing their iPhone or Apple Watch near a reader where contactless student ID cards are accepted. Contactless student IDs Contactless student IDs are supported on iPhone 6 and later and iPhone SE. On iPhone XS, iPhone XS Max, and iPhone XR, student IDs may still be used for up to five hours in power reserve mode when the iPhone battery needs to be charged. Student IDs in Apple Wallet are not only convenient, they also provide an extra level of security as students no longer have to worry about misplacing their physical card. School credential provisioning is protected by two factor authentication.

Ping Identity, the provider of Identity Defined Security, announces its successful completion of the Financial-grade API (FAPI) conformance testing, as part of the process defined by Open Banking Ltd. This builds on Ping Identity’s previous success as the first identity platform to pass all 70 technical security tests, as set by Open Banking Ltd., with zero warnings. The most recent set of FAPI conformance testing evaluated the latest versions of the Ping Intelligent Identity platform, including PingFederate, PingAccess and PingDirectory, within a mock banking environment. Additional technical requirements It switches to an API model with structured data that utilises a token model such as Open Authorisation The inclusion of FAPI within the Ping Identity solution for Open Banking helps allow banks to overcome insecure practices such as screen scraping by using stored user credentials. Instead, it switches to an API model with structured data that utilises a token model such as Open Authorisation. FAPI is a technical specification developed as a multi-industry standard by the FAPI Working Group of OpenID Foundation (OIDF). It leverages OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, FAPI provides various advantages. This includes enabling applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings. Secure identity requirements In concurrence with the specification, OpenID Foundation maintains a cloud-based testing suite for conformance testing by banks, certified third-party security providers and platform vendors—such as Ping Identity. The Ping Intelligent Identity platform is used by hundreds of financial services enterprises, including many of the CMA 9 and Open Banking Ltd. itself. Additionally, FAPI is of increasing relevance to the growing number of new fintech start-ups in areas such as investment, wealth management, insurance, payments and even real estate. “This is significant beyond the Open Banking and financial services sector,” explains Rob Otto, EMEA Field CTO, Ping Identity. “Other digitally-focused sectors, with similar secure identity requirements, now have a proven template that can allow them to quickly deploy their own security controls, which have been stringently tested by the largest financial institutions in the UK.”

Merthyr County Council were experiencing high levels of break-ins and thefts in its three household recycling sites resulting in high repair and replacement costs. The Council employed a security company to man guard three sites which cost over £150,000 per annum however, the break-ins were still occurring. The Gallagher Channel Partner designed a solution to detect, deter and protect. They installed a Gallagher Monitored Pulse Fence to detect intruders climbing or breaking through the fence, deter by delivering a short, sharp but safe shock, while protecting the Council's assets and on-going operation. Cost-effective installation The system was retrofitted to an existing fence structure ensuring an easy, efficient and cost-effective installation. Since the fence was installed break-ins have ceased and the requirement for man guarding is no longer needed. Electrical Statutory Compliance Inspector at Merthyr County Council, Les Lewis, said: “I was thrilled with the completed project. Not only is it aesthetically pleasing, but it has met all of our security requirements. It has also helped make huge cost savings as we no longer require manned security out of hours or need to repair damaged fences and replace expensive assets. I believe the Gallagher system will pay for itself within 18 months.”

The new year is several weeks old, so it is safe to say that many of our New Year resolutions have fallen by the wayside. Despite the limited success of our personal resolutions, the new year is a great time to take stock, look ahead, and plan to make 2020 the best year yet. Thinking about our industry as a whole, we asked this week’s Expert Panel Roundtable: What should be the security industry’s “New Year’s resolution?” 

2019 was a big year for the Expert Panel Roundtable. The range of topics expanded, and we had more participation from more contributors than ever before. In closing out the year of contemplative discussions, we came across some final observations to share. They can serve both as a postscript for 2019 and a teaser for a whole new year of industry conversations in our Expert Panel Roundtable in 2020.  

The new year comes with new opportunities for the security industry, but what technologies will dominate our discussions in 2020? Topics such as artificial intelligence (AI) and HCI (hyperconverged infrastructure) became familiar in conversations during 2019, and they are likely to dominate our thoughts again in the new year. But other buzzwords are also gaining steam, such as “blockchain” and “frictionless access control.” Connectivity and the cloud will also be timely technology topics as the industry evolves. We asked this week’s Expert Panel Roundtable: What technology buzz will dominate the security industry in 2020?