Global technical body EMVCo has confirmed its security evaluation methodologies and processes support IoT payment use cases, enabling emerging solutions and devices to be evaluated quickly and efficiently. Device hardware evaluations are playing an increasingly important role in IoT assessments across various IoT payment use cases, security frameworks and emerging compliance models. EMVCo, in collaboration with globally recognised independent laboratories, has worked since 2005 to evaluate the...
Keysight Technologies has announced Breach Defense, a security operations (SecOps) platform designed to improve operational security effectiveness. An integral element of the new platform is the Threat Simulator breach and attack simulation solution which enables network and security operations teams to measure the effectiveness of operational security by safely simulating the latest attacks and exploits on live networks. Security operations teams are faced with an increasingly complex network e...
High security perimeter systems manufacturer Zaun has uplifted all of its Security Ratings (SR) range to the latest certifications from the Buildings Research Establishment (BRE). BRE has revised its SRs to Loss Prevention Standard (LPS) 1175 as certified by the Loss Prevention Certification Board (LPCB) and listed in their Red Book. The latest revision of LPS1175 to issue 8.0 sets out the requirements and testing procedures for the LPCB certification and listing of intruder resistant building c...
ISC West, a converged security event in the United States, introduces the lineup for its 2020 SIA Education@ISC sessions, in collaboration with premier partner the Security Industry Association (SIA). Together, SIA and ISC West will be making educational sessions available during ISC West, taking place March 17-20, 2020, (SIA Education@ISC: March 17-19 | Exhibit Hall: March 18-20) at the Sands Expo in Las Vegas, Nevada. The comprehensive programme includes nearly 100 accredited sessions coverin...
Maxxess Systems, a provider of event response management and collaboration systems, is pleased to announce the integration of OpenEye Web Services (OWS) with Maxxess eFusion security management software. eFusion is presently installed in thousands of facilities around the globe enabling security personnel to more precisely monitor and assess potential and emerging threats, and quickly respond to emergencies. This new integration enables the Maxxess monitoring software to retrieve video from Ope...
DigiCert + QuoVadis have been certified in the Netherlands and Belgium to provide remote Qualified Electronic Signatures for customers using its cloud-based Digital Signing Service (DSS) platform. QuoVadis, acquired by DigiCert in January 2019, is an accredited Qualified Trust Service Provider (QTSP) in the Netherlands and Belgium under the EU eIDAS regulation 910/2014 and is able to offer EU trust services to all member states, as well as in Switzerland under ZertES. eIDAS Qualified Electroni...
Fugue, the company delivering autonomous cloud infrastructure security and compliance, has announced the release of the Fugue Best Practices Framework to help cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks. Users can deploy the Fugue Best Practices Framework within minutes to improve the security posture of their Amazon Web Service (AWS) cloud environments. Cloud misconfiguration, primary cause of data breaches Cloud misconfiguration is the number one cause of data breaches involving public cloud services Cloud misconfiguration is the number one cause of data breaches involving public cloud services such as those offered by AWS. The scale, complexity, and dynamic nature of cloud infrastructure environments often leads to significant misconfiguration events that traditional security analysis tools fail to prevent or detect. According to Neil MacDonald at Gartner, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes.” While compliance frameworks such as the CIS Foundations Benchmarks address a number of cloud misconfiguration risks, recent major cloud-based data breaches were possible due to misconfigurations not necessarily covered by these standards. The Fugue Best Practices Framework is designed to complement standards such as the CIS Foundations Benchmark to provide additional protection against today’s advanced misconfiguration attacks. Fugue Best Practices Framework “Enterprise cloud and security teams are recognising that their current cloud security posture leaves them vulnerable to newer and more sophisticated misconfiguration attacks,” said Phillip Merrick, CEO of Fugue. “The Fugue Best Practices Framework gives cloud teams a simple tool to quickly identify these misconfigurations in their cloud environment and the most comprehensive security against cloud misconfiguration risk when used in combination with a framework like the CIS Foundations Benchmark.” The Fugue Best Practices Framework includes rules covering the following cloud vulnerabilities: Identity and Access Management (IAM) misconfigurations that can provide bad actors, including malicious insiders, with the ability to move laterally and discover resources to exploit S3 bucket policy misconfigurations that can be exploited in order to take data exfiltration actions VPC Security Group rule misconfigurations that can enable malicious access via Elasticsearch, etcd, and MongoDB services Enhancing cloud infrastructure security Fugue will continue to add new rules to the Fugue Best Practices FrameworkFugue will continue to add new rules to the Fugue Best Practices Framework as new misconfiguration attack vectors are identified. The Fugue Best Practices Framework joins a growing number of out-of-the-box cloud compliance frameworks Fugue provides, including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC2. Fugue also supports custom rules using Open Policy Agent, an open source policy as code engine, making it easy for enterprise cloud teams to create cloud infrastructure policies tailored to meet their specific use cases and security requirements. The Fugue Best Practices Framework is available now for all Fugue customers and can be used with a 30-day free trial.
Crossword Cybersecurity Plc the technology commercialisation company focused solely on cyber security and risk, is pleased to announce that it has signed a Memorandum of Understanding (MoU) with Leonardo MW Ltd, a global high-tech Aerospace Defence and Security company. Crossword is rapidly becoming a pioneer player in the provision of risk assurance systems. Rizikon Assurance allows organisations to assess, assure, visualise and, ultimately, control third party risk. Risk assessment and management practice The cooperation between Crossword and Leonardo will enable Leonardo’s National Cyber Security Centre’s certified cyber consultancy to use Rizikon Assurance to enhance its leading risk assessment and risk management practice for customers throughout the world. Leonardo targets its cyber security offerings at Government, Defence and Critical National Infrastructure both in the UK and internationally. Supporting that offering with industry-leading tooling such as Rizikon Assurance, will further improve outcomes for customers. Cyber and supply chain assurance capability MoU states an intention to collaborate across multiple workstreams, including an agreement to bidThe MoU states an intention to collaborate across multiple workstreams, including an agreement to bid for certain significant contracts across multiple industries throughout 2020, utilising Crossword’s flagship third party risk management solution Rizikon Assurance and Leonardo’s extensive expertise in integration, cyber and third-party assurance. A recent Ponemon Institute survey found that 56% of data breaches were caused by a third-party vendor and with this issue gaining in media and regulatory attention, it is critical that businesses understand their third-party risk and how to mitigate it. Crossword’s Rizikon Assurance and Leonardo’s cyber and supply chain assurance capability perfectly align to address this growing requirement. Deliver technology commercialisation The MoU also explores opportunities to partner to deliver technology commercialisation, focusing on cybersecurity research in UK universities and bringing cutting edge technology to market. Jake Holloway, Crossword’s Business Development Director, said: “Having Leonardo as a partner will allow us to respond to much larger opportunities for our products like Rizikon Assurance. This is a big step in our development as a business.”
Johnson Controls is introducing the Ethos line of multi-tech contactless access readers from WaveLynx Technologies. Ethos readers are equipped with a choice of credential technologies, enabling customers to choose migration paths to deploy secure credentials. WaveLynx Ethos multi-tech contactless access readers feature a modern aesthetic and state-of-the-art feature set. All Ethos readers are capable of reading legacy Proximity credentials, MIFARE DESFire® smart card credentials, LEAF enabled smart card credentials and mobile credentials. Security and event management system WaveLynx Ethos Readers are integrated with the Tyco Software House C•CURE 9000 security Ethos readers simultaneously work with old and new credentials. WaveLynx Ethos Readers are integrated with the Tyco Software House C•CURE 9000 security and event management system, providing 24x7 mission-critical security and safety protection for people, buildings, and assets. All ET-Series readers, including the ET10 Mullion Mount, ET20 Wall mount and ET25 Keypad Reader feature OSDP communication with the patented auto-detect feature. This feature allows the reader to automatically switch from the Wiegand protocol to OSDP when the panel is upgraded to OSDP, with no need to re-wire or re-configure the reader for OSDP functionality. Secure smart cards or Mobile credentials can be introduced at any time. Key features OSDP auto-detect capable LEAF Si enabled off the shelf, LEAF Cc ready MIFARE DESFire® EV2/EV1 compatible Mobile credential ready Tristate LED Light Bar (red, green, amber) and buzzer Easy install bracket (patent pending) and wiring system Accelerometer-based tamper detection
Beyond Visual Line of Sight (BVLOS) drone operations are key for future commercial unmanned aerial vehicles (UAV) use cases, including public safety, industrial inspection and urban air mobility. Frequentis has partnered with mobile network connectivity specialist and start-up, Dimetor, to enable network connectivity for command and control (C2) and payload data links to ensure reliable and consistent data sharing. Dynamic and reliable telecommunication data The initial introduction of UAV’s to the airspace has been limited to visual line of sight (VLOS) operations. To extend commercial drone applications, BVLOS operations are essential for governmental entities as well as commercial deployments and many countries are now amending their drone policies to allow such flights. So far, the use of network connectivity and associated data have not been standardised This requires accurate, dynamic, and reliable telecommunication data and it is important to have this information from a single source. So far, the use of network connectivity and associated data have not been standardised for pre-flight assessment or regulated for operational use. However, recent drone trials in Finland and Estonia for the Gulf of Finland (GOF) U-space project uncovered this requirement and need for connectivity to enable consistent data sharing between the UAV and the UTM system. Critical data for safe BVLOS drone flights The connectivity platform from Dimetor, AirborneRF™, is deployed at the operational data centers of Mobile Network Operators (MNOs), processing highly confidential network data for assuring cellular connectivity for UAV operations. Flight planning tools like Frequentis’ CADAS-ATS and other U-space services can use the constraints in the pre-tactical/tactical phase of a BVLOS drone flight and either approve or reject the proposed flight plan. AirborneRF can also be used to demonstrate network capabilities to airspace regulators and UAV service providers. The partnership between Frequentis and Dimetor then enables the MNOs to seamlessly integrate the connectivity information into the aeronautical information management database (AIMdb), and thus to become an integral part of the developing ecosystem for commercial BVLOS drone operations. We will exchange our knowledge and work together to strengthen and develop the future airspace ecosystem" “By partnering with Dimetor, we can further explore and advance our work in the field of ATM and UTM. Through this cooperation, we will exchange our knowledge and experiences and work together to strengthen and develop the future airspace ecosystem, enabling the provision of critical data for safe BVLOS drone flights. This partnership is a significant step towards enabling our customers to keep pace with the additional growth by minimising operating costs.” says Hannu Juurakko, Frequentis Chairman of the ATM Executive Team. Highest quality and safety for BVLOS The agreement between Frequentis and Dimetor highlights the unified commitments to providing safety-critical services ensuring highest quality and safety for BVLOS and highly automated drone operations based on connectivity information. “At Dimetor we are delighted to be partnering with Frequentis. This will enable an integrated solution bringing together the 3D cellular connectivity information for safe BVLOS operations with Aeronautical Information Management (AIM) and UTM/ATM systems - on global scale”, says Thomas Wana, Dimetor Co-founder and CTO. Frequentis and Dimetor will enable drone powered business operations with a total addressable market value over 127billion USD forecasted by PricewaterhouseCoopers International (PwC).
Panorays, a rapidly growing provider of automated third-party security lifecycle management, unveiled a security intelligence solution known as Dark Web Insights. The new feature enhances Panorays’ award-winning third-party security management solution and serves as an additional layer of cyber security protection. Using Panorays’ Dark Web Insights, companies can now become proactive about knowing in advance of in-the-wild threats to their supply chain. The evaluator company automatically receives a notification when there is abnormal activity on the Dark Web regarding the third party. The new Dark Web feature checks mentions of a company’s third party on hacker forums and other nefarious marketplaces. It provides the ability to monitor potentially malicious hacker chatter about opportunities to target the third party, sell databases of personal information or take advantage of system weaknesses for financial benefit. “With the latest rash of misconfigured servers and data leaks, many companies have discovered too late that a significant breach has occurred,” said Noam Maman, VP Product of Panorays. “Many third-party security solutions assess the attack surface of vendors, but do not venture into the Dark Web. With Panorays, companies receive further necessary visibility into the security posture of their third parties.”
The appointment of Ritesh Deokar is a strategically important move for the company, adding valuable experience and expertise which complement Milestone Systems’ ambitious expansion plans in the region. Ritesh joins the company from a senior management position at Larsen & Toubro Infotech (LTI), where he was responsible for Global Alliances. Prior to that, he was employed as National Alliance manager at Wipro Limited, and has extensive experience working within the ICT sector in India. His diverse background in both technology and security will be of significance to Milestone Systems’ growth in the region. Converged security and technology skillset Jordan Cullis, Director for APAC at Milestone Systems, said of the appointment: “The fact that Ritesh brings a converged security and technology skillset to the company fits perfectly with our needs.” Video management has evolved far past the point where it exists purely as a standalone technology" “Video management has evolved far past the point where it exists purely as a standalone technology, and to fully harness the power of an open VMS platform like Milestone Systems, our leaders need to understand and work with the myriad of technologies that integrate with our solutions.” Ritesh received his MBA from Nagpur University, and is fluent in four languages: Hindi, English, Kannada and Marathi. He will be based in Bengaluru. Video management and surveillance industry Milestone Systems has committed to an ambitious growth strategy in the region, backed by a global plan to increase their innovation capacity by 45 percent. “I am very excited to come to a leading global company like Milestone Systems, at a time when there is so much happening in the video management and surveillance industry in India.” “There is enormous potential for Milestone Systems’ open platform VMS solution and my extensive contacts across the IT and security markets here will certainly give us some great scope to forge new alliances, build new solutions and really take the company forward across the region,” said Ritesh Deokar.
Rodrigue Zbinden, CEO at Morphean, discusses the business benefits from merging video surveillance and access control technologies as demand for ACaaS grows. The big question facing businesses today is how they will use the data that they possess to unlock new forms of value using emerging technologies such as the cloud, predictive analytics and artificial intelligence. Some data is better utilised than others: financial services were quick to recognise the competitive advantages in exploiting technology to improve customer service, detect fraud and improve risk assessment. In the world of physical security, however, we’re only just beginning to understand the potential of the data that our systems gather as a part of their core function. Benefits of ‘Integrated access control’ The first thing to look for is how multiple sources of data can be used to improve physical security functionsWhat many businesses have yet to realise is that many emerging technologies come into their own when used across multiple sources of data. In physical security, for example, we’re moving from discussions about access control and CCTV as siloed functions, to platforms that combine information for analysis from any source, and applying machine learning algorithms to deliver intelligent insights back to the business. ‘Integrated access control’ then looks not just to images or building management, but to images, building management, HR databases and calendar information, all at the same time. And some of the benefits are only now starting to become clear. The first thing to look for, of course, is how multiple sources of data can be used to improve physical security functions. For example, by combining traditional access control data, such as when a swipe card is used, with a video processing platform capable of facial recognition, a second factor of authentication is provided without the need to install separate biometric sensors. CCTV cameras are already deployed in most sensitive areas, so if a card doesn’t match the user based on HR records, staff can be quickly alerted. Making the tools cost-effective In a similar vein, if an access card is used by an employee, who is supposed to be on holiday according to the HR record, then video data can be used to ensure the individual’s identity and that the card has not been stolen – all before a human operator becomes involved. This is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business functionThese capabilities are not new. What is, however, is the way in which cloud-based computing platforms for security analytics, which absorb information from IP-connected cameras, make the tools much more cost effective, accessible and easier to manage than traditional on-site server applications. In turn, this is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business function. With this system set up, only access control hardware systems are deployed on premise while the software and access control data are shifted to a remote location and provided as a service to users on a recurring monthly subscription. The benefits of such an arrangement are numerous but include avoiding large capital investments, greater flexibility to scale up and down, and shifting the onus of cybersecurity and firmware updates to the vendor. Simple installation and removal of endpoints What’s more, because modern video and access control systems transmit data via the IP network, installation and removal of endpoints are simple, requiring nothing more than PoE and Wi-Fi. Of all the advantages of the ‘as a service’ model, it’s the rich data acquired from ACaaS that makes it so valuable, and capable of delivering business benefits beyond physical security. Managers are constantly looking for better quality of information to inform decision making, and integrated access control systems know more about operations than you might think. Integrating lighting systems with video feeds and access control creates the ability to control the lightsRight now, many firms are experimenting with ways to find efficiencies and reduce costs. For example, lights that automatically turn off to save energy are common in offices today, but can be a distraction if employees have to constantly move around to trigger motion detectors. Integrating lighting systems with video feeds and access control creates the ability to control the lights depending on exactly who is in the room and where they are sitting. Tracking the movement of employees Camera data has been used in retail to track the movement of customers in stores, helping managers to optimise displays and position stocks. The same technology can be used to map out how employees move around a workspace, finding out where productivity gains can be made by moving furniture around or how many desks should be provisioned. Other potential uses of the same data could be to look for correlations between staff movement – say to a store room – and sales spikes, to better predict stock ordering. What makes ACaaS truly exciting is it is still a very new field, and we’re only just scratching the surface of the number of ways that it can be used to create new sources of value. As smart buildings and smart city technology evolves, more and more open systems will become available, offering more ways to combine, analyse and draw insights from data. Within a few years, it will become the rule, rather than the exception, and only grow in utility as it does.
The Security Industry Association (SIA) looks forward to 2019, and it is apparent that physical security is moving into its most formative years. Changes presented by emerging technology, open systems and growing connectivity among devices and sensors will make a big difference for manufacturers, systems integrators/dealers and end users. With a more open, connected environment come cyber risk and data privacy concerns – which is why, in SIA’s 2019 Security Megatrends, cybersecurity’s impact on the physical security industry ranks number one on the list. Cybersecurity is affecting all areas of the industry landscape, from security implementation to attracting top talent to the workforce. Digital transformation The digital transformation we are experiencing impacts many other parts of the security industry as well, bringing opportunities like evolving identity management and collecting and delivering big data to customers. At this critical point in the industry’s development, it is important to embrace change, leverage disruptive technology in ways that give companies a competitive advantage. To determine this year’s Megatrends, SIA surveyed hundreds of executives from member companies To determine this year’s Megatrends, SIA surveyed hundreds of executives from member companies, along with current and recent Securing New Ground speakers and attendees, to identify which previous trends were still relevant, which trends were no longer as impactful and which broad trends should be added to our report. This year’s Security Megatrends 1. Cybersecurity’s Impact on Physical Security: It is important to prioritise cybersecurity for your business, your customers’ business and the vendors with which you work. This trend calls for continual process improvement and investment. 2. Internet of Things (IoT) and the Big Data Effect: The security industry makes use of IoT, analytics, artificial intelligence (AI), robotics and more, and data is coming from everywhere. The industry now faces the challenge of effectively managing and segmenting this information to be pertinent to the user. 3. Cloud Computing: Cloud platforms and applications are becoming prevalent across security solutions. This technology helps security integrators provide managed services and the advantages of off-site systems and services to customers. 4. Workforce Development: With historically low unemployment, finding skilled employees is a challenge to the whole security industry. Security stakeholders need talent with IT, cybersecurity, AI and even privacy expertise, presenting a need to grow students’ interest in the industry. 5. AI: Research firm Gartner predicts a new “democratisation of AI” that will impact more organisations than ever before. Companies are now testing this technology before offering it to customers and exploring how AI data can be used to improve security threat assessment and response. 6. Emphasis on Data Privacy: Growing connectivity brings new concerns over data privacy. Finding the balance between security and convenience is a dilemma the industry must now address. 7. Move to Service Models: The newest home security technologies are strongly impacting installing companies. Systems integrators must find ways to focus on services customers want and need and move to managed service models to make up revenues. 8. Security Integrated in Smart Environments: As everything becomes connected, smart environments will begin to proliferate. Buildings and cities are becoming more conscious, with connected systems now able to automatically respond to and even anticipate the needs of facility users and citizens. We must continue to find ways to make these environments smarter and safer. 9. Identity of the Future: With facial and voice recognition and biometrics growing in popularity and appeal, how will we enter buildings and access networks tomorrow? The industry will anticipate and adapt to constant technological change in identity and visitor management. 10. Impact of Consumer Electronics Companies: The influx of consumer electronics companies and DIY systems means changing rules and players in the security industry. This disruption presents both challenges and opportunities for security companies.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
Gallagher Security, a division of Gallagher Group, a privately-owned New Zealand company, is a global presence in integrated access control, intruder alarm and perimeter security solutions. Gallagher entered the global security industry in the 1990s with the purchase of security access control business Cardax. In the last several decades, the company has leveraged its experience in electric fence technology to develop a variety of innovative solutions used to protect some of the world's most high-consequence assets and locations. Solving business problems Among Gallagher’s recent innovations is the Security Health Check, a software utility that enables customers to run an automated check on their Gallagher Command Centre security system. To get an update on the company, we interviewed Richard Huison, Gallagher’s Regional Manager for the U.K. and Europe, who says he has a passion for technology and solving business problems. Huison says working in the industry for more than 20 years has shown him you can never stop evolving and adapting. Q: What are Gallagher's points of differentiation versus competitors? Huison: Gallagher’s strengths are in solving business problems outside of the normal access control and intrusion detection solutions. Enforcing company policy through compliance and competency is what really matters to business continuity. Using Gallagher Command Centre to oversee the security, health and safety and compliance brings true business value to the client who benefits from reduced costs and risk to the success of their growth and strategy. Q: What is the biggest challenge for customers in the security market, and how does Gallagher help to meet that challenge? Huison: A great solution fit is key. Where most fail is choosing a solution that does not meet the needs of the client in 10 to even 20 years’ time. As businesses evolve and grow, so must the security solution. In a recent conversation, a client had to replace a 300-door access control system that was no longer supported. ‘Why Gallagher?’ they asked. The answer: ‘If you had chosen Gallagher 10 years ago, we would not be having this conversation.’ Ensuing the system you choose is legacy-compliant is king. Gallagher’s brand is well known for protecting Critical National Infrastructure Q: Please describe Gallagher's geographic presence in the UK and Europe. Huison: Gallagher’s brand is well known for protecting Critical National Infrastructure. They choose to adopt our solutions because we meet the highest levels of resilience against cyber-attacks. Our ability to modernise legacy systems ensures the maximum return on investment with minimal disruption to business continuity. Gallagher solutions cover a broad mix of verticals, with strengths in high security, education and large corporate entities. Our Channel Partner network is continually growing so more clients can benefit from the diverse and powerful Gallagher Command Centre software. Q: Describe how Gallagher is typically integrated into larger systems. Huison: Our systems offer the flexibility of being standalone or globally networked via our Multi-Server environment. Most integration happens logically where data is pushing into our Command Centre database. The single point of truth allows for minimal data errors and efficiencies around manual input. The total cost of ownership is greatly reduced in allowing the system to work for the client and not the other way round. Over and above this, Integration into other solutions brings that rich data back to one software front end. Q: What is Gallagher's biggest challenge and how will the company seek to meet that challenge? Huison: Our biggest and continual opportunity is being a relentless innovator. We are not short of ideas and how we are bucking the trends with our solutions. Broadcasting these messages is not always easy in the digital age. This is why Gallagher is investing heavily in more shows, publications and specific vertical conferences globally. Q: What is the market's biggest misconception about Gallagher? Huison: Our brand is known for perimeter solutions with our monitored Pulse Fence. What many forget is we have a very powerful access control and integrated intrusion detection solution that meets Government standards around the world. We are unique in that all three can be controlled via one software platform that is cyber-resilient and infinitely configurable to suit many verticals. Q: What is your message to the security market? Huison: Many see Gallagher as only suitable for large and complex sites. I openly challenge our audience, speak to us and you may find we can provide an Enterprise Level solution that is delivered on budget and provide an outstanding return on investment for the client. Our pedigree of 80 years shows we never stop innovating and building that trusted advisor status with many lifelong clients.
The ban on U.S. government usage of Chinese-made video surveillance products was signed into law last year and was scheduled to take effect a year later – on August 13, 2019. With that deadline looming, there are questions about whether government agencies and departments will comply in time. A year ago, the U.S. Congress passed, and the President signed, a ban on government uses of video surveillance equipment produced by two of the world’s top manufacturers – Hikvision and Dahua. The provision was buried in the National Defense Authorization Act (NDAA) for fiscal year 2019, which the President signed into law on August 13, 2018. The ban, which takes effect ‘not later than one year after … enactment’, applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. Tracking software to detect banned products Forescout Technologies, San Jose, California, provides software to track various banned devicesThe bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. One problem is identifying where the surveillance equipment is being used, which involves either a tedious manual process to search out the equipment or the installation of tracking software to identify it on the network. A federal Department of Homeland Security program called ‘Continuous Diagnostics and Mitigation’ requires use of a detection tool to find any banned products on a network. Forescout Technologies, San Jose, California, provides software to track various banned devices, but not all required agencies have complied with a mandate to secure their networks by tracking every connected device (only 35% had complied as of 2018.) “Without an automated, real-time tool that can detect all of the IT devices – computer or ‘other’ – on your network, there is simply no way to be 100 percent certain that you are compliant with these product bans,” says Katherine Gronberg, Forescout’s Vice President, Government Affairs. Difficult to determine device’s manufacturer Not all equipment is marked to identify its manufacturer; some has been rebrandedAnother problem is the existence of OEM agreements and other supply chain complications that can make it difficult to determine the manufacturer of any given device. A report by Bloomberg says: “A complex web of supply chain logistics and licensing agreements makes it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules.” Not all equipment is marked to identify its manufacturer; some has been rebranded. “There are all kinds of shadowy licensing agreements that prevent us from knowing the true scope of China’s foothold in this market,” said Peter Kusnic, a technology writer at business research firm The Freedonia Group. “I’m not sure it will even be possible to ever fully identify all of these cameras, let alone remove them. The sheer number is insurmountable.” Companies banned under NDAA The NDAA ban covers “public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” It bans “video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, [and] Dahua Technology Company (or any subsidiary or affiliate of such entities).” Hytera Communications is a Chinese digital mobile radio manufacturer. Huawei Technologies Co. equipment has also been banned, including the HiSilicon chips widely used in video cameras. In addition to banning the Chinese equipment in government installations, the NDAA also includes a ‘blacklist’ provision [paragraph (a)(1)(B)], which could be interpreted to extend the ban to companies that use Chinese-made products in other, non-government applications. Rulemaking on that aspect is still under way, including a public hearing in July.
Unmanned aerial vehicles (UAVs), or drones, present a range of threats, from the careless and clueless to the criminal. While many incidents may seem harmless, the threat to any location at any time depends on a range of factors. Drones are inexpensive for criminals to buy or make, and there are continuously improving battery, airspeed, and payload capabilities. UAVs can also fly without an RF signal to jam or hack. Fortunately, sensor technologies including radar are available for security agencies and personnel to protect assets and the public. Radio-wave signals Radar works as a deterrent by sending out a radio-wave signal using a transmitter antenna, and a small portion of that signal reflects off objects in its path and returns to a receiver antenna. The highest performing radars use an antenna technology called Active Electronically Scanning Array (AESA), which enables all-electronic reconfiguration of the antennas. When an AESA radar detects an object, it can ‘focus’ its antennas to track the object, in much the same way as the zoom on a camera does. Multiple objects can be tracked while continuing to scan. Kirkland, Washington-based Echodyne offers a radar product that brings these ESA capabilities to non-military security applications at commercial price points. Combining proprietary hardware with intelligent software, Echodyne produces a compact, solid-state, electronically scanning array Echodyne’s ESA radar Echodyne says they are reinventing radar price-performance for security applications in the ground (people, vehicles) or air (counter-UAS) domains. Combining proprietary hardware with intelligent software, Echodyne produces a compact, solid-state, electronically scanning array (ESA) radar that is affordable for commercial, law enforcement, and governmental customers. The company is backed by high profile investors, including Bill Gates, Madrona Venture Group, Vulcan Capital, NEA, and Lux Capital. “Radar is a sensor,” says Leo McCloskey, Echodyne VP Marketing. “It is most applicable when security professionals can both understand its capabilities and define risk assessment and deployment requirements that call for those capabilities. Our customers are primarily security system integrators and consultancies, which integrate the performance of radar into a sensor array that meets mission requirements.” Radar technology for border surveillance Echodyne was selected by the Science and Technology Directorate of the Department of Homeland Security (DHS) for its Silicon Valley Innovation Program (SVIP) to demonstrate the performance of its radar technology for border surveillance applications. The radar was deployed both in fixed remote surveillance towers and as a lightweight rapid deployment kit for field agents. Able to surveil ground and air domains, the radar combines versatility and commercial price with surveillance capabilities. “We set out to build the world’s best compact, solid-state ESA radar sensor, and we are demonstrating that we’ve reached that objective,” says McCloskey. “We’re excited to introduce these capabilities for other security applications.” Able to surveil ground and air domains, the radar combines versatility and commercial price with surveillance capabilities MESA technology Echodyne’s proprietary technology provides a small true electronically scanning array (ESA) radar. Unlike expensive Active ESA (AESA) phased array radars, MESA requires no physical phase shifters, thus reducing the cost, size, weight, and power by several orders of magnitude while maintaining all the benefits of fast ESA radar. Echodyne combines its MESA technology with an intelligent software suite, Acuity, to produce a configurable, software-defined radar for commercial, law enforcement, and governmental security applications. The capability is also useful for temporary events such as rallies and marathons, and many other market applications “Technology seems to make everything more available to more people over time,” says McCloskey. “What is a retail product today will be a purchased self-assembly kit tomorrow and an improvised self-made drone the following day. The Federal Aviation Administration (FAA) is diligently at work on creating rules for safe UAV operation, though any final rules remain some distance off. As drone volumes increase, delineating friend from foe in the airspace requires clear legal and regulatory frameworks, which are nascent but would help distinguish the threat of nuisance flyers from illegal overflight.” Radar sensor for security applications “Detecting and tracking airspace objects of interest is imperative for airports, chemical plants, oil and gas installations, refineries, water and energy utilities, stadiums and other public spaces”, says McCloskey. The capability is also useful for temporary events such as rallies and marathons, and many other market applications. “As with any product, our applicability will depend on variables like location, terrain, risk assessment, and existing security technologies,” says McCloskey. “Our mission is to deliver the very best radar sensor for security applications.”
Pulse Secure, the provider of software-defined Secure Access solutions, has announced the successful delivery of a project to help Hogarth Worldwide refresh its secure access platform as part of a Zero Trust approach to security. Hogarth Worldwide is a creative production business, providing marketing production and adaptation services for some of the world’s most recognisable brands and global multinationals. Security is a critical part of this service and Hogarth manages its own multi-layered secure access platform. Having grown rapidly over the last decade, the company had reached capacity on its legacy Juniper VPN solution that was also heading towards end of support. With the need to upgrade fast approaching, Hogarth decided to both refresh its secure access platforms to meet greater demand and gain access to more advanced capabilities. Requirement of VPN and NAC platform Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projectsPeter Smith, Global Network Architect at Hogarth, said, “We initially created a shortlist of vendors from the Gartner Magic Quadrant and started examining a few options. Our key criteria was a VPN and NAC platform that was easy to deploy and manage, with strong compatibility across a wide range of devices, plus the ability to adapt.” Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projects. The team at ANSecurity provided guidance to help scope the project and design a technical implementation. “We looked at a number of options, but we felt that Pulse Secure offered the best combination of features and compatibility along with the flexibility we needed to meet our current requirements and future needs,” said Smith. Pulse Connect Secure (PCS) virtual appliances Based on these requirements, Hogarth selected Pulse Connect Secure (PCS) virtual appliances deployed within its main data centres in London and several branch offices across the world to provide VPN access. This is supported by Pulse Policy Secure (PPS), a next-generation NAC appliance that enables Hogarth to gain deeper visibility and understanding of its security posture. The combined solution is deployed as part of a Zero Trust approach to security allowing Hogarth to ensure its distributed workforce is authenticated, authorised and secure when accessing applications and resources across its own data centre and cloud-based resources. The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues The solution is integrated into its Ruckus based Wi-Fi network, Radius authentication server and multi-factor authentication which runs in Azure. The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues and automate threat response to mitigate malware, rogue devices, unauthorised access and data leakage risks. Meeting the requirements of TISAX “The virtual appliance offered better performance than our legacy solution and the Pulse Secure VPN and NAC appliances were easy to deploy with a low management overhead,” commented Smith. “We have a high availability configuration and the built-in licence server makes it easy to add more users or devices as needed.” The new solution has also helped Hogarth to meet the requirements of TISAX (Trusted Information Security Assessment Exchange) that enables mutual acceptance of Information Security Assessments which was a key requirement for several of its clients within the automotive industry. “The upgrade to Pulse Secure has gone very smoothly, we have had no issues and the solution has delivered as expected with the potential to adapt as our security needs evolve,” Smith concluded.
There is a saying that ‘Everything is Bigger in Texas’, and the Dallas, Texas police department is no exception. The city of Dallas is ranked in the top 10 cities in the U.S. in terms of population, at 1.2 million people. The Dallas Police Department is the ninth largest municipal police force in the U.S., based on 3,012 sworn officers. It is led by Chief of Police, U. Reneé Hall. The department is located in the Jack Evans Police Headquarters building, which was built in 2003. It is 358,000 square feet, has six floors, is spread over a three-acre site, has a separate 1,200 car parking garage and a two-acre, open parking lot for additional visitor parking. Prior to 2003, the department was housed in the circa 1914 former City Hall Building. Preventing terrorist attack and hazards Police officials worked with a Police Design Consultant to help design the building to resist terrorist attacksThe Jack Evans Police Headquarters building was under construction when 9/11 terrorists flew airplanes into the World Trade Buildings in New York. That event was preceded by the Oklahoma City Murrah Federal Building bombing in April 1995. Therefore, security was a concern in its design. Police officials worked with a Police Design Consultant – McClaren, Wilson, and Lawrie Architects of Phoenix – to help design the building to resist a terrorist attack and isolate potential hazards. The building also needed to control visitor traffic and access. On an average month, there are 5,000 public visitors to the Jack Evans building. In addition, shots fired at police buildings nationally are not uncommon, says Paul M. Schuster, Senior Corporal/Facilities Management for the Dallas Police Department. Ready to anticipate dangerous crimes “For the most part they are random, single shot drive-by shootings. Often, the officers are unaware that the building has been shot at, until they find a bullet hole in the brick or glass. Increasingly, police tend to be a symbol of government and some citizens see that as a visible target to lash out at. Police officers are trained to expect the routine types of calls, such as domestic violence, traffic accidents, and other crimes. Yet they must be flexible to anticipate the non-routine that can be dangerous and change in a heartbeat.” On June 13, 2015, after midnight, a 35-year-old male placed a duffle bag with a remote-controlled bomb to detonate later between cars in the parking lot of the headquarters building. The suspect then began shooting continuously at the lobby windows. Officers responded to the scene, a vehicle chase began, and the incident ended outside the city. Luckily officers in the lobby took cover and were not injured. Conducting building security assessment The assessment included testing various construction materials for bullet resistance to various types of weaponsFollowing that incident, the Dallas Police Department conducted a security assessment of the building and also at seven patrol stations throughout the city. The assessment included testing various construction materials for bullet resistance to various types of weapons. Gensler Architects and Guidepost Solutions, LLC developed the solutions and plans. “Yesterday we were concerned about handguns, today we are worried about rifles, and the idea of terrorism is always present with outright attack or bombs,” Schuster notes. “The police officers and police staff only want a place that is safe and where they can do their good work.” Funding of $1.3 million was approved to upgrade the lobbies of the seven patrol stations to withstand rifle rounds, and $1.9 million to improve headquarters lobby security, and to upgrade an aging security system. Turner Construction Company and Convergint Technologies, LLC conducted the renovations and security technology integration. Challenges in upgrading lobby security Visitors were allowed free entry into the lobby and were only screened in an open area to the side if going to other floorsThe headquarters’ lobby was initially designed as a two-storey glass-walled structure, with an information desk and public records service windows. Visitors were allowed free entry into the lobby and were only screened in an open area to the side if going to other floors. “The challenge in upgrading lobby security was the two-storey lobby entrance glass. The glass was not bullet rated, due to budget constraints. Changing the front of the building to support ballistic rifle-rated glass would have caused extensive time, exposed the inside of the lobby to weather, and would not have solved all of the security issues,” Schuster says. “In addition, there were concerns about keeping an ‘open’ and friendly service concept in mind and ensuring that the lobby would not resemble a ‘fortress’,” Schuster notes. Bullet-rated glass and bullet resistant wall The solution was to keep the existing exterior unchanged and focus on adding a layer of security once a person enters the lobby. Visitors now enter the headquarters and immediately proceed to a side room where security screening is conducted. Once inside the screening room, the visitor has belongings x-rayed, and they walk through a metal detector A new secondary wall with bullet-rated glass and solid bullet resistant wall materials was constructed inside the lobby to channel visitors to the room. Once inside the screening room, which also has bullet resistant walls, the visitor has belongings x-rayed, and they walk through a metal detector. In the event that anyone was to produce a gun and begin shooting, the incident could be contained inside that room. Tourlock 180+90 security revolving door Once a visitor has been cleared, they proceed into the main lobby via a Boon Edam Tourlock 180+90 security revolving door. This automatic, four-wing door is the most advanced, security revolving door in the Boon Edam product range that offers maximum throughput, allowing users to enter and leave the building simultaneously. In the event that a large number of persons try to force their way into the facility, the Tourlock 180+90 will determine that more than one person is trying to enter and will reject the person and lock out any others from entering. Once a visitor is ready to leave the lobby and exit the building, they pass through another Boon Edam Tourlock 180+90 that leads to a vestibule with exterior swinging doors. In the event that someone tries to go back into the lobby from the front vestibule area, without going through the security screening room, the Tourlock security revolving door will reject their entry. Preventing tailgating and piggybacking The Boon Edam security revolving doors accurately prevent both tailgating and piggybackingThe Jack Evans Headquarters security upgrades for the lobby improved security and still kept the best aspects of the lobby design, including the antique police car, and the overhead police helicopter. The Boon Edam security revolving doors accurately prevent both tailgating and piggybacking, and provide the department with maximum security while controlling traffic flow. “While it would be great to have a building totally open to the public and then add security as needed, such is not the world we live in anymore,” Schuster adds. Future security plans include exterior site security upgrades to the patrol stations and the headquarters to include security fencing with card access controls for fleet and employee vehicles at each of the sites.
Ports of Jersey operate the island’s busy harbours and airports, providing high-quality services and facilities to enrich the experiences and journeys of their customers, with Jersey Marinas offering 1,000 berths across three award-winning locations close to the vibrant waterfront at St Helier. At very busy times of the year, such as the annual Jersey Regatta, the sheer volume of visitor traffic arriving from both land and sea can present serious problems. With particular challenges arising from managing car parking, and the issuance of port entry digital keys for boats harbouring. Smart access control solution Ports of Jersey needed a smart access control solution capable of managing short-term parking at St Helier harbour Ports of Jersey needed a smart access control solution capable of managing short-term parking at St Helier harbour. The system needed to be intelligent enough to manage complex bookings for use by berth and mooring holders dropping off and loading gear onto boats, before parking elsewhere long-term. The existing solution was no longer cost effective, and was open to abuse by some users. In addition, Ports of Jersey also required an upgrade to the out of date Jersey Marinas security gate access control system. At peak times this system needed to be able to cope with rapid, high capacity issuance of smart cards to vessel owners and boat crews wishing to access the marina and marina hospitality faculties. Smart installation SALTO partner JMH Technology was asked to provide a new car park access control solution and resolve the looming problem of needing to issue 1,000 cards, at a cost of over £100,000. A replacement car park access control system was installed based on new technology smart cards and 2,000 cards issued. This project was highly cost-effective with installation and card issuance totalling less than just card issuance on the previous system. Future savings also assured thanks to a choice of more cost-effective cards. Abuse of short-term parking has been cut, and the experience for visitors is improved. JMH Technology is in the process of adding more reader-controlled doors To drive yet more efficiency and further reduce overheads the system has subsequently been updated at both St Helier and Albert Pier car park, with smart installation of the latest SALTO access control technology. The upgrade continues, and JMH Technology is in the process of adding more reader-controlled doors and smart handles across the facility. Security assessment A full security assessment was carried out at Jersey Marinas, and a decision taken to replace all of the expensive and temperamental mechanical code locks with a full online access control system. By engineering a bespoke solution that integrated a SALTO kiosk system with a touch screen unit interface, Jersey Marinas staff are now able to allocate more than 500 cards during the high-tide window. With extra capacity on tap when they need it to cope with high demand at peak times, and valuable cost savings made. The SALTO system provided is technically robust and cost-effective to expand. As a partitioned system Ports of Jersey now have a global overview, with each department able to see the section relevant to them. This enables micro management of cost savings across equipment and cards and allows staff to get permissioned access to all necessary parts of the Ports infrastructure without delay.
Retail banking combines a demand for high security with complex workflows. Staff need efficient access. Facility managers need the flexibility to design access permissions around individual needs, so not everyone can access every area whenever they choose. Nobody wants to carry or track large numbers of keys. These were the requirements, managers of Creval — a regional bank in Italy — faced when seeking an alternative to a mechanical master-key system. Creval needed new access control devices to become an integral part of a security system for assets and people with the highest level of protection. They sought locks to offer a durable, secure and flexible alternative to standard mechanical security. They found an easy, electronic way to administer a powerful, user-friendly system based on battery-powered physical keys and secure, advanced microelectronics. Flexible high-security locking Staff carry a single, battery-powered eCLIQ key, programmed with only the right preauthorised access permissionsCreval chose eCLIQ key-based wireless access control for its banking premises. Bank doors across the Lombardy region are guarded by more than 30 durable eCLIQ cylinders, putting Creval managers in complete control of entrance security. eCLIQ is a scalable electronic extension of the CLIQ access control system deployed in critical infrastructure sites across Europe. Cylinders are fully electronic, protected against manipulation and with 128-bit AES encryption built into both lock and key microelectronics. Staff carry a single, battery-powered eCLIQ key, programmed with only the right preauthorised access permissions. Time-limited access rights Creval’s security manager is now able to grant access based on scheduled times and specific doors, and right down to the level of the individual site user. It is also straightforward to set time-limited access rights for a user key, increasing security if a key is lost. Audit trails and event logs are collected to the same, fine-grained degree. Key management is easy with software operated from a local PC or securely on the web via a standard browser. In the unlikely event a key is misplaced, Creval administrators simply delete its validity from the system. “We are satisfied with the results of the new access control system,” says Claudio Brisia, Logical Security Manager at Creval headquarters in Sondrio.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognising there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving school security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organisations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
A new Concierge and Physical Security Information Management (PSIM) solution from Intergrated Security Manufacturing (ISM) is protecting two tower blocks in Haringey, enabling authorised council employees to control door access and manage fire and security systems from anywhere within the council’s estate. Newbury House, Finsbury House, John Keats House and Thomas Hardy House in Wood Green, London, already feature four of ISM’s state-of-the-art Ultimate door entry systems as well as another two, third-party technology systems (Elizabeth Blackwell and George Lansbury) from Entrotec, utilising its Apex Dual path speech technology. Thanks to the Genesys PSIM from ISM, multiple technologies can be controlled, regardless of the manufacturer, providing enhanced security to residents in 510 flats across the six towers. This delivers greater flexibility and control, eliminates the potential disruption caused by installing new equipment, and protects the council’s legacy investment. It also means that further buildings with existing ISM or Entrotec systems can be added as required with only minimal additional investment. Integrated security system Genesys allows the integration not just of door entry systems, but also multiple systems from multiple manufacturers – all from one holistic integrated security system. Every electronic security or fire safety device from CCTV and intruder alarms to electronic locking and public address can be monitored and controlled from a single platform. Most importantly, it features Migrating 3+ technology, a patented automatic failover technology that adds higher levels of automatic configurable redundancy and power. Control is effectively distributed across multiple workstations. "To improve our efficiency and give faster responsesto our residents we neededto provide conciergeservices to all our estates" Len Fevrier at Homes for Haringey has been impressed with the system and how it has performed so far: “We have used the ISM Ultimate door entry products and its Genesys 2 control room software platform extensively in the Borough over many years and have enjoyed excellent product reliability and technical support. To improve our efficiency and give faster responses to our residents we needed to provide concierge services to all our estates,” he says. “The development of the Entrotec integration into the Genesys platform, allowed Haringey to combine technology, including CCTV and fire, without going to the expense of replacing legacy door entry equipment unnecessarily. This delivers a much-needed saving during these challenging economic times for local councils, and we plan to roll this system out across the rest of the Broadwater Farm Estate and potentially other sites in the borough.” Intuitive software Managing Director of ISM, Stephen Smith, says this project is a perfect example of the flexibility of Genesys and its door entry system range: “Genesys is a ‘true’ PSIM system built around intuitive software that combines a range of industry leading features and benefits including an enhanced graphical user experience and 3-D modeling and a comprehensive event management database. Events and alarms from any integrated security application are presented to the operator clearly as and when they happen.” The PSIM software operates as a standalone platform over LAN or WAN networks for remote and local sites with workstations that can be transferred to any operating security control room on the network. This offers the end user flexibility when closing down sites or buildings for off-peak or out of normal working hours or in the unlikely event of any system failures. Ultimate is a fully addressable digital telephone entry system that is robust in design and easy to install. Unlike other door entry systems on the market it has multi speech paths that allow numerous conversations to be had at one time Such was the complexity of the project, that from initial design of the system to completing the installation took around two years to complete. Fire alarms, access control and CCTV can all now be controlled from one computer from any of the Council’s network.
Round table discussion
Fire and security systems are two elements of the same mission: To keep buildings and their occupants safe. However, the two systems often operate independently and may not be integrated. Should there be more integration and what are the pitfalls? We asked this week’s Expert Panel Roundtable: What are the challenges and opportunities of integrating security and fire systems?
RFID and smartphone readers in physical access controlDownload
Access control & intelligent vehicle screeningDownload
How plate reader technology increases your perimeter securityDownload