Dr. Rick Rigsby, a renowned communicator, author and viral video star, will share his motivational message titled ‘Making an Impact’ during the ESX Keynote Luncheon on June 4 in Indianapolis. A video of Rigsby’s inspiring commencement speech to the California State University Maritime Academy went viral in 2017, racking up more than 200 million views worldwide. His book, Lessons from a Third Grade Dropout, is a USA Today, Wall Street Journal and Amazon bestseller. Rigsby&rsquo...
Taking place 16 - 17 of April 2019, this will be the ninth edition of Securex West Africa. Having firmly established itself as the region’s leading exhibition and conference for the commercial, perimeter, cyber and homeland security, fire and safety industry, this year’s show is expected to attract more than 2,500 visitors, 85 exhibiting brands along with key industry stakeholders from governmental organisations and prominent industry associations. Among the show floor features due...
Keysight, the test and measurement vendor, has released the results of a survey sponsored by Ixia, on ‘The State of Cloud Monitoring’. The report highlights the security and monitoring challenges faced by enterprise IT staff responsible for managing public and private cloud deployments. Cloud environment The survey, conducted by Dimensional Research and polling 338 IT professionals at organisations from a range of sizes and industries globally, revealed that companies have low visi...
As the Internet of Things (IoT) and other trends drive the convergence of physical and information security, integrators and end users attending ISC West may be struggling to keep pace with new areas of responsibility and expanding roles in the larger security ecosystem. Help is here. The Connected Security Expo, co-locating with ISC West, focuses on building a holistic security strategy for the connected enterprise. Exhibitors will focus on how physical and information security can be used tog...
In an unprecedented collaboration within the fire and security industry, three not-for-profit organisations with expertise in fire and security doorsets have combined their knowledge to offer guidance on a newly-published document on flat entrance doorsets. The joint publication: ‘A Guide for Selecting Flat Entrance Doorsets; A publication for housing associations, landlords, building owners and local authorities in England’, relates to new doorsets and is the product of DHF (Door &...
The Security Industry Association (SIA) has selected Mark McCourt as the recipient of the 2018 Sandy Jones Volunteer of the Year award, which recognises SIA volunteers who have made tireless efforts to expand SIA’s programs and services. SIA will present McCourt with the award at The Advance, SIA’s annual membership meeting, during ISC West. SIA Autonomous Robotics Working Group Mark McCourt, head of commercialisation at Cobalt Robotics, has made valuable contributions to SIA, incl...
Tavcom Training, part of the Linx International Group has launched an online course providing essential training and information for all individuals involved in managing and using Body Worn Video (BWV) equipment. The course takes approximately 10 hours to complete and provides an introduction to BWV, the practical use of the technology, as well as guidance regarding policy and regulation. BWV is becoming commonplace for safety and security professionals working in areas such as guarding and eventing stewarding. It has also been embraced by many of the 43 police forces in England and Wales, as part of their digital transformation strategies. These mobile surveillance cameras have the potential to deliver an invaluable source of information for use in investigations These mobile surveillance cameras have the potential to deliver an invaluable source of information for use in investigations and submitting as evidence to the Crown Prosecution Service (CPS) to secure more successful prosecutions. However, BWV needs to be implemented, used and managed correctly in order to ensure the footage is admissible and the chain of custody is protected. Incident management and personal safety tool Sales and Marketing Director of the Linx International Group, Sarah Hayward-Turton states: “Establishing a clear policy and sound operational practice ensures the benefits and capabilities of body worn video are maximised for full effectiveness as an incident management and personal safety tool.” Hayward-Turton adds: “This short yet comprehensive course is ideal for anyone that is considering, in the process of, or currently using body worn video for safety, security and law enforcement.” The new Body Worn Video course covers the following topics: Understanding BWV concept and technology National (policing) guidance & standards Regulatory environment & BWV BWV Privacy Impact Assessments Privacy issues & mitigation Policy development Practical use of BWV equipment Recording guidelines Evidential continuity Professional standards
Wrike, the collaborative work management (CWM) platform for high-performance teams, continues to remove the security barriers preventing enterprise companies from adopting a cloud-based CWM platform. The company announced today that it is has earned the ISO/IEC 27001:2013 certification from the British Standards Institution. This recognition demonstrates Wrike’s relentless commitment to protecting customer data and supporting the most rigorous security standards. Wrike also announced the availability of Wrike Lock and Customised Access Roles, as well as five other new security features, including cloud access security broker (CASB) integration support. Collaborative work management (CWM) Enterprise-wide deployments offer significant benefits to company productivity" “Collaborative work management is how businesses are responding to a more tech-savvy workforce that expects the flexible benefits of collaborating and managing all kinds of work – not just formal projects,” according to IDC Research Director for Social, Communities, and Collaboration, Wayne Kurtzman. “Often starting in small teams, enterprise-wide deployments offer significant benefits to company productivity, but often require complex security and governance requirements. Wrike Lock, as well as the company’s other enterprise-grade security features and certifications, make Wrike an attractive and viable option for enterprise customers.” Wrike platform security features A security pioneer, Wrike has been focused on bringing enterprise-grade security to the CWM market since the company was founded in 2006. The Wrike security strategy includes a comprehensive approach across five categories: physical, network, system, application, and people. The new Wrike platform security features include: Wrike Lock is an add-on feature that allows customers to own and manage the keys to their encrypted Wrike data, giving them data access control and audit capabilities even though their data is in the cloud. CASB integration support allows customers to use the CASB offering of their choice to enforce enterprise security policies on their Wrike data, enabling them to spot unusual user activity easily and better protect data stored in the cloud. Customised Access Roles ensure better privacy and content integrity by enabling customers to create roles with unique permission sets that satisfy a variety of access and sharing requirements. Access Reports enable customers to quickly and easily see which users have access to folders, projects, and tasks, as well as any tasks with attachments that external guest users have been invited to review. Selective sharing allows customers to make it so that folders and projects do not follow the default of inheriting sharing settings from parent folders or projects, giving greater access control over specific subfolders and subprojects. New sharing interface makes it easier and more intuitive for users to modify sharing settings, better enabling and encouraging them to take greater control of access to work in Wrike. New antivirus feature will scan files for viruses before being uploaded to Wrike, which will enhance the security of users’ devices by mitigating the risk of uploading or downloading infected files from Wrike. This feature will be available in 2H 2019. Security a top concern Upcoming security features demonstrate our commitment to making Wrike the most secure CWM platform" “Security is a top concern for enterprise companies, and rightly so, but SMBs often fail to examine new apps and tools with the same level of scrutiny – and they do so at their own peril,” said Wrike Founder and CEO Andrew Filev. “In today’s digital world, the moment you believe you are secure is the moment you open yourself to an attack or breach, regardless of your company’s size. The ISO certification, Wrike Lock, and all of our new and upcoming security features demonstrate our commitment to making Wrike the most secure CWM platform on the market, and we will continue to invest in the security of our services to exceed industry standards.” ISO/IEC 27001:2013 certification The ISO/IEC 27001:2013 certification ensures Wrike has an end-to-end security framework and a risk-based approach to managing information security and illustrates Wrike’s commitment to a mature and robust security strategy. ISO/IEC 27001 is the most highly regarded and only internationally recognised standard for the establishment and certification of an information security management system (ISMS). It provides a set of requirements for an ISMS, establishing a systematic, risk-management-based approach to people, processes, and IT systems to protect sensitive company information.
UNION has launched CodeGUARD 5, the first access control device available to meet the new BS 8607 grade 5 standards. High-security push button locks The recently introduced grade 5 standards provide the most stringent level of security and access control for mechanical push button locks to date. Providing an extremely strong level of attack resistance, grade 5 was introduced because of the need for a high-security push button lock, and UNION is the first manufacturer to answer this need. Grade 4 – previously the highest level – could only meet the required standard with the help of an additional integral locking unit. In contrast, a grade 5 device such as CodeGUARD 5 delivers a ‘one-stop’ security and access control solution, where the latch and lock are integrated and tested together. As a result, CodeGUARD 5 offers users an automatic deadlocking unit, whereas a grade 4 product is reliant on key holders to lock a door. CodeGUARD 5 access control solution Featuring BSI Kitemark certification, CodeGUARD 5 provides access control and security in a single package Featuring BSI Kitemark certification, CodeGUARD 5 provides access control and security in a single package, delivering assured protection for securing people, assets and data, while offering the convenience of access control without the need for wiring. One of CodeGUARD 5’s key features is its 20mm deadlocking latch. This means it will not succumb to the kind of physical attacks that mechanical push button locks typically undergo, such as a crowbar being placed between a frame and lock to force a door open. Mechanical push button lock system Furthermore, the mechanical push button lock system is secured through more than 2,000 code combinations. Unlike its competitors, the unit is also always supplied to customers with a passcode different to the standard factory settings, for optimal security. Providing extremely high corrosion resistance, the new CodeGUARD 5 solution is also ideal for perimeter security applications. The system has undergone a salt spray test for 240 hours to demonstrate its capabilities in highly corrosive environments, with its aesthetics and performance unaffected over time. Fire doors CodeGUARD 5 is offered with universal handing and fixings, so the system is easy to order and specify too Suitable for 30- and 60-minute timber fire doors, and 240-minute metal fire doors, CodeGUARD 5 is offered with universal handing and fixings, so the system is easy to order and specify too. This is all backed by a three-year guarantee, offering the kind of high-quality product assurance that customers have come to expect from UNION. Karen Hubbard, Product Manager at UNION, said: “Whatever the application, CodeGUARD 5 delivers unmatched strength and durability. Building on our reputation and heritage, which dates back to 1840, CodeGUARD 5 is the toughest push button lock available, meeting the latest grade 5 standards for BS 8607.” People and asset protection Karen adds, “The solution brings together security and access control as has never been seen before – protecting people and assets even under determined and prolonged attack. CodeGUARD 5 comes with more than 2,000 code combinations, offering a huge advantage over many competitor products where pre-set factory codes have been a real weakness in the past. This is all complemented with a smart and stylish finish, with CodeGUARD 5 featuring an ergonomically-designed handle that would suit any modern environment." “There is no other mechanical push button lock available that comes close in terms of strength and robustness. As such, CodeGUARD 5 is ready to set a new benchmark for mechanical access control.”
Aqua Security, global security platform provider for securing container-based and cloud native applications, has announced the availability of version 4.0 of the Aqua cloud native security platform, introducing new security and compliance controls for serverless functions and Linux hosts. As enterprise development and deployment of cloud native microservices-based applications continue to accelerate, Aqua enables security teams to manage and enforce security policies across a blend of VM-based containers, Containers-as-a-Service (CaaS) and Function-as-a-Service (FaaS) spanning both multi-cloud and on-premises environments. Gartner Distinguished VP Analyst, Neil MacDonald, notes that “securing serverless will force information security and risk professionals to focus on the areas we retain control over. Specifically, the integrity and assurance of the code, identities of the code and developers, permissioning, and serverless configuration, including network connectivity.” Serverless security solutions Aqua’s comprehensive serverless security solution now includes a full chain of controls to discover functions across multiple cloud accounts Aqua’s comprehensive serverless security solution now includes a full chain of controls to discover functions across multiple cloud accounts, scan them for vulnerabilities, detect excessive permissions and configuration issues, and provide function assurance – preventing the execution of untrusted or high-risk functions based on defined policies. The key controls for serverless environments include: Functions discovery: Creating an inventory of functions stored across cloud accounts. Vulnerability scanning: Deep scanning of a functions packages and dependencies for known vulnerabilities (CVEs), based on multiple sources and supporting multiple programming languages. CI/CD Integration: “Shifting left” beyond scanning existing functions, Aqua provides development teams with plug-ins for Continuous Integration environments to detect security issues as functions are being built. Permissions Assessment: Identifying use of excessive or over-provisioned permissions specific to the serverless cloud environment, and monitoring for unused permissions –reducing the potential attack surface of a function. Sensitive Data Assessment: Detecting secrets and hard-coded keys within the functions themselves, or within environment variables, specific to the cloud environment – for instance AWS credentials or Azure Authentication keys. Function assurance: Security teams can set policies to determine the risk threshold to allow or disallow function execution, based on a variety of factors including CVE severity, CVSS score, sensitive data, and permissions. Function anomaly detection: Monitoring of function usage patterns and alerting on sudden spikes in the frequency or duration of function execution. Enhanced security controls Another significant addition to the Aqua platform is tighter controls to secure the Linux hosts that run containers. This addresses potential risks from vulnerabilities such as the one discovered earlier this year when a severe new vulnerability (CVE-2019-5736) was disclosed in runc, a component used in most container runtimes which is part of Linux OS distributions, highlighting the need for securing the container stack at both the workload and host levels. The new technologies supporting cloud native applications require a holistic approach to security and compliance" “The new technologies supporting cloud native applications require a holistic approach to security and compliance, across the application lifecycle as well as up and down the stack, and this has become more evident in recent months with significant vulnerabilities discovered in Kubernetes and runc for example,” notes Amir Jerbi, CTO and co-founder at Aqua Security. “With this new release from Aqua, our customers can protect their applications against those, as well as yet undiscovered vulnerabilities by implementing tight compliance and whitelisting-based zero-trust security.” Aqua 4.0 security platform Aqua 4.0 builds on previous Aqua host protections that already included testing hosts according to CIS (Center for Internet Security) benchmarks, scanning hosts for known vulnerabilities, and monitoring user logins, to provide: Malware Scanning: Detecting malware in the host OS, or any of its components. Vulnerability scanning: Scanning for CVEs found in the host OS, or any of its components. Whitelisted and Blacklisted Users and OS Packages: Security teams can specify which types of users and OS packages are either allowed or forbidden from being used on a host. User Activity Monitoring: Aqua now logs all user commands on the host OS for security and compliance tracking (in addition to the previously available user logins and login attempts tracking) CIS Benchmarks Testing: Having achieved CIS certification for its Kubernetes benchmark, Aqua now provide detailed information on each benchmark test success/failure to provide teams with remediation information. Custom Benchmark Scripts: Enabling the upload of scripts that customize benchmarks to account for configurations that aren’t supported in the standard CIS benchmarks, including Kubernetes clusters on Red Hat OpenShift. Host Assurance: Allowing to set policies that will determine a threshold for host compliance and security risk based on the results of the above scans and checks and generate alerts and audit events upon policy violations. Aqua CSP v4.0 will be generally available in mid-March for existing customers and new deployments.
Together with Munich’s municipal utility operator “Stadtwerke München”, Airbus has equipped the 55th Munich Security Conference (MSC) with mission-critical and encrypted communication solutions. The organisers thus opted for a highly modern Tetra system – for the eighth time in a row. It supported around 120 personnel who coordinated logistics and protected high-level participants in the fields of international politics, business and media. The Airbus technology comprised two base stations (TB3c and TB3hp) at the convention centre “Bayerischer Hof” in Munich’s city centre and provided best indoor coverage. Moreover, a third base station was placed in the vicinity of Munich’s airport. The latter helped to better conduct the arrival of international delegates. All in all, this professional communication system improved the event’s overall security. Honouring academic accomplishments A fourth base station was placed in the plenary hall of the Bavarian parliament during the John McCain Award ceremony. This unique event in the context of the MSC honours outstanding academic accomplishments in the presence of top international politicians. Airbus supplied professional devices, such as the Tactilon Dabat, which combines a secure Android smartphone with a Tetra radio Airbus supplied professional devices, such as the Tactilon Dabat, which combines a secure Android smartphone with a Tetra radio. Specific applications, which were designed for this event, facilitated security checks and indoor geolocation. At the same time, Stadtwerke München provided the Airbus TH1n – the world’s smallest Tetra radio – to the conference staff, including the German Armed Forces (Bundeswehr). It is particularly suitable for covert use and has proven its effectiveness at the MSC for years. Reliable mobile communication services “Since 2012, Airbus has served us with highly reliable mobile communications services. Consequently, we have decided to extend the contract with Airbus until the year 2021 to support our yearly conference in Munich,” said Benedikt Franke, Chief Operating Officer of the MSC. Initially launched in 1963, over the past years, the MSC has become one of the most important conferences in the fields of foreign and security policy. Each year, it gathers high ranking policy makers from across the world with a forum for constructive discussions of current and future security challenges. Like every year, numerous guests from Germany and abroad are expected to attend the conference.
Production and customer processes at global steel fencing systems manufacturer, Zaun Ltd. have been through the mill of audits in recent weeks – by customers, the security ratings standards body and an international certification agency. Re-accredited to SR4 to SR1 ratings Firstly, Zaun’s processes have been re-certified to the 2015 standard of ISO9001 by Bureau Veritas. The 2015 standard puts more emphasis than its 2008 predecessor on stakeholder impacts and requires greater awareness of risks by the manufacturer. Zaun’s SR product range has been re-accredited to SR4 to SR1 ratings Conversely, the scrutiny by the Loss Prevention Certification Board at the Buildings Research Establishment is entirely on the security performance of products in their actual installed state. Zaun’s SR product range has been re-accredited to SR4 to SR1 ratings. National Infrastructure certification But the acid test surely is when a customer with the need for Critical Protection of National Infrastructure (CPNI) gives you a ringing endorsement – which is exactly what one of Zaun’s largest and longest-standing CPNI clients has just done. Quality control and health & safety manager Dave Sayers, who has driven continuous improvement at Zaun, has a raft of developments to put in place for the new standard, with the emphasis more on people, training and the environment. He says: “This has to be driven from the top, so senior management have to be on board to ensure we embed a passion for people, training and the environment and a focus on quality and excellence throughout the organisation. The first thing any auditor does is to interview a director to ensure there is senior management buy-in.” Monitoring of deliveries Just last month, Bureau Veritas gave Zaun a ‘flying colours’ re-certification of its ISO9001 standard with only a couple of observations for improvement. Zaun has undertaken extensive work through its continuous improvement plan to understand its processes and how they interact and impact on each other. It is now monitoring that all deliveries arrive right first time, which includes them being on time, in the right quantity and of optimum quality. It has also introduced KPIs for complaints handling and is so far performing pretty favourably. Sayers says the drive is never 'for the sake' of getting the certification but is rather driven by customer demands.
The oil and gas market is driven by a number of technology trends, political issues, waves of supply and demand, and regulations. At times, it seems like the market is in a constant state of ebb and flow, with business affected by traditional drivers, such as government mandates and operational efficiencies, and other non-traditional markers, like challenging weather conditions (consider the 2017 hurricane season as an example). Additionally, the global economy continues to grow, propelling increased energy demand. But like nearly every other market today, the oil and gas market is on the brink of a sea change. According to Deloitte’s 2018 outlook on oil and gas, “the digital revolution is here.” The sheer volume of information and data generated by digital devices, such as those associated with the Internet of Things, will allow producers to leverage rich data and combine it to deliver smart, efficient solutions. The rise of digital technologies is unleashing new ideas across the oil and gas industry and even though we are in the beginning stage of being able to harness the power of these types of technologies, innovative ideas are emerging — all designed to support the core business, reduce internal investments, deliver products faster, boost efficiencies, and enhance safety. Maximised operations and increased ROI This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand This is welcome news because there are a number of challenges facing the oil and gas industry, from improving reserve replacement and ensuring workplace safety to reducing operating costs and limiting downtime. All of these objectives must be achieved while maximising operations and increasing overall return on investment. Never has it been more crucial for critical infrastructure organisations to demonstrate a focus on safety, security, and collaboration. Here's why: Growth and demand According to the U.S. Energy Information Administration, world energy consumption will grow by 56 percent between 2010 and 2040. This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success. Compliance Continuous demand is only one challenge; compliance with industry and government regulations is another significant hurdle that must be maintained or there is risk of production shutdowns. For example, the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) impose comprehensive federal regulations for high-risk chemical facilities, requiring organisations to conduct vulnerability assessments. This is just one of many regulatory procedures sites must follow to conform to environmental protections, safety precautions, and safe handling of hazardous materials. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success Threat protection, mitigation, and collaboration In addition to meeting the requirements of regulatory procedures, mitigating risk in this industry propels leaders to develop stringent strategies to ensure robust protection of people, property, and assets, effective and efficient response to incidents when they occur, and procedures and protocols to ensure business continuity in emergency situations. Energy providers require comprehensive safety planning and technology systems that can augment the capabilities of on-site and remote personnel. In recent years, video solutions have become the standard for monitoring facilities, assets, and employees, and now these organisations require enterprise-class solutions that can help gather intelligent data that allows for enhanced security and safety efforts but also focus on processes that enhance operational efficiencies. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market IT security is also a concern. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market. An IT breach can cause operational havoc, risk to the public, and damage to an organisation’s brand. Adopting a continuous improvement approach to a security strategy safeguards and helps protect valuable company information and reduces the likelihood of an incident. Also, collaboration between IT and physical security leaders and the correlation of both departments' data makes it much easier to identify a potential breach before havoc ensues. The digital age With the rise of the digital revolution and the demand for data to improve insight, oil and gas producers and businesses need to find new ways to capture data, correlate it as needed, and then leverage it to make the most informed decisions. Software platforms are being used in a wide variety of applications to provide a single pane-of-glass view that allows operators to gain critical insight into operations. By collecting intelligence from digital sensors, such as video surveillance cameras, open-source Web intelligence, building systems, crowdsourcing, weather sensors, mobile devices, and more, operators can detect potential risks and manage and respond to situations more efficiently. Furthermore, information can be shared easily with multiple agencies, employees, citizens, and first responders — especially valuable in the event of a safety incident where rapid response is paramount. By creating a single enterprise-wide view across disparate systems and technologies, organisations experience improved response times, lowered operational costs, and increased employee safety. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically Traditional command centers Intelligent solutions, such as those derived from the idea of artificial intelligence, help organisations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command center technologies within the oil and gas industry, fusing critical data input from emergency calls and responder activity to enhance situational awareness. With traditional command centers relying mostly on call and radio updates, visibility can be limited, but new digital platforms enable operators to oversee a situation and engage with and direct the response force. Overall, these types of automated functions deliver a simplified and modernised operating environment. The future is the Intelligent SOC Oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets All of these digital solutions are designed to take center stage within the Intelligent Security Operations Center (ISOC). To combat advanced, multi-stage threats, oil and gas facilities are transforming the traditional SOC into the next-generation unified ISOC with an integrated platform for detection, investigation, communication, and response. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically. Energy providers operate in challenging, fast-moving environments in which opportunities, requirements, and regulations can vary widely, change quickly, and evolve significantly over time. As the idea of the digital age continues to transform this market, new technologies will be more widely used to improve business operations from exploration and extraction to transportation and distribution. With the right technology, strategic partnerships, and enhanced situational awareness, oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets, while continuing to focus on achieving business goals that will sustain supply and demand for years to come.
According to the reports of not-for-profit organisation Gun Violence Archive, the year 2018 has seen 323 mass shooting incidents as of November 28 in the United States. This number is 346 for the year 2017 and 382 for 2016 (more statistics are available here), with “mass shooting” defined as cases where four or more people are shot or killed in the same time period and location. While definitions of mass shooting vary with organisations in the US, the count of over 300 incidents per year, or about once per day on average, is simply alarming. It raises public safety concerns, ignites debates and protests, which in turn lead to public unrest and potentially more violence, and increases costs for governments from the regional to federal level. Most importantly, the loss of lives demands not only improvement in post-incident handling and investigation, but also new prevention technologies. Gunshot detection solutions AI weapon detection offers a more efficient alternative to prevent active shooting There are several gunshot detection solutions in the security market, commonly used by law enforcement agencies to detect and locate gun fires. These systems function based on acoustic recordings and analyses and often in combination with signals detected by sensors of the optical flash and shockwave when a gun is fired. However, gunshot detection by nature dictates that the law enforcement can only react to a shooting incident that has occurred. With fast action, law enforcement can prevent the incident from escalating, but lives that are lost cannot be recovered. With the development of artificial intelligence in object recognition, AI weapon detection offers a more efficient alternative to prevent active shooting: AI can visually detect guns based on their shapes before they are fired. The AI is trained to recognise firearms in different shapes, sizes, colours, and at different angles in videos, so that the AI weapon detector can be deployed with existing cameras systems, analyse the video feeds, and instantly notify security staff when a gun is spotted. Comparison of the advantages for law enforcement and public security agencies Legacy gunshot detection using sensors AI weapon detection Reactive measure: detect after guns have been fired Proactive measure: detect before guns are fired Time to action: within 1 second Time to action: within 1 second Unable to provide visual data about shooter(s) Can provide data about shooter(s) based on the camera recording: clothing, luggage (backpack, handbag, etc.), facial features, vehicle Unable to track the location of the shooter(s) before and after shooting because of the lack of sound Can track the shooter(s) using AI Person & Vehicle Tracking, AI Face Recognition, and AI License Plate Recognition False detection caused by similar sound such as fireworks and cars backfiring Minimal to no false detection, as AI can distinguish different types of handguns and rifles from normal objects (umbrella, cellphone, etc.) Require physical deployment of gunshot detection sensors Can be used with existing camera systems, do not require special hardware Complicated to deploy, require highly trained professional Easy to deploy as an add-on to existing video surveillance system - Can integrate with gun-shot detection to create a “double knock” audio and video active shooter alert system Gun-shot detection advantages In addition to advantages for law enforcement and public security agencies, this type of visual-based pre-incident detector has three-fold advantages for the public: Save lives by spotting the shooter before the shooting event. Minimise the chaos entailing an incident: panic and chaos caused by a shooting incident often adds to injury, as people run, fall, trample on others… With an AI weapon detector, when a gun is spotted, the system sends an alert to security staff, who can quickly control the situation in an organised manner and apprehend the intending shooter. Can be added as a SaaS (Security as a Service) component to small business and home surveillance systems, e.g., intrusion detection alerts (home invasion incidents with firearms number over 2500 per year nationwide). For a complete active shooter detection system, video-based AI detector can operate in conjunction with gunshot detectors for enhanced security. Traditional X-ray based weapon detection or metal detection entrance systems are complicated and expensive; with AI video technology, active shooter detection system can be cost-effective, and after all, what price tag can one put on a life? Written by Paul Sun and Mai Truong, IronYun
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
School shootings continue, as does a search for answers. What solutions are there to prevent school shootings and/or to improve the response (and thus minimise the death toll)? In the physical security industry, we like to think we have solutions that can help, if not “solve”, the problem, but realistically speaking, how effective are they at the end of the day? We like to think we have solutions that can help, if not “solve”, the problem: but how effective are they at the end of the day? The sad answer – even after dozens of school shootings and even in the wrenching aftermath of the latest one – is that we don’t know. There is a gaping lack of knowledge and research when it comes to measuring the effectiveness of preventative measures as they relate to school shootings. Scarce resources on preventative measures The dearth of knowledge on the subject leaves schools at risk of spending scarce resources on measures that don’t have any real impact, or worse, that have a negative effect on education environments. The natural impulse following a school shooting is to do something – anything – to prevent the tragedy from happening again at any school, but especially at my school. But how is money best spent?Successful businesses are a good thing, but not at the expense of misspending education resources on solutions that don’t solve anything Congress has passed the Stop School Violence Act of 2018 to provide $50 million per year to develop programs to train students, teachers and law enforcement to prevent violence, and to create anonymous reporting systems, such as hot lines, for school violence threats. The bill authorises another $25 million for improvements to school’s physical security infrastructures. Congress also provides $1.1 billion in Title IV block grants, which districts can use to pay for diverse needs such as security systems. Several states are providing additional funding for physical safety measures and campus police, and local districts are also stretching their budgets to address security concerns. But is that money being targeted to measures that will help the situation? What is the role of technology in preventing school violence, and are we as an industry at risk of over-selling our preventative capabilities and diverting money from other measures that might have more impact? Successful businesses are a good thing, but not at the expense of misspending education resources on solutions that don’t solve anything. More metal detectors, armed guards and police officers could cause anxiety in some students and even interfere with the learning process Studies on school safety and protection Researchers, advocates and educators gathered this fall at American University to consider the need for better research to inform decision-making on safety, reported Education Week.The field is in desperate need of more evidence on what works, and schools want this information presented to them" A 2016 study by the Rand Corp. points to the problem: Lack of data and research on what works and what doesn’t. “Despite growth in the school safety-technology sector, rigorous research about the effectiveness of these technologies is virtually non-existent,” according to Rand. “The field is in desperate need of more evidence on what works, and schools want this information presented to them in vetted, digestible ways to help them with procurement.” Jeremy Finn, a professor of education at the University of Buffalo, has pointed out the difficulty of assessing the effectiveness of measures designed to deter events that likely won’t occur anyway. “How do you know when you have deterred a school shooting?” he asks. “It didn’t happen.” The effects on our students Might technologies aimed at making schools more secure have an adverse effect on the learning environment? More metal detectors, armed guards and police officers could cause anxiety in some students and even interfere with the learning process. The physical security industry should freely acknowledge that the technologies we offer are only part of the solution to school violence Do security measures aimed at preventing active shooting incidents absorb resources that might better be used to address a more general and/or likely security threat such as vandalism or student discipline? Theoretically, security measures in general should help to prevent the probability of an active shooter at the same time they are addressing a wider range of concerns and threats. But do they? At the very least, we in the physical security market should be aware, and should freely acknowledge, that the technologies we offer are only part of the solution to school violence. Schools should take the broadest possible approach to the range of security challenges, and technology should be one tool among many. Furthermore, better data to measure what works is sorely needed to illuminate the best path forward.
I have been thinking a lot about the U.S. government’s ban on video surveillance technologies by Hikvision and Dahua. In general, I question the wisdom and logic of the ban and am frankly puzzled as to how it came to be. Allow me to elaborate. Chinese camera manufacturers Reality check: the government ban is based on concerns about the potential misuse of cameras, not actual misuse. Before the government ban, you occasionally heard about some government entities deciding not to use cameras manufactured by Chinese companies, although the reasons were mostly “in an abundance of caution.” Even so, I find the targeting of two Chinese companies – three if you count Hytera Communications, a mobile radio manufacturer – in a huge government military spending bill to be a little puzzling. I can’t quite picture how these specific companies got on Congress’s radar. The government ban is based on concerns about the potential misuse of cameras, not actual misuse What level of lobbying or backroom dealing was involved in getting the ban introduced (by a Missouri congresswoman) into the House version of the bill? And after the ban was left out of the Senate version, was there a new wave of discussions to ensure it was included in the joint House-Senate version (with some minor changes, and who negotiated those?). It all seems a little random. Concerns for the U.S. Furthermore, the U.S. ban solves neither of the two main concerns that are generally used as its justification: Concern: Cybersecurity. The U.S. ban “solves” the issue of cybersecurity only if both of the following statements are true. No security system that uses a Hikvision or Dahua camera or other component is cybersecure. Any system that does not use a Hikvision or Dahua camera or other component is cybersecure. What level of lobbying or backroom dealing was involved in getting the ban introduced into the House version of the bill? The ban ignores the breadth and complexity of cybersecurity and instead offers up two companies as scapegoats. Our industry has sought to address cybersecurity, and the one principle that has guided that effort is that cybersecurity is an issue that must be addressed by manufacturers, consultants, integrators and end users – in effect, everyone in the industry. Cybersecurity does not begin and end with the manufacturer and banning any manufacturers from the market does not ensure better cybersecurity. Concern: “Untrustworthy” Chinese companies. Hikvision and Dahua are only two Chinese companies. Any response to concerns about whether Chinese companies are trustworthy would need to cover many more companies that manufacture their products in China. Australian TV recently claimed that “all Chinese companies pose a risk. Because of Chinese laws, there is a requirement for companies to be engaged in espionage on behalf of the state.” Even if one embraces that extreme view, the logic fails when only two companies are targeted. One source told me that 60 to 65 percent of the global supply of commercial video cameras are manufactured in China, so it’s a much bigger issue than two companies.The Chinese government has much more effective ways of conducting espionage than exploiting security cameras And is U.S. security at risk unless or until it is cut off from more than half of the world’s supply of video cameras? Even Western camera companies manufacture some of their cameras and/or components in China. Why name only two (or three) companies, only one of which has ties to the Chinese government? If the goal of the U.S. ban was to address the possibility of cybersecurity and/or espionage by the Chinese government, shouldn’t there be other companies and product categories included? Clearly, video surveillance is not the only category that has the potential for abuse. The Chinese government has much more effective ways of conducting espionage than exploiting security cameras. Global response to U.S. ban And now that the U.S. ban has been passed, how is the ban being misused to justify a new level of alarm about Chinese companies? Australian television effortlessly made the leap from “software backdoors” to a concerted and organised effort by the Chinese government to use cameras to be the “number one country for espionage.” And it’s not just about government facilities: “Even on the street, [cameras] have the potential to inadvertently contribute toward Chinese espionage activity by providing real-time information about the situation on the ground,” says the Australian TV report. If all Chinese companies pose a risk, why is the U.S. government targeting specific companies rather than all Chinese companies? If all Chinese companies pose a risk, why is the U.S. government targeting specific companies rather than all Chinese companies, or at least those with electronics or computer products that could be used for espionage? What about the espionage potential of the 70% of mobile phones that are made in China? What about other consumer electronics such as PCs or smart TVs? How many government facilities that are eliminating Dahua and Hikvision cameras have employees who use iPhones or use other electronic equipment from China? Artificial intelligence & IP-over-coax Also, consider the impact of the ban on business. Hikvision and Dahua have had many successes in the video surveillance market, including in the U.S. market. They have added value to many integrators and end user customers. They have been on the forefront of important trends such as artificial intelligence and IP-over-coax. And, yes, they have made technologies available at lower prices.Cybersecurity issues have plagued several companies in the industry, not just Hikvision and Dahua Cybersecurity issues have plagued several companies in the industry, not just these two, and both Hikvision and Dahua have worked to fix past problems, and to raise awareness of cybersecurity concerns in general. Is a U.S. ban on two companies an appropriate response to a series of geo-political concerns that are much bigger than those two companies (and bigger than our entire market)? Should two companies take the brunt of the anti-Chinese backlash? Video surveillance cameras Is the video surveillance market as a whole better or worse for the presence of Hikvision and Dahua? Is it up to the U.S. government to make that call? In some ways, thoughts of Chinese espionage are a sign of these uncertain political times. Fear of video surveillance is perfectly congruent with long-standing anxieties about “Big Brother;” suspicion about China taking over our video cameras just rings true at a time when Russia is (supposedly) controlling our elections. But should two companies be targeted while broader concerns are shrugged off?
Repercussions are rippling through the physical security industry since President Trump signed into law the ban on government uses of surveillance equipment by Chinese manufacturers Hikvision and Dahua. In addition to the direct and indirect consequences of the new law, there have also been other developments likely to impact the future of Chinese companies in the video surveillance market. The ban has raised awareness of Chinese companies’ role in video surveillance, and other developments are related to tariffs and possible sanctions, all playing out amid the backdrop of an escalating trade war. One Chinese manufacturer previously dismissed security concerns about its role in video surveillance as “Cold War rhetoric.” There has been an almost nostalgic tone recently to the escalating concerns about video cameras being used for spying. Hikvision and Dahua have both stated emphatically that they have not conducted any espionage-related activities. Even so, the U.S. government ban has emboldened the concerns. However, to be clear: No one has alleged that technologies from either of the companies have been used for espionage. Rather, the concerns are about the potential for misuse, not actual misuse. Also aggravating the situation are Chinese companies’ previous, actual problems with cybersecurity, which the companies say they have addressed. Here are some recent developments related to the U.S. government ban and Chinese manufacturers in general: Tariffs and trade concerns Additional rounds of U.S. tariffs have targeted an expanding array of Chinese goods, including data storage and processing components such as printed circuit boards, as well as video camera lenses. The escalating trade war has kept generalised concerns about China and its trade practices in the public eye and fomented a level of uncertainty in many markets, including physical security. Additional rounds of U.S. tariffs have targeted an expanding array of Chinese goods Involvement of surveillance in Chinese human rights violations Concerns have surfaced in a Congressional hearing recently about the Chinese government’s surveillance activities targeting the Uyghurs and other Muslim ethnic minorities in the Zinjiang Urghur Autonomous Region (XUAR). Specific attention is being directed at the region’s surveillance system including “thousands of surveillance cameras, including in mosques,” and Hikvision and Dahua were mentioned in the Congressional hearing as profiting from security spending in the area. Increased global media attention The ban has not been widely publicised in the U.S. mainstream media, but the topic has attracted global attention. For example, the Australian Broadcasting Corporation broadcast a 10-minute expose on the use of Chinese-made cameras in Australian government facilities, including “sensitive military facilities.” The report, which mentioned the U.S. ban, noted that “Both [Hikvision and Dahua] have had security flaws be exposed leading to fears that some of the flaws were placed there to help the Chinese government spy.” The report continues: “China is trying to set itself up as the number-one country for cyber-espionage, and this is part of that platform.” How broadly should one interpret the inclusion of "critical infrastructure" mentioned in the bill? Broader interpretation of the bill beyond the federal government The language in the bill leaves a level of ambiguity in terms of the scope of its application, and the security marketplace as a whole has been struggling to understand its full impact. Does the ban only restrict an integrator’s use of Chinese technology on a specific government job, or does it eliminate an integrator who installs the technology (even in non-government projects) from consideration for government jobs? How broadly should one interpret the inclusion of “critical infrastructure” mentioned in the bill, for example, non-governmental facilities? Will other governments and private entities assume they should ban Hikvision and Dahua in order to be compliant? For example, Suffolk, Virginia, has announced it will not to use Dahua or Hikvision cameras because the federal ban applies to “U.S. government-funded contracts and for critical infrastructure and national security usage.” The result of these developments is a kind of snowball effect, simultaneously drawing attention to the issues and adding new elements to an overall narrative. Taken together, these developments suggest the U.S. ban has set off a level of concern about Chinese companies that will have an industry-transforming impact in the months to come.
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimise internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual data mapping and processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralised data management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system “We are now tracking and recording every single data request in a centralised way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data processing, documentation and risk management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimised our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing a partnership ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilise great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open platform matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-on modules and intrinsic scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open access is key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalogue of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured business ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, key connector in physical security industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realised that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting the Scandinavian management model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone partner ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open business world Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognising there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving school security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organisations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
Keeping the food supply safe was not an issue for Furman Foods back in 1921, when John W. Furman canned 360 glass jars of tomatoes with his wife, Emma, and their six children. Just as food processing practices have evolved over time, so too has the nation’s approach to securing food processing facilities. Today, Furman Foods uses ID cards as the first step of a greater plan to enhance its plant security. Furman Foods is a family-owned business. By 1969, the company had sold a million cases of tomatoes and was complementing its tomato crop with beans, peppers and other vegetables sold under the Furmano’s name. The company’s roots are planted firmly in the soil of the Susquehanna River Valley of Pennsylvania. Despite this remote location, Frank Furman, Vice President of Quality, is ready to take the facility to the next level of security and quality. “The need is here,” he said. “Everything is coming together at once. Not only does security make good business sense, but it also is something we need to do for our customers.” Food safety and security While the company has focused on food safety for many years, the U.S. Food and Drug Administration’s (FDA’s) Bioterrorism Act of 2002 made security a top concern for food producers such as Furman’s. Title III of the act specifically addresses protecting the safety and security of food and drug supplies. In addition, because Furman Foods provides food for U.S. Department of Agriculture (USDA) food programs, it is subject to USDA security measures. Security isn’t new to the company. It began incorporating additional security measures shortly after September 2001. The well heads for the water supply are locked and checked daily, for example, and a third-party security service is on duty during off-hours. Delivery truck doors now must be sealed, the company’s computer systems have new access controls in them, and locks now adorn all bulk storage areas, such as those for corn sweeteners and vinegar, some of the most vulnerable areas in the company. An important part of the security system at Furman’s is a new ID card program Time and attendance tracking An important part of the security system at Furman’s is a new ID card program. “We needed to replace our time clocks,” said Mark Slear, Systems Administrator, “so we took advantage of the opportunity to introduce employee ID cards to track time and attendance.” “I wanted some kind of control so that people who don’t work here don’t get in,” Furman said, “Despite the fact that we are located in a rural area, we still were seeing people here who shouldn’t be here. We had to figure out some way to limit access.” In the past, the company had pre-printed, pre-numbered, bar coded cards for hourly employee access. Employees were assigned a number, but that was it. HID Fargo Printer/Encoder Slear and Furman selected the Fargo DTC550 Direct-to-Card Printer/Encoder with lamination capabilities from ID Wholesaler (www.idwholesaler.com), a Fargo Value-Added Retailer and the largest online reseller of photo ID products. “I looked around quite a bit,” said Slear, “and all of my research kept coming back to Fargo.” Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs" “We determined that Furman Foods needed a higher level of security than a basic photo ID card could offer,” said Shane Stark, Account Manager, ID Wholesaler. “The FDA keeps tight regulations on who has access to food processing areas. Along with using bar codes and magnetic encoding for security measures, Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs. This led us to lamination and a Mylar card, which offers greater durability.” Slear was also interested in the printer’s speed. “When we ramp up during the summer, we produce a year’s worth of product in three months,” he said. “We have to print a lot of ID cards quickly to accommodate our seasonal workers.” Security access cards Furman’s bought the Fargo printer in October, took employee pictures in November and began issuing new ID cards in January. The ID cards contain a full photo, and the program includes all employees, even the extra 300 that are hired during the July-to-October busy season. While tracking time and attendance with the ID cards was the company’s first concern, Slear and Furman were thinking ahead when they chose an ID card printer, knowing that security needs would be enhanced down the road. “We added a magnetic stripe and photo in preparation for future security,” said Slear. “We haven’t defined yet what else we might do, but much of it will be driven by FDA and USDA directives.” “We liked the fact that the DTC550 printer can print on proximity cards if we decide to upgrade our ID cards someday,” said Slear. Furman agreed. “Eventually, we will go to smart cards, especially for the room where our ingredients are mixed,” he said. “We need to limit this area to those who are designated to be there. They will have to swipe an ID card for access. We chose a printer that will allow us to upgrade the cards, knowing that sooner or later we’ll have to go further with security.” Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements" Comprehensive identification solutions “Everything has been going well,” Slear said. “The person printing the cards picked up on it quickly.” Slear gives high marks to ID Wholesaler for their customer service. “Every time I talk to Shane, I get the answers I need,” he said. “He also checks in from time to time, just to see how things are going.” “Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements and their budgets,” said Jennifer Clancy, Marketing Manager, ID Wholesaler. Currently there are three variations to the Furman’s ID cards: yellow background for employees, green background for visitors and blue background for vendors. “Certain vendors are allowed on site without an escort,” said Furman. “For instance, because we are a kosher facility, once a month a rabbi comes in to check our operations. He has his own vendor ID card and is pre-approved, so he can move throughout our facility unescorted.” Facility security One of our big concerns is having someone follow a carded employee into the plant Furman Foods prides itself on its strong values, its quality products, its sustainability and its food security. Yet Furman isn’t satisfied. “We are still not where we should be,” he said. “We have come a long way, but we have a long way to go. If I could wave a magic wand, we would have one entrance, where everybody has to enter and exit. This entrance would be secured by a card reader, so individuals would have to swipe an ID card to get in. One of our big concerns is having someone follow a carded employee into the plant. Restricted areas should require special access cards, and I’d like a fence around the entire facility, with a guard shack where everyone checks in and out,” he further added. Right now, there are multiple entrances for traffic. The facility is very spread out, and the road in front is a public road. Photo ID access card Yet, all agree that the ID cards are an important step on Furman Foods’ journey toward enhanced security. “A safe workplace is fundamental,” said Clancy. “Photo ID cards provide at-a-glance validation that the card wearer is authorised to be on the premises. This is especially important for food manufacturers.” “I tell our employees security is only going to get tighter,” Furman said. “More safeguards will be put in place. We are in the food business. If we don’t have safe foods, we don’t have jobs.”
Following several high-profile incidents alleging abuse of special needs students (including some non-communicative students), and the activism of a number of parent groups in the state of Texas, Governor Greg Abbott signed Texas Senate Bill 507, requiring districts to install audio and video surveillance equipment into select special education classrooms when requested. The law requires the installation of cameras and recorders in classrooms meeting certain criteria—if and when a parent, school board member, or school staff requests them from the 2016-2017 school year forward. Surveillance must cover all areas in a classroom, with the exception of bathrooms and changing areas, and recorded footage must be retained for a minimum of six months. Many Texas school districts have begun the work of bringing relevant educational spaces into compliance with the law, including the Edna Independent School District.The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements Super Fisheye-powered surveillance Carefully considering Edna ISD’s requirements for a highest-quality surveillance solution, capable of audio recording and coverage in compliance with the law, along with their need for a fiscally responsible solution that minimised total cost of ownership, while maximising value, PSX recommended the IDIS Total Solution’s DirectIP line. The IDIS Total Solution has a selection of affordable, highest-quality options for school districts, easily scaled to meet any classroom size, configuration, or budget. The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements with a custom configuration of IDIS cameras and recorders for multiple classrooms and sites. At the heart of the solution is the IDIS DirectIP Super Fisheye Camera, which features breakthrough IDIS technology recognised by the industry for solving common concerns found with many other fisheye models.The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture Smart UX controls The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture and strongest possible assessment and documentation of incidents. It also features the company’s award-winning IDIS Smart UX Controls (named a 2016 ‘New Product of the Year’ by Security Products magazine), which allow for agile real-time pointing and zooming in a simplified and smooth manner previously unheard of in the industry. Other IDIS benefits, including two-way communication and the powerful recording and storage technology the company is known for, make the solution an ideal one for Edna ISD’s needs. Significantly, SB 507 was not accompanied by additional funding for implementation. It required school districts to cover the cost of surveillance purchases and installation from existing funds, donations, or other alternate funding strategies. This expands the requirement for school districts such as Edna ISD, beyond the simple purchase and installation of new surveillance solutions, to include the identification of surveillance solutions able to provide maximum quality with a low total cost of ownership and to be as responsive as possible to the law, student needs, and existing budgetary requirements.The IDIS Total Solution has proven a strong fit for school districts Cost-effective deployment Offerings that feature combinations of technical and cost-effective benefits have proven a strong fit for school districts, including Edna ISD, looking to meet SB 507 requirements without sacrificing quality for cost, something that is important to institutions such as public schools, charged with both optimal execution of their core educational mission and careful stewardship of public funds. The IDIS Total Solution, differentiated by its ease of installation and use as well as its lack of licensing and maintenance fees, has proven a strong fit for school districts, including Edna ISD. Alan Morris, Vice President of Sales for PSX, Inc., stated, “While SB 507 compliance has proven a challenge for some school districts, Edna ISD has shown an uncompromising commitment to its special needs students through the selection of technology that provides easy real-time review of classroom behavior and provides the best, clearest evidence possible should an incident occur.” Secure learning environment "In Edna ISD, the safety of our students, teachers, and staff is a key part of our educational mission. When those in our schools, and the families that love them, know their environment is safe and secure, the educational mission can thrive. We have embraced the SB 507 requirements as yet another tool in ensuring an ideal learning environment for all, providing additional support and protection for our special needs population.” “We were committed to doing this with only the best technology the industry had to offer, while also remaining responsible to our taxpayers throughout the process. The IDIS combination of a fully scalable solution of next-generation technology with a lower total cost of ownership than typically seen in the industry made it the right choice for our needs."
Round table discussion
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?
Knowledge shared among peers is often afforded more credibility than information from manufacturers. An approximation of that principle is at work in the use of case studies as marketing tools in the physical security industry. Case studies are aimed at telling real-world success stories – from actual customers – about how various technologies are used to accomplish security goals and make the world a safer place. But how useful are they? We asked this week’s Expert Panel Roundtable: What are the benefits of case studies as a marketing tool in the security industry?
More cameras today are providing more video than ever, but how much of the video is available when and how it is needed? The question often comes up when law enforcement entities are seeking to access video from private systems to help solve a crime. There are many more private video systems than public systems, but is the video available when needed? And what about privacy: In what situations is it acceptable to share private video for the public good? We took these questions to this week’s Expert Panel Roundtable. Specifically, we asked: When does it make sense to share video from private video surveillance systems with citywide systems? What are the technical and/or privacy hurdles to sharing video more widely?