The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week&r...
Ping Identity, global provider of identity defined security solutions, has announced updates to its data governance solution, PingDataGovernance, to better manage data security and privacy requirements for APIs and user profiles. Today’s enterprises manage many different APIs on average, meaning sensitive consumer data like banking information and healthcare records are increasingly vulnerable. This rapid growth of APIs and third-party API traffic necessitates fine-grained data protection...
ONVIF, a global standardisation initiative for IP-based physical security products, announced that its Export File Format, the ONVIF specification for the export of video from security surveillance recording platforms, is the new standard recommended by the National Institute of Standards and Technology (NIST) for the exporting and playback of video surveillance recordings. In a research project commissioned by the FBI to aid law enforcement in forensic investigations, NIST worked in conjunctio...
Craig Birch, Product Category Manager at UNION, outlines what the new grade 5 for BS 8607 includes, why it has been introduced and the benefits that it can help deliver. At present, mechanically operated push button locksets are not typically security products, but rather access control ones. For example, think about the last time you went to your local doctor’s surgery. No doubt there will have been a lock on the door behind the receptionist, protecting the sensitive information they hol...
Many Euralarm members and other interested people gathered on May 13th, 2019 in Madrid for the annual Euralarm Symposium. It was the moment that Euralarm presented its priorities and challenges for the upcoming years. General Director Paul van der Zanden introduced Euralarm’s new strategy document for 2019 to 2024 to the audience by putting it into perspective with the developments within Brussels. Fire safety and security industry There is so much going on in Brussels that is not commun...
KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year. C...
Tavcom Training, part of Linx International Group and IFSEC’s education partner, revealed details of the 24 free-to-attend and CPD-accredited education sessions, which will be presented at the Future of Security Theatre (Stand: IF3140), this year at IFSEC International in London. Tavcom Training has compiled an education programme that addresses many of the most talked about trends and issues amongst security practitioners. Topics being presented by Tavcom Training’s expert tutors include how to counteract the menace of cybercrime, the impact of artificial intelligence on electronics security, future-proofing CCTV networks and improving security through integration. Cybersecurity best practices guidance The BSIA will also join Tavcom Training in the theatre to provide cybersecurity best practices guidanceSessions will also be dedicated to the threat of drone attacks and available countermeasures, the hackability of autonomous vehicles, and whether the security sector is ready for 5G, as mobile operators begin switching on UK networks this year. Also, with issues regarding the use of facial recognition currently hitting the headlines and a year on from the introduction of GDPR, the challenge of running effective video surveillance that balances privacy and security will be debated. The BSIA will also join Tavcom Training in the theatre to provide cybersecurity best practices guidance, whilst the SSAIB will deliver an intruder alarm standards update involving PD6662. Learning to address the security issues Tavcom Training is proud to once again be IFSEC’s education partner and Head of Sales Andrew Saywell, comments: “This year, we have put together a packed programme of the most pertinent topics, delivered by world-leading subject matter experts. Over the three-days, we are offering security practitioners an unmissable opportunity to learn how they can address the issues affecting them today, whilst readying them for what lies ahead.” The Future of Security Theatre will open at 10.45am each day of IFSEC International with an introduction to the Certified Technical Security Professional (CTSP) Register, which is operated by Tavcom Training and supported by the BSIA and SSAIB. CTSP is a publicly searchable online Register of those fulfilling technical roles including installation, maintenance and commissioning of technicians/engineers, auditors and consultants. It is an important initiative that is helping to raise standards throughout the sector.
This year’s Infosecurity Europe – Europe’s number one information security event – is raising the bar for 2019 with over 400 exhibitors set to attend, featuring some of the most forward-thinking, innovative cybersecurity companies from around the world. To allow visitors to make the most of the event, Infosecurity Europe has introduced the new LaunchPad, an interactive one-stop-shop for visitors to listen and explore some of the new exhibitor novelties at the show, and then visit the stands of those suppliers with innovations that interest them. Nicole Mills, Senior Exhibition Director at Infosecurity Group, commented: “With visitor numbers growing significantly over recent years, Infosecurity Europe continually commits to fostering and promoting innovation in the industry. The conference promises to showcase over 100 pioneering newcomers in the information security industry, as well as a host of the most widely regarded and seasoned security companies.” Managing information and cyber risk The exhibition is a fantastic opportunity to educate attendees with new innovation and expert adviceThe event aims to provide visitors with key insights to manage information and cyber risk, explore the breadth, depth and creativity of security technologies, uncover the latest trends, and see and hear, how peers are solving problems. The exhibition is a fantastic opportunity to educate attendees with new innovation and expert advice, and to network with potential partners and customers, all under one roof. For those looking to learn more about the latest technologies, they can visit the Cyber Innovation Zone featuring the top 13 innovative small companies from the Department for Digital, Culture, Media and Sport UK’s Most Innovative Small Cybersecurity Company of the Year competition, including WoTT; Quadible; Human Firewall; Padlock; Tricerion; Titan IC; Qufaro; XQ Cyber; Keepnet Labs; Outthink; Lujam and winners Hack the Box. Cyber Innovation showcase highlights: WoTT - The "S" in "IoT" stands for "Security" - 04 Jun 2019, 10:30 - 10:45 Viktor Petersson, CTO WoTT, will explore the proliferation of IoT devices. After briefly exploring the problem space, we will explore how to solve it. The talk will focus largely on securing consumer-like devices (e.g. Raspberry Pi), and include topics such as building a good pipeline, OTA, testing and basic security best practices. IoT security is not rocket surgery. Segasec - Scamming you at Infosec? Easy - 04 Jun 2019, 16:30 - 16:55 Elad Schulman, CEO and founder of Segasec, will walk us through a demo of a phishing attack that can take place at Infosec. He will introduce the risks in the future of phishing to both organisations and their customers, and what it takes to be one step ahead of them. Keepnet Labs - From Beyond the Wall to the Seven Kingdoms: Why Email Threat-Sharing Gives Us a Chance - 05 Jun 2019, 12:10 - 12:25 Announcing a game changing industry first, James Baker of Keepnet Labs will explain their patent pending Threat-Share product, adding significant power through innovation to their holistic email defence solution. Hack the Box - A Journey of Self Driven Security Training - 05 Jun 2019, 14:15 - 14:30 This talk details a course of progression from engineer to security advocate, highlighting the importance of self-driven teaching methodologies, the increased availability of high-quality training resources and how they can be applied to improving the skill set of individuals and teams alike. Presentations and technology showcases The conference is packed with keynote presentations, strategy talks, technology showcases, Geek Street, and numerous special eventsAs part of the wider discussion, exhibitors will cover topics such as privacy, hackers and threats, the human element, law, IoT security, public interest technology, and talent shortages. The conference is packed with keynote presentations, strategy talks, technology showcases, Geek Street, and numerous special events supported and presented by our exhibitors. Garrison, developers of Silicon Assured Video Isolation will be at stand F280 on Wednesday 5 June at 16:00 to invite visitors to meet RAVI the robot, a first-of-its-kind in web security hardware. Get RAVI the robot to browse the most insecure websites for you, so that you remain safe and protected from malicious code and injection-based cyberattacks. Positive Technologies will give a demonstration on the security risks of the IoT on Geek Street, 05 Jun 2019, 13:00 - 13:45. This presentation will look in depth at the vulnerabilities discovered in a ZTE wi-fi router, including a demo, the risks associated with each flaw, how they can be addressed, and lessons we can learn for IoT security. Advice from cybersecurity professionals Victoria Windsor, Group Content Manager at Infosecurity Group, says: “This year promises to be brimming with powerful business insights and industry-redefining conversations. We aim to showcase information, intelligence and advice from the world’s top cybersecurity professionals, to enable visitors and exhibitors to connect and share perspectives over the security issues they encounter. We encourage visitors to come along and experience everything on offer, and even bring their teams along to divide and conquer the show.” Infosecurity Europe, now in its 24th year, takes place at Olympia, Hammersmith, London, from 4-6 June 2019. It attracts over 19,500 unique information security professionals attending from every segment of the industry, including 400+ exhibitors showcasing their products and services, industry analysts, worldwide press and policy experts, and over 200 industry speakers are lined up to take part in the free-to-attend conference, seminar and workshop programme.
ExtraHop, provider of enterprise cyber analytics from the inside out, has announced the new ExtraHop Panorama Partner Program. The Panorama Program is designed to enable global channel partners to accelerate the adoption and integration of network traffic analysis (NTA) to help enterprise customers modernise their security operations. Panorama Partner Program Fueled by 10x growth in cybersecurity, ExtraHop is expanding its global channel program by working with global resellers, distributers, managed services, and integration partners with deep domain expertise in the international security market. The new Panorama Partner Program supports these channel partners with industry-leading accreditation that provides the foundational knowledge and tools to accelerate integration of NTA into security operations. The accreditation program also offers partner sales engineers a deeper technical view of the ExtraHop solutions, including demos, key use cases and competitive differentiation. Through the program, partners can leverage the robust integrations offered by ExtraHop In addition to partner accreditation, the new partner portal provides easy access to just-in-time (JIT) sales and training materials that help ExtraHop partners rapidly identify use cases and fast-track solutions specially tailormade for their customers. The Panorama Partner Program also makes it easier than ever for channel partners to pair ExtraHop with industry leading technology solutions. Through the program, partners can leverage the robust integrations offered by ExtraHop with products including ServiceNow, IBM QRadar, and Splunk to provide their enterprise customers with full detection, investigation, and remediation capabilities. AWS CPPO program Through the Panorama Program, partners also have the ability to deliver full cloud solutions using the AWS Consulting Partner Private Offer (CPPO) program. Through the AWS Consulting Partner Private Offer program, ExtraHop brings together sophisticated analytics, machine learning and threat investigation capabilities from Reveal(x), world-class security services and program development from channel partners to deliver best of breed cybersecurity for AWS customers. ExtraHop partners with leading organisations around the globe including Allentis, AppCentrix, Epicon, GuidePoint Security, KedronUK, Kite, Macnica, Miel, Optiv Security, Presidio and Trace3. “As the demand for ExtraHop Reveal(x) continues to expand, we look to the leading channel partners to support our rapid growth around the world,” said Mark Fitzmaurice, Vice President of Global Channel Sales, ExtraHop. “We depend on our partners to deliver the visibility, speed, and scale enterprise security teams need to rise above the noise of the endless traffic required for digital business. The Panorama Partner Program is designed to make our partners highly effective and more profitable based on their investments in ExtraHop.” What partners are saying: The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility" "At Kedron, we take pride in offering our customers a seamless experience with the best technology for their environment," said Roland Stigwood, Managing Director and Owner, Kedron UK. "The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility across the complex, hybrid IT environments of today.” “Kite Distribution specialises in bringing disruptive technologies to the UK channel, with the goal of driving incremental value for our customers,” said Kip Tumber, Director for Kite Distribution. “As one of the fastest growing distributors in the UK, we look for vendors that align to our own growth ambitions. ExtraHop is a leader in the real-time data analytics sector and provides valuable insights to IT security teams. Their Panorama Partner Program also demonstrates ExtraHop are fully committed to working collaboratively with the channel. Our joint early successes, reseller recruitment, and pipeline generation point to a strong successful partnership.” ExtraHop also offers partners a Sales Academy and an Accreditation Program to provide advanced knowledge and tools.
During the section meetings following the Euralarm General Assembly, Joakim Söderström has been appointed chairman of the Security Section. As chairman he will also join the board of Euralarm as Vice President. Following in the footsteps of David Wilkinson, he will continue the journey that the section started. Milan Ceeh, vice chairman of the section and representative of the Czech association AGA will remain in his position. Security solutions expert Joakim Söderström is general manager of Säkerhetsbranschen, the association of the Swedish security industry (www.sakerhetsbranschen.se). He started his career at the Swedish police force where he held several (management) position. He then became general manager of the Swedish association for safety and security. In his new role of chairman of the security section he will build on the foundations that were laid by his predecessor. When asked Joakim says to be thrilled to become the chairman of the Security Section. “With our new strategic priorities and challenges document we have the foundation in place where we can now continue to build on. After defining our strategy, I feel proud to contribute to turning the strategy into action. I’m happy with all the section members and their enthusiasm and professionalism. Together we will make this work!”
Maven Capital Partners, one of the UK’s most active private equity houses, has led an investment, alongside existing shareholders Par Equity and the Scottish Investment Bank, in Edinburgh-based Symphonic Software Limited, a global player in the Identity and Access Management (IAM) market. The funding will be used to further scale the business, investing in sales and marketing resource, as well as product innovation, to ensure Symphonic continues to offer customers a best-of-breed solution in this important and growing market. Authorisation software solution Symphonic has developed a fine-grained, context-aware authorisation software solution that enables organisations to securely share critical, time-dependent and sensitive information by managing access to data and services in the inter-connected digital economy. It does this by enabling the user to set rules and controls, even for the most complex administrative requirements, at extreme granular levels. Heightened security, is driving market demand as customers’ interactions with the organisation become deeper and more complex A powerful policy management interface incorporated into the system provides centralised visibility and control over the policies that apply to an enterprise's entire digital landscape. This makes access management more simple and agile, helping support rapidly emerging needs for sharing data both inside and outside an organisation, while maintaining compliance with internal policies and external regulations. Heightened security, an emphasis on risk management and the introduction of ever-increasing digital access channels, is driving market demand as customers’ interactions with the organisation become deeper and more complex. As a result, the IAM market is growing rapidly and is forecast to be worth in excess of $20 billion by 2022. Sophisticated access management Data security, General Data Protection Regulation (GDPR) and Open Banking regulations are just some of the initiatives forcing Symphonic’s financial customers to undertake major re-engineering programmes that inevitably involve the deployment of a sophisticated access management solution. Under the latest open banking regulations, banks are now required to share the data they hold on their customers, safely and securely with authorised third parties. Symphonic is targeting further growth in retail banking and other sectors and is well positioned to expand into new markets" The aim of the regulation is to bring more competition and innovation to the financial services market, which should in turn lead to more and better products. Symphonic’s solution enables financial institutions to manage the new, complex access patterns resulting from open banking whilst delivering the right balance between security and customer experience. Symphonic clients can react quickly to new threats whilst lowering their costs by defining their access control policies in a single location. Significant new regulation David Milroy, Partner at Maven, said: “We are delighted to be leading the investment in Symphonic Software. The company operates in a high growth sector driven by significant new regulation. Symphonic is targeting further growth in retail banking and other sectors and is well positioned to expand into new markets. We look forward to working with Derick and his team over the coming years to scale the business and deliver on its growth strategy.” Derick James, CEO at Symphonic, added: “We are very pleased to maintain our strong relationship with Par Equity and the Scottish Investment Bank and are delighted to welcome Maven as part of this latest investment round. The team at Symphonic is looking forward to continuing to drive the company’s success with the support of our new and existing investors”.
March Networks, a global video security and video-based business intelligence pioneer, is proud to announce that it has been designated as a cybersecure business by Cyber Essentials Canada for a second consecutive year. March Networks was the first company in the country to achieve the certification in 2018, and is the first to re-certify through the program this year. Developed as part of the United Kingdom’s (U.K.’s) National Cyber Security Programme, Cyber Essentials certification is awarded to organisations able to demonstrate good cybersecurity practices and an ability to mitigate risks from Internet-based threats in areas including: boundary firewalls and Internet gateways; network configuration; software management; access control; and malware protection. The toolset is also a valuable asset for end user organisations seeking to verify the security of their supply chain. Adhering to best security practices Our participation in the Cyber Essentials program enables us to confirm that we are adhering to the current security practices"“March Networks works with many Fortune 500 customers, including some of the world’s largest banks, so strong corporate security practices have always been a priority,” said Peter Strom, President and CEO, March Networks. “Our participation in the Cyber Essentials program enables us to confirm that we are adhering to the most current security best practices. It also provides our customers with yet another assurance of our high cybersecurity standards.” March Networks’ holistic approach to security involves a 360° view of all areas of its business – from product development and source code management, to operational processes and customer data privacy. The company’s Network Operations Center, for example, operates with extensive physical access and networking controls and restrictions to ensure the security of customer data. The company also participates in comprehensive security audits initiated by large enterprise customers seeking to confirm the security of their video solution provider. Identifying potential vulnerabilities Proactive resilience strategies help strengthen organisations’ ability to avoid disruption"In addition, March Networks takes a proactive approach to identifying potential vulnerabilities in its products. The company’s Security Updates and Advisories program involves regularly tracking US-CERT reports on identified vulnerabilities, conducting in-depth investigations when required, and alerting customers and partners to any necessary software updates via email alerts and information posted directly on the March Networks website. Endorsed by the U.K. government, Cyber Essentials was originally created in collaboration with industry partners such as the Information Security Forum (ISF) and the British Standards Institution (BSI). CyberNB, a special operating agency of Opportunities New Brunswick, administers the program in Canada, where it is gaining momentum as a requirement to win business in both public and private sectors. “The team at CyberNB is proud of the commitment to security and continuous improvement that we’ve seen from March Networks,” said Josh Waite, Head of Cyber Essentials Canada. “Proactive resilience strategies help strengthen organisations’ ability to avoid disruption and demonstrate responsible practice. We congratulate March Networks for having made Cyber Essentials Canada certification part of their strategy.”
The oil and gas market is driven by a number of technology trends, political issues, waves of supply and demand, and regulations. At times, it seems like the market is in a constant state of ebb and flow, with business affected by traditional drivers, such as government mandates and operational efficiencies, and other non-traditional markers, like challenging weather conditions (consider the 2017 hurricane season as an example). Additionally, the global economy continues to grow, propelling increased energy demand. But like nearly every other market today, the oil and gas market is on the brink of a sea change. According to Deloitte’s 2018 outlook on oil and gas, “the digital revolution is here.” The sheer volume of information and data generated by digital devices, such as those associated with the Internet of Things, will allow producers to leverage rich data and combine it to deliver smart, efficient solutions. The rise of digital technologies is unleashing new ideas across the oil and gas industry and even though we are in the beginning stage of being able to harness the power of these types of technologies, innovative ideas are emerging — all designed to support the core business, reduce internal investments, deliver products faster, boost efficiencies, and enhance safety. Maximised operations and increased ROI This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand This is welcome news because there are a number of challenges facing the oil and gas industry, from improving reserve replacement and ensuring workplace safety to reducing operating costs and limiting downtime. All of these objectives must be achieved while maximising operations and increasing overall return on investment. Never has it been more crucial for critical infrastructure organisations to demonstrate a focus on safety, security, and collaboration. Here's why: Growth and demand According to the U.S. Energy Information Administration, world energy consumption will grow by 56 percent between 2010 and 2040. This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success. Compliance Continuous demand is only one challenge; compliance with industry and government regulations is another significant hurdle that must be maintained or there is risk of production shutdowns. For example, the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) impose comprehensive federal regulations for high-risk chemical facilities, requiring organisations to conduct vulnerability assessments. This is just one of many regulatory procedures sites must follow to conform to environmental protections, safety precautions, and safe handling of hazardous materials. As energy-centric organisations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success Threat protection, mitigation, and collaboration In addition to meeting the requirements of regulatory procedures, mitigating risk in this industry propels leaders to develop stringent strategies to ensure robust protection of people, property, and assets, effective and efficient response to incidents when they occur, and procedures and protocols to ensure business continuity in emergency situations. Energy providers require comprehensive safety planning and technology systems that can augment the capabilities of on-site and remote personnel. In recent years, video solutions have become the standard for monitoring facilities, assets, and employees, and now these organisations require enterprise-class solutions that can help gather intelligent data that allows for enhanced security and safety efforts but also focus on processes that enhance operational efficiencies. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market IT security is also a concern. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market. An IT breach can cause operational havoc, risk to the public, and damage to an organisation’s brand. Adopting a continuous improvement approach to a security strategy safeguards and helps protect valuable company information and reduces the likelihood of an incident. Also, collaboration between IT and physical security leaders and the correlation of both departments' data makes it much easier to identify a potential breach before havoc ensues. The digital age With the rise of the digital revolution and the demand for data to improve insight, oil and gas producers and businesses need to find new ways to capture data, correlate it as needed, and then leverage it to make the most informed decisions. Software platforms are being used in a wide variety of applications to provide a single pane-of-glass view that allows operators to gain critical insight into operations. By collecting intelligence from digital sensors, such as video surveillance cameras, open-source Web intelligence, building systems, crowdsourcing, weather sensors, mobile devices, and more, operators can detect potential risks and manage and respond to situations more efficiently. Furthermore, information can be shared easily with multiple agencies, employees, citizens, and first responders — especially valuable in the event of a safety incident where rapid response is paramount. By creating a single enterprise-wide view across disparate systems and technologies, organisations experience improved response times, lowered operational costs, and increased employee safety. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically Traditional command centers Intelligent solutions, such as those derived from the idea of artificial intelligence, help organisations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command center technologies within the oil and gas industry, fusing critical data input from emergency calls and responder activity to enhance situational awareness. With traditional command centers relying mostly on call and radio updates, visibility can be limited, but new digital platforms enable operators to oversee a situation and engage with and direct the response force. Overall, these types of automated functions deliver a simplified and modernised operating environment. The future is the Intelligent SOC Oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets All of these digital solutions are designed to take center stage within the Intelligent Security Operations Center (ISOC). To combat advanced, multi-stage threats, oil and gas facilities are transforming the traditional SOC into the next-generation unified ISOC with an integrated platform for detection, investigation, communication, and response. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically. Energy providers operate in challenging, fast-moving environments in which opportunities, requirements, and regulations can vary widely, change quickly, and evolve significantly over time. As the idea of the digital age continues to transform this market, new technologies will be more widely used to improve business operations from exploration and extraction to transportation and distribution. With the right technology, strategic partnerships, and enhanced situational awareness, oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets, while continuing to focus on achieving business goals that will sustain supply and demand for years to come.
According to the reports of not-for-profit organisation Gun Violence Archive, the year 2018 has seen 323 mass shooting incidents as of November 28 in the United States. This number is 346 for the year 2017 and 382 for 2016 (more statistics are available here), with “mass shooting” defined as cases where four or more people are shot or killed in the same time period and location. While definitions of mass shooting vary with organisations in the US, the count of over 300 incidents per year, or about once per day on average, is simply alarming. It raises public safety concerns, ignites debates and protests, which in turn lead to public unrest and potentially more violence, and increases costs for governments from the regional to federal level. Most importantly, the loss of lives demands not only improvement in post-incident handling and investigation, but also new prevention technologies. Gunshot detection solutions AI weapon detection offers a more efficient alternative to prevent active shooting There are several gunshot detection solutions in the security market, commonly used by law enforcement agencies to detect and locate gun fires. These systems function based on acoustic recordings and analyses and often in combination with signals detected by sensors of the optical flash and shockwave when a gun is fired. However, gunshot detection by nature dictates that the law enforcement can only react to a shooting incident that has occurred. With fast action, law enforcement can prevent the incident from escalating, but lives that are lost cannot be recovered. With the development of artificial intelligence in object recognition, AI weapon detection offers a more efficient alternative to prevent active shooting: AI can visually detect guns based on their shapes before they are fired. The AI is trained to recognise firearms in different shapes, sizes, colours, and at different angles in videos, so that the AI weapon detector can be deployed with existing cameras systems, analyse the video feeds, and instantly notify security staff when a gun is spotted. Comparison of the advantages for law enforcement and public security agencies Legacy gunshot detection using sensors AI weapon detection Reactive measure: detect after guns have been fired Proactive measure: detect before guns are fired Time to action: within 1 second Time to action: within 1 second Unable to provide visual data about shooter(s) Can provide data about shooter(s) based on the camera recording: clothing, luggage (backpack, handbag, etc.), facial features, vehicle Unable to track the location of the shooter(s) before and after shooting because of the lack of sound Can track the shooter(s) using AI Person & Vehicle Tracking, AI Face Recognition, and AI License Plate Recognition False detection caused by similar sound such as fireworks and cars backfiring Minimal to no false detection, as AI can distinguish different types of handguns and rifles from normal objects (umbrella, cellphone, etc.) Require physical deployment of gunshot detection sensors Can be used with existing camera systems, do not require special hardware Complicated to deploy, require highly trained professional Easy to deploy as an add-on to existing video surveillance system - Can integrate with gun-shot detection to create a “double knock” audio and video active shooter alert system Gun-shot detection advantages In addition to advantages for law enforcement and public security agencies, this type of visual-based pre-incident detector has three-fold advantages for the public: Save lives by spotting the shooter before the shooting event. Minimise the chaos entailing an incident: panic and chaos caused by a shooting incident often adds to injury, as people run, fall, trample on others… With an AI weapon detector, when a gun is spotted, the system sends an alert to security staff, who can quickly control the situation in an organised manner and apprehend the intending shooter. Can be added as a SaaS (Security as a Service) component to small business and home surveillance systems, e.g., intrusion detection alerts (home invasion incidents with firearms number over 2500 per year nationwide). For a complete active shooter detection system, video-based AI detector can operate in conjunction with gunshot detectors for enhanced security. Traditional X-ray based weapon detection or metal detection entrance systems are complicated and expensive; with AI video technology, active shooter detection system can be cost-effective, and after all, what price tag can one put on a life? Written by Paul Sun and Mai Truong, IronYun
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
The Electronic Security Expo (ESX) will be held at the Indiana Convention Center, June 3-6, in Indianapolis. The show focusses exclusively on the electronic security and life safety industry, including companies that service the connected Internet of Things (IoT) space for homes and businesses. The ESX Main Stage will highlight inspirational presentations from motivational speakers, Dr. Rick Rigsby and Kevin Brown. In addition, there will be a founder of a drone security company and an Entrepreneur-in-Residence from Kleiner Perkins for OpenXchange, and a Secret Service agent for the Closing Keynote. Sharing best practices and trends In breakout sessions, colleagues and business thought leaders will share best practices, trends and opportunities that helped their own companies and careers, so that others might replicate their successes or minimise their failures. These sessions are aimed at propelling attendees to reimagine their business models and go-to-market strategies, says George De Marco, Chairman of ESX and Managing Partner for DECO Ventures LLC. Examples of breakout sessions include: CounterPoint Forum – “False Alarm Dispatches - A Real Threat or a Nuisance to the Industry?” “Top 3 Ways to Grow Your Video RMR” “5 Faster, Smarter Ways to Improve Cash Flow” “Artificial Intelligence Real Time Video Monitoring Solutions” Promoting security professionals’ growth Our goal is to develop next-gen methods that deliver industry content and promote professional growth"“Each year, we challenge ourselves to raise the bar of the educational sessions and main stage events,” says De Marco. “One of the ways is introducing new faces and voices for the peer-developed and peer-driven educational sessions that offer best practices and identify trends, opportunities and challenges for industry professionals to consider today and in the future. Our goal is to develop next-gen methods that deliver industry content and promote professional growth as the industry pivots to the future.” New entrants and disruptors are challenging traditional go-to-market strategies, causing traditional companies to rethink how they rise above the noise in a changing competitive landscape and handle new consumer buying behaviours, says De Marco. Exhibitors at ESX Exhibitors that support ESX include Interlogix (Diamond sponsor), Napco (Platinum sponsor), Alula and DMP (Gold sponsor), and ADI, Altronix, Bold Group, Essence, ICT, Quick Response, Resideo, Secura key, Security Central and WeSuite (Silver sponsors). ESX seeks to connect exhibitors with the influencers and decision-makers from companies that represent a cross section of dealers, integrators and monitoring companies in North America. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s impressive convention centre. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s convention centre “We recognise individuals and companies during the Opening Celebration that help propel the industry forward and at our VIP Event at the Indianapolis Motor Speedway,” says De Marco. “During the day, there are meals around the Main Stage sessions which gather attendees around the table for casual conversation before the presentation begins.” Indianapolis, home of the Indy 500, is a unique location that has a lot to offer the attendees of ESX. A special night at the Indianapolis Motor Speedway will invite a limited number of guests to share great food and drinks, to experience a trip around the track in an official pace car, and to ‘kiss the bricks’, a speedway tradition. Centrally located in the US, Indianapolis is a convenient convention destination for travel, whether flying or driving. Connecting with peers and colleagues Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small There are also networking opportunities throughout the week. The Pub Crawl, an attendee favourite, is a night where long-time friends gather, and new friendships are made. “This is where the real conversations happen between peers and colleagues about real problems of running and growing a company, and solutions that can make a difference,” says De Marco. Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small players. This enables professionals to come together to connect with their peers and colleagues, allowing for deep discussions on how to grow their people, revenues and profits, including mentoring opportunities that encourage leadership development, says De Marco. The subject of finding qualified employees is top of mind for almost every industry today, especially the security industry. Sessions that address hiring and managing employees for industry professionals include “Hiring from Outside the Monitoring Industry: Surprising Resources for Great Operators” “Maximise New Employees: Why Onboarding is Critical to Their Success” “5 Tips for Effective Employee Performance Evaluations” Helping attendees to reinvent their business “Our focus is primarily on the attendee, helping them connect with suppliers, colleagues and opportunities that reimagine their businesses, so they can be stronger competitors,” says De Marco. “If we can provide the right knowledge to inspire or transform the attendees to take meaningful action or implement change that helps them remain relevant, we believe we have succeeded.” There will be an undercurrent of sadness at ESX this year because the industry recently suffered a loss. George Gunning, former CEO of USA Alarm Systems and one of the founding members of ESX, passed away in February. “We would be remiss if we didn’t recognise his contributions and influence on the industry and ESX over the years,” says De Marco. Another founding member of ESX who has passed away is John Murphy, formerly CEO of Vector Security.
Simultaneous suicide bombings at several churches and hotels in Sri Lanka on April 21 were of a scale, sophistication and level of coordination that hasn’t been seen since 9/11. Nine suicide bombers targeted three churches and three hotels on Easter morning, and the resulting casualties numbered 359 dead, including 45 children, and about 500 injured. The complexity of the attacks suggests the bombers received help from an outside organisation, likely the Islamic State (IS). Sadly, security warnings from Indian intelligence officials, which might have helped to prevent or minimise the attacks, were ignored by Sri Lanka security weeks earlier. In the wake of the massacre, two of Sri Lanka’s top security officials were asked to resign, and Sri Lanka’s president promised to completely restructure state security. Contradiction to the terrorism report The twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacksA motivation for the Sri Lanka tragedy is thought to be the March 15 shootings at two mosques in Christchurch, New Zealand, where 50 people were killed and 50 more were injured. A 28-year-old Australian white supremacist was arrested and charged with murder. Taken together, the twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacks, as documented in a recent report. The suicide bombers in Sri Lanka were eight men and one woman, most of them well-educated and coming from the middle or upper class. One was the leader of National Thowheeth Jamaath, the homegrown militant Islamist group the government has blamed with carrying out the attacks. There is also evidence to corroborate a claim of responsibility by IS. Some 60 people have been arrested in the investigation. Even days later, police continued to find explosives and said there was still danger. Multiple attacks One explosion on Easter morning occurred at St. Sebastian’s Church in Negombo, 20 miles north of Colombo, where more than 100 were killed. Another bomb killed 28 people at the Zion Church in Batticaloa, and an unknown number died at St. Anthony’s Shrine, a Roman Catholic church in Colombo. The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury. Two more explosions happened Sunday afternoon, one at a small guest house and another at the suspects’ safe house, where three officers were killed. Security at houses of worship has been a high-profile concern in the United States in recent years following incidents such as an attack at Emanuel African Methodist Episcopal (AME) Church in downtown Charleston in 2015 that killed nine people. Just last October, 11 people were killed and six others injured in a shooting at a synagogue in Pittsburgh. Hardening security at churches “It’s no longer enough to pray for a safe and secure environment,” commented Patrick Fiel of PVF Security Consulting in an Expert Panel Roundtable discussion. “Churches are soft targets. Clergy and parishioners will need to work closely with security consultants and local law enforcement to harden their facilities.” Access control, CCTV solutions and mass notification systems are all helpful and can be placed unobtrusively so as not to interfere with aesthetics of the church, Fiel adds. The scale and scope of the bombings in Sri Lanka provide a wakeup call to the global likelihood of terrorist attacksIt doesn’t appear technology would have made much difference in the case of the Sri Lanka attacks, although awareness and vigilance can have an impact. At Zion Church in Batticaloa, for example, a bomber was stopped by pastors from entering the congregation area where some 500 people gathered. Because of their suspicions, the bomb was instead detonated in a courtyard where children were eating breakfast; 28 people died. The scale and scope of the bombings in Sri Lanka provide a dramatic wakeup call to the continuing global likelihood of terrorist attacks. The last territory of the Islamic State in Syria fell in March, but IS and its ideology live on, and continue to be a global terrorism threat. And that’s just one among many possible sources of terrorism worldwide. Hopefully, the recent incidents do not foreshadow more attacks that are even more deadly.
As the Internet of Things (IoT) and other trends drive the convergence of physical and information security, integrators and end users attending ISC West may be struggling to keep pace with new areas of responsibility and expanding roles in the larger security ecosystem. Help is here. The Connected Security Expo, co-locating with ISC West, focuses on building a holistic security strategy for the connected enterprise. Exhibitors will focus on how physical and information security can be used together to mitigate new and emerging cyber-threats in a hyper-connected world. Connected Security Expo provides attendees access to cutting-edge products and technology in both the physical and IT secure realms. It is clearly a growth factor in the market. Here’s a look at some of the companies on display in the 2019 Connected Security Expo: Integrated video cloud service The AI-powered video analysis software suite delivers high-speed object search and facial classification Arcules provides the Arcules integrated video cloud service, which combines untapped video and sensor data with the latest technologies in cloud, artificial intelligence, and machine learning to deliver actionable business and security intelligence for modern organisations. The cloud-based service is designed to ensure security, scalability, streamlined operations, and bandwidth management — all from a single, easy-to-use interface. Hardware-accelerated solutions BrainChip Inc. is a global developer of software and hardware-accelerated solutions for advanced artificial intelligence (AI) and machine learning applications. The AI-powered video analysis software suite delivers high-speed object search and facial classification for law enforcement, counter terrorism and intelligence agencies. PSIM software platform CNL Software Inc. is an open, adaptable, scalable and secure Physical Security Information Management (PSIM) solutions provider. The IPSecurity Center PSIM software platform helps law enforcement, government agencies, the military, public and private critical infrastructure, transportation networks, corporations and campuses to integrate, automate and manage systems, allowing better security intelligence and improved operational efficiency. Facial recognition software IOmniscient Corp. provides facial recognition software that can recognise multiple faces even in crowded and uncontrolled scenes IOmniscient Corp. provides facial recognition software that can recognise multiple faces even in crowded and uncontrolled scenes. Matching faces with an existing database, the system can detect an unauthorised person and track him or her across non-overlapping cameras. Enhance situational awareness Oncam offers 360 and 180-degree video technology. The company has the largest range of wide-angle cameras that are open platform and easy to integrate. Unique dewarping technology allows the creation of award-winning video solutions for stakeholders from the C-suite to the security officer in wide range of industry segments. Oncam’s products greatly enhance situational awareness. Enterprise-class security Pivot3 is a provider of intelligent solutions using hyperconverged infrastructure. Pivot3’s intelligent infrastructure is optimised to deliver performance, resilience, scalability and ease-of-use required for enterprise-class security, video surveillance and IoT deployments. Electronic physical security The UL 2900-1 standard offers general requirements for software cybersecurity for network-connectable productsUL LLC is working to increase the prominence of the Underwriter Laboratories brand in cybersecurity with the UL Cybersecurity Assurance Program (CAP). The UL 2900-1 standard, the standard that offers general requirements for software cybersecurity for network-connectable products, was published in 2016 and in July 2017 was published as an ANSI (American National Standards Institute) standard. The standard was developed with cooperation from end users such as the Department of Homeland Security (DHS), U.S. National Laboratories, and other industry stakeholders. UL 2900-2-3 – the standard that focuses on electronic physical security/life safety & security industry, was published in September 2017. Proactive automated system Viakoo is a provider of the security industry’s first proactive automated system and data verification solution. Create significant value Vidsys is innovating and accelerating a transition to Converged Security and Information Management or CSIM. The company is committed to educating and supporting customers with their evolving needs to provide a more holistic view of risk and throughout the overall business process re-engineering necessary to create significant value across the entire organisation.
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimise internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual data mapping and processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralised data management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system “We are now tracking and recording every single data request in a centralised way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralised system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data processing, documentation and risk management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimised our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing a partnership ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilise great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open platform matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-on modules and intrinsic scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open access is key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalogue of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured business ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, key connector in physical security industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realised that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting the Scandinavian management model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone partner ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open business world Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognising there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving school security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organisations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
Keeping the food supply safe was not an issue for Furman Foods back in 1921, when John W. Furman canned 360 glass jars of tomatoes with his wife, Emma, and their six children. Just as food processing practices have evolved over time, so too has the nation’s approach to securing food processing facilities. Today, Furman Foods uses ID cards as the first step of a greater plan to enhance its plant security. Furman Foods is a family-owned business. By 1969, the company had sold a million cases of tomatoes and was complementing its tomato crop with beans, peppers and other vegetables sold under the Furmano’s name. The company’s roots are planted firmly in the soil of the Susquehanna River Valley of Pennsylvania. Despite this remote location, Frank Furman, Vice President of Quality, is ready to take the facility to the next level of security and quality. “The need is here,” he said. “Everything is coming together at once. Not only does security make good business sense, but it also is something we need to do for our customers.” Food safety and security While the company has focused on food safety for many years, the U.S. Food and Drug Administration’s (FDA’s) Bioterrorism Act of 2002 made security a top concern for food producers such as Furman’s. Title III of the act specifically addresses protecting the safety and security of food and drug supplies. In addition, because Furman Foods provides food for U.S. Department of Agriculture (USDA) food programs, it is subject to USDA security measures. Security isn’t new to the company. It began incorporating additional security measures shortly after September 2001. The well heads for the water supply are locked and checked daily, for example, and a third-party security service is on duty during off-hours. Delivery truck doors now must be sealed, the company’s computer systems have new access controls in them, and locks now adorn all bulk storage areas, such as those for corn sweeteners and vinegar, some of the most vulnerable areas in the company. An important part of the security system at Furman’s is a new ID card program Time and attendance tracking An important part of the security system at Furman’s is a new ID card program. “We needed to replace our time clocks,” said Mark Slear, Systems Administrator, “so we took advantage of the opportunity to introduce employee ID cards to track time and attendance.” “I wanted some kind of control so that people who don’t work here don’t get in,” Furman said, “Despite the fact that we are located in a rural area, we still were seeing people here who shouldn’t be here. We had to figure out some way to limit access.” In the past, the company had pre-printed, pre-numbered, bar coded cards for hourly employee access. Employees were assigned a number, but that was it. HID Fargo Printer/Encoder Slear and Furman selected the Fargo DTC550 Direct-to-Card Printer/Encoder with lamination capabilities from ID Wholesaler (www.idwholesaler.com), a Fargo Value-Added Retailer and the largest online reseller of photo ID products. “I looked around quite a bit,” said Slear, “and all of my research kept coming back to Fargo.” Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs" “We determined that Furman Foods needed a higher level of security than a basic photo ID card could offer,” said Shane Stark, Account Manager, ID Wholesaler. “The FDA keeps tight regulations on who has access to food processing areas. Along with using bar codes and magnetic encoding for security measures, Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs. This led us to lamination and a Mylar card, which offers greater durability.” Slear was also interested in the printer’s speed. “When we ramp up during the summer, we produce a year’s worth of product in three months,” he said. “We have to print a lot of ID cards quickly to accommodate our seasonal workers.” Security access cards Furman’s bought the Fargo printer in October, took employee pictures in November and began issuing new ID cards in January. The ID cards contain a full photo, and the program includes all employees, even the extra 300 that are hired during the July-to-October busy season. While tracking time and attendance with the ID cards was the company’s first concern, Slear and Furman were thinking ahead when they chose an ID card printer, knowing that security needs would be enhanced down the road. “We added a magnetic stripe and photo in preparation for future security,” said Slear. “We haven’t defined yet what else we might do, but much of it will be driven by FDA and USDA directives.” “We liked the fact that the DTC550 printer can print on proximity cards if we decide to upgrade our ID cards someday,” said Slear. Furman agreed. “Eventually, we will go to smart cards, especially for the room where our ingredients are mixed,” he said. “We need to limit this area to those who are designated to be there. They will have to swipe an ID card for access. We chose a printer that will allow us to upgrade the cards, knowing that sooner or later we’ll have to go further with security.” Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements" Comprehensive identification solutions “Everything has been going well,” Slear said. “The person printing the cards picked up on it quickly.” Slear gives high marks to ID Wholesaler for their customer service. “Every time I talk to Shane, I get the answers I need,” he said. “He also checks in from time to time, just to see how things are going.” “Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements and their budgets,” said Jennifer Clancy, Marketing Manager, ID Wholesaler. Currently there are three variations to the Furman’s ID cards: yellow background for employees, green background for visitors and blue background for vendors. “Certain vendors are allowed on site without an escort,” said Furman. “For instance, because we are a kosher facility, once a month a rabbi comes in to check our operations. He has his own vendor ID card and is pre-approved, so he can move throughout our facility unescorted.” Facility security One of our big concerns is having someone follow a carded employee into the plant Furman Foods prides itself on its strong values, its quality products, its sustainability and its food security. Yet Furman isn’t satisfied. “We are still not where we should be,” he said. “We have come a long way, but we have a long way to go. If I could wave a magic wand, we would have one entrance, where everybody has to enter and exit. This entrance would be secured by a card reader, so individuals would have to swipe an ID card to get in. One of our big concerns is having someone follow a carded employee into the plant. Restricted areas should require special access cards, and I’d like a fence around the entire facility, with a guard shack where everyone checks in and out,” he further added. Right now, there are multiple entrances for traffic. The facility is very spread out, and the road in front is a public road. Photo ID access card Yet, all agree that the ID cards are an important step on Furman Foods’ journey toward enhanced security. “A safe workplace is fundamental,” said Clancy. “Photo ID cards provide at-a-glance validation that the card wearer is authorised to be on the premises. This is especially important for food manufacturers.” “I tell our employees security is only going to get tighter,” Furman said. “More safeguards will be put in place. We are in the food business. If we don’t have safe foods, we don’t have jobs.”
Following several high-profile incidents alleging abuse of special needs students (including some non-communicative students), and the activism of a number of parent groups in the state of Texas, Governor Greg Abbott signed Texas Senate Bill 507, requiring districts to install audio and video surveillance equipment into select special education classrooms when requested. The law requires the installation of cameras and recorders in classrooms meeting certain criteria—if and when a parent, school board member, or school staff requests them from the 2016-2017 school year forward. Surveillance must cover all areas in a classroom, with the exception of bathrooms and changing areas, and recorded footage must be retained for a minimum of six months. Many Texas school districts have begun the work of bringing relevant educational spaces into compliance with the law, including the Edna Independent School District.The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements Super Fisheye-powered surveillance Carefully considering Edna ISD’s requirements for a highest-quality surveillance solution, capable of audio recording and coverage in compliance with the law, along with their need for a fiscally responsible solution that minimised total cost of ownership, while maximising value, PSX recommended the IDIS Total Solution’s DirectIP line. The IDIS Total Solution has a selection of affordable, highest-quality options for school districts, easily scaled to meet any classroom size, configuration, or budget. The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements with a custom configuration of IDIS cameras and recorders for multiple classrooms and sites. At the heart of the solution is the IDIS DirectIP Super Fisheye Camera, which features breakthrough IDIS technology recognised by the industry for solving common concerns found with many other fisheye models.The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture Smart UX controls The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture and strongest possible assessment and documentation of incidents. It also features the company’s award-winning IDIS Smart UX Controls (named a 2016 ‘New Product of the Year’ by Security Products magazine), which allow for agile real-time pointing and zooming in a simplified and smooth manner previously unheard of in the industry. Other IDIS benefits, including two-way communication and the powerful recording and storage technology the company is known for, make the solution an ideal one for Edna ISD’s needs. Significantly, SB 507 was not accompanied by additional funding for implementation. It required school districts to cover the cost of surveillance purchases and installation from existing funds, donations, or other alternate funding strategies. This expands the requirement for school districts such as Edna ISD, beyond the simple purchase and installation of new surveillance solutions, to include the identification of surveillance solutions able to provide maximum quality with a low total cost of ownership and to be as responsive as possible to the law, student needs, and existing budgetary requirements.The IDIS Total Solution has proven a strong fit for school districts Cost-effective deployment Offerings that feature combinations of technical and cost-effective benefits have proven a strong fit for school districts, including Edna ISD, looking to meet SB 507 requirements without sacrificing quality for cost, something that is important to institutions such as public schools, charged with both optimal execution of their core educational mission and careful stewardship of public funds. The IDIS Total Solution, differentiated by its ease of installation and use as well as its lack of licensing and maintenance fees, has proven a strong fit for school districts, including Edna ISD. Alan Morris, Vice President of Sales for PSX, Inc., stated, “While SB 507 compliance has proven a challenge for some school districts, Edna ISD has shown an uncompromising commitment to its special needs students through the selection of technology that provides easy real-time review of classroom behavior and provides the best, clearest evidence possible should an incident occur.” Secure learning environment "In Edna ISD, the safety of our students, teachers, and staff is a key part of our educational mission. When those in our schools, and the families that love them, know their environment is safe and secure, the educational mission can thrive. We have embraced the SB 507 requirements as yet another tool in ensuring an ideal learning environment for all, providing additional support and protection for our special needs population.” “We were committed to doing this with only the best technology the industry had to offer, while also remaining responsible to our taxpayers throughout the process. The IDIS combination of a fully scalable solution of next-generation technology with a lower total cost of ownership than typically seen in the industry made it the right choice for our needs."
Round table discussion
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?
Knowledge shared among peers is often afforded more credibility than information from manufacturers. An approximation of that principle is at work in the use of case studies as marketing tools in the physical security industry. Case studies are aimed at telling real-world success stories – from actual customers – about how various technologies are used to accomplish security goals and make the world a safer place. But how useful are they? We asked this week’s Expert Panel Roundtable: What are the benefits of case studies as a marketing tool in the security industry?