Gunshot detection today is part of more physical security systems than ever before, and many manufacturers are developing interfaces to the latest gunshot detection technologies. Genetec has integrated ShotSpotter gunshot detection technology into its unified IP security platform, Security Center. Thanks to this integration, police departments and security professionals will be able to receive more actionable information, gain rapid access and detailed location insights when a gunshot situatio...
Qualitest, the independent software testing and quality assurance company, opens its new headquarters in Central London following a period of worldwide growth. Serving as a central location with easy access to Qualitest’s US, Israel, India and Romanian offices, London is also a base for prominent existing clients as well as a wide array of companies seen as prospective clients. The new office, based close to Liverpool Street station, brings together employees located across greater London...
With security threats on the rise, LILIN Americas is answering the call by introducing an advanced yet easy-to-install Access Control System for monitoring entry to a building, resulting in a safer environment for personnel and assets. When integrated with other platforms such as IP cameras, fire alarms, and sensors, the system provides a layered security approach that significantly enhances peace-of-mind and acts as a deterrent for theft and vandalism. "The LILIN Access Control System is a sin...
Pulse Secure, the provider of software defined secure access solutions, announces that growing demand for hybrid IT and Zero Trust Secure Access, resulted in double digit deal volume growth in the first half of 2019. Additionally, the company announces significant achievements in product innovation, channel programs, customer service and talent acquisition. “Our sales growth demonstrates that we offer the most flexible and robust platform for Secure Access. We are ideally positioned to ca...
Connected Technologies LLC, maker of the award-winning patented Connect ONE integrated cloud-hosted security management platform, has boosted the capacity of its Access Expander to handle up to 100,000 users. Prior to developing this new programming capability the Access Expander handled up to 10,000 system users, depending on the panel manufacturer’s integration. Integrated access control Connect ONE allows security dealers to offer home automation with integrated access control Connec...
Microsoft and CyberArk are globally renowned companies in the identity management space for the security software sector, according to the latest Thematic scorecard from GlobalData. Identity management Identity management refers to software whose function is to ensure that the right people (or machines) have access to the parts of the IT system they require to fulfill their role. Both companies gained the highest Thematic score (5 out of 5) for the identity management theme in GlobalData&rsquo...
BitSight, the Standard in Security Ratings, announced BitSight Enterprise Analytics, the latest Security Performance Management solution available on the BitSight platform. BitSight Enterprise Analytics helps security and risk leaders quickly gain insight into the impact of risk introduced at the organisational group level – from subsidiaries to business units and departments – enabling them to identify the areas of highest risk concentration within their organisations. The solution provides visibility into which groups have the biggest impact on their organisations' overall cyber risk posture and helps identify areas for security performance improvement. Simplifies security programme monitoring The solution helps security and risk leaders simplify security programme monitoring, managementLarge enterprises often consist of dozens to upwards of hundreds of distinct organisational groups including departments, business units, subsidiaries, centres, offices and more – and in some cases, located in disparate geolocations. Each of these groups has a unique structure, function and points of digital exposure, and consequently, a unique cyber risk level. This has historically made it difficult for security and risk leaders to pinpoint where exactly the greatest cyber risk exists across the entire organisation. BitSight Enterprise Analytics takes the guesswork out of identifying risk concentration throughout and enhances security performance across distributed enterprise groups. The solution helps security and risk leaders simplify security programme monitoring, management and reporting by aligning risk management and communication with the existing business structure. Access meaningful and objective data With BitSight Enterprise Analytics, businesses can access real-time, meaningful and objective data and metrics on organisational group-specific security performance across several categories of vulnerabilities and cyber incidents. Armed with this visibility, security and risk leaders can: Quickly Discover Group-Based Performance Deficiencies: BitSight Enterprise Analytics helps organisations uncover the factors within each enterprise group that most significantly impact the organisation's overall security performance. More Effectively Allocate Security Resources: BitSight Enterprise Analytics allows an organisation to accurately distribute resources and prioritise initiatives that are in line with the company's risk appetite and policy thresholds for the greatest impact on security performance improvement. Create Focussed Improvement Plans: When used alongside BitSight's security performance projection and improvement model tool, BitSight ForecastingTM, BitSight Enterprise Analytics helps businesses create improvement plans by enterprise group for the greatest impact. Report More Impactfully to the Board: With BitSight Enterprise Analytics, security and risk leaders can measure and manage the security performance of their corporate structure and confidently report to senior executives and the board. Continuous monitoring of cybersecurity posture "Within the last month, regulators have issued billions of dollars in fines due to cyber insecurity; companies experiencing cyber incidents have lost billions in market capitalisation. This is the new risk reality that senior executives and board members find themselves in today," said Dave Fachetti, SVP Corporate Strategy & CMO of BitSight. "BitSight Enterprise Analytics provides confidence to executives through data. It helps our customers gain insight into risk concentration and changes in potential risk impact throughout their organisation over time to help them continuously monitor cybersecurity posture, measure security programme performance and allocate limited resources to focus on the areas that will have the greatest impact on their cyber risk management programmes."
The Milestone Technology Partner Program, which formalises a high level of cooperation between Milestone and manufacturers such as Hanwha Techwin, comes with a rich set of benefits and well-defined requirements. The main objective of the Program which has three levels, with ‘Platinum’ being the highest, is to ensure that mutual end-user clients are able to achieve maximum value from their video surveillance systems. Video surveillance solutions “We are delighted to be acknowledged by Milestone in this way,” said Uri Guterman, Head of Product & Marketing for Hanwha Techwin Europe. “The Platinum Partner accreditation reflects our ability to cooperate with Video Management Software (VMS) developers, such as Milestone, to assist system integrators in providing end-users with easy to implement and easy to operate integrated video surveillance solutions.” “The ability of Milestone’s VMS to support existing, as well as future generations of Wisenet cameras, means they can be controlled and monitored alongside devices and systems produced by other third party manufacturers, as well as integrated with specialist analytics applications.”
Boon Edam Inc., a pioneer in security entrances and architectural revolving doors, announces they are emphasising the theme of tailgating mitigation and integration in booth #1103 at the GSX (formerly ASIS) exhibition in Chicago, Illinois from September 10-12. GSX is an annual event that brings together over 20,000 participants from across the security profession for a week of networking, educational opportunities and discovering the latest security solutions. Boon Edam is also the official turnstile sponsor of the show. Appropriate entrance solution Security entrances coupled with access technologies provide a complete solution Access technologies, such as card readers and biometric devices, are critical for controlling entry to secure areas within a building. However, these solutions are only effective at mitigating tailgating when coupled with the appropriate entrance solution. Swinging doors do not stop one authorised person from opening the door and then holding it open for a number of others. Security entrances coupled with access technologies provide a complete solution that ensures only one person can enter per valid authorisation. The following solutions will be on display in Boon Edam’s booth: Lifeline Speedlane Swing Optical Turnstile: The industry’s slimmest optical turnstile will feature a custom, integrated pedestal that incorporates the MorphoWave™ touchless fingerprint technology from IDEMIA. This solution enables high throughput with the enhanced security of rapid biometric identification, all in a stylish, cohesive design. New! Lifeline Boost Access Control Pedestal: The Boost is a brand new, stylish access control pedestal designed by Boon Edam to complement the popular Lifeline optical turnstile series. The Boost will include the latest version of Essex’s credential card reader, now with optical Bluetooth and OSDP capability, the iRox-T with BLE expands for HID Global’s Mobile Access solutions. Tourlock 180+90 Security Revolving Door: The entrance of choice for the Fortune 500, the Tourlock will feature an AMAG Symmetry card reader to demonstrate access control integration paired with the door’s uniquely high, bi-directional throughput and its ability to prevent tailgating and piggybacking without manned supervision. Circlelock Mantrap Portal: Offering the highest level of security available in an entrance, the Circlelock security portal prevents intrusion into the most sensitive areas such as data centers. The portal will be configured to demonstrate two-factor authentication: an AMAG Symmetry card reader on the outside of the portal conducts the initial authorisation, while facial recognition provides instant authentication inside the portal. The secure, edge-based facial recognition access control device by Alcatraz, called the Rock, can also be experienced at their booth (GSX booth #1047). BoonConnect Software: An IP-addressable, proprietary software system providing diagnostic and configuration tools for the Tourlock security revolving door and Circlelock mantrap portal. Users can remotely access door operations and events using devices such as a tablet, laptop or smartphone via a secured corporate network. Upcoming tailgating season Boon Edam is celebrating its position as the market pioneer for security entrances, according to a report by IHS Markit®, with a tailgating-themed prize giveaway. All visitors to GSX are invited to participate by visiting booth #1103 during show hours. Participants will have the opportunity to win a variety of prizes that will help them make the most of the upcoming tailgating season: the Big Green Egg® grill, a YETI® cooler and more. Winners will be selected at random after the exhibition, and an announcement will be made to all participants via email by Friday, September 27.
Antaira Technologies is a developer and manufacturer of industrial networking devices and communication solutions for harsh environment applications and is proud to announce the expansion of its industrial networking infrastructure family with the introduction of the LMP-1802G-SFP and LMX-1802G-SFP Series. Antaira’s LMP-1802G-SFP and LMX-1802G-SFP series are industrial-grade equipment that is Ethernet ready to fulfil various markets’ edge-level networking applications in harsh and outdoor environments, such as manufacturing automation, security surveillance, power/utility, waste water treatment plants, oil/gas/mining, and transportation. Industrial switches These devices support high density Ethernet port connectivity, wide bandwidth, long distance data transmission, and have a superb reliability factor. The LMX-1802G-SFP Series is an ideal choice for campus ring solutions with its two fibre optic ports supporting an open standard ring technology (ERPS). These outdoor devices are able to communicate and send critical information back to an enterprise switch There are many proprietary ring technologies available but using an open standard like ERPS means that it is possible to have equipment from different manufacturers working together in the ring. For example, campuses have networking rings consisting of hardened and industrial switches for outdoor environments that require a wide temperature-rated device. These outdoor devices are able to communicate and send critical information back to an enterprise switch at a data center. Electromagnetic interference Antaira’s LMP-1802G-SFP Series can not only provide a large number of PoE ports (30 Watts) for high density security applications, but also fibre optic interfaces for long range connectivity (1 meter to 100 KM) that is 3 feet to over 60 miles. The SFP port will not only allow connectivity beyond the 100 meter/300-foot limitation of copper cable but also permits connectivity through areas where electromagnetic interference may cause issues such as on a factory floor. The Antaira management software on these switches helps monitor, react, and troubleshoot applications to reduce the cost of maintenance and downtime. Features such as SNMP Traps, Syslog, and port mirroring can be priceless when maintaining a system and reducing issues causing outages.
One can customise the way they want to run their own CLIQ® access control installation. The CLIQ® Web Manager makes it easy to program, reprogram or audit every CLIQ® key, cylinder, padlock or updater. And because the interface is accessible from anywhere with a Web connection, via secure login over https:// and multifactor authentication if required, one can manage access whenever and wherever they choose. ASSA ABLOY’s intuitive CLIQ® Web Manager boosts one's efficiency. One can filter access to specific locks according to the precise security needs of their site and users. For any CLIQ® system, one can create individual schedules for key-holders, doors or audit trails. Local software installation In a few clicks, a CLIQ® key or system can require users to revalidate keys regularly, making it safer to issue time-limited access to contractors or visitors. The Web Manager offers this same degree of customised efficiency when one manages CLIQ® electromechanical locks or fully electronic eCLIQ locks. The CLIQ® Web Manager has the flexibility to integrate with existing access control and other customer software It powers the interface between CLIQ® Connect keys and the Bluetooth-powered CLIQ® Connect app, for secure remote key updating for mobile workers and contractors — with added PIN protection. The CLIQ® Web Manager has the flexibility to integrate with existing access control and other customer software. Its architecture supports multiple administrators or sites, across different time zones if one needs. Workflows become easier. The Web Manager also gives the option to administer access in a self-hosted IT environment or completely free of local software installation with two different CLIQ® Software as a Service solutions. Manage access software For the highest levels of access security and scalability, the CLIQ® Web Manager comes with a Software as a Service (SaaS) option. When one opts for CLIQ® SaaS, they can select a Shared SaaS solution or Dedicated SaaS with hosting just for them, choosing maintenance schedules which suit their business best. Both SaaS options are hosted by ASSA ABLOY. They save businesses the cost of extending in-house server capacity or employing dedicated IT staff to manage access software. Security infrastructure budgeting becomes more predictable. With CLIQ® SaaS, the data benefits from complete redundancy, so it can meet regulatory and compliance requirements without stress. ASSA ABLOY includes round-the-clock support, maintenance and incident reporting in standard Service Level Agreements delivering up to 99.5% availability. And with a SaaS solution, the company’s CLIQ® software is always, automatically up to date — a big plus for cyber-security resilience. CLIQ® SaaS and the CLIQ® Web Manager saves one's time, money and worry.
Keysight, the test and measurement vendor introduces its new Automotive Cybersecurity Program that delivers a broad cybersecurity portfolio, including hardware, software and services, to address the growing concern of cyber-attacks on connected vehicles. The cyber world is increasingly impacting the safe operation of automobiles, opening the risks of exposure, including malicious hacker activities. The new reality is that cyber-attacks against automobiles could result in the loss of human life. The most recent report from Consumer Watchdog has exposed the reality about the cybersecurity risk in connected vehicles. Deliver extensive security ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool Keysight Technologies understands these risks and offers solutions to test and measure connected vehicle technologies, including the newly announced Automotive Cybersecurity Program that validates the resiliency of connected components of a vehicle, individually or as an entirely functioning automobile prior and post deployment. In addition, security solutions developed by Ixia Solutions Group (ISG), enables Keysight to deliver extensive security validations of the 4G/5G radio access network (RAN) infrastructure that connects vehicles, and the backend data centers that manage business operations. ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool sets in production networks. Keysight provides test and measurement of cybersecurity effectiveness from the ECU level up to the cloud data center. Pre-deployment testing “Early assessment, prior to production, is essential to enabling our automotive customers to deliver safe and supportable vehicles,” stated Mark Pierpoint, president of Ixia Solutions Group, a Keysight business. “Potential issues identified post production, with the risk of recalls, cost orders of magnitude more to repair than when found during pre-deployment testing, notwithstanding the possible loss of human life." Cars today support multiple communication methods, like Bluetooth and USB" "Continued detection and mitigation of cybersecurity threats once vehicles are on the road are equally critical to keep consumers safe. Cybersecurity testing is an essential defence to ensure the design and implementation of a bullet-proof security posture in connected vehicles. Cars today support multiple communication methods, like Bluetooth and USB while a growing number of cars use mobile communication for a variety of services available in the car,” said Tom Goetzl, Automotive & Energy Solutions business general manager for Keysight. Available communication ports “Keysight’s Automotive Cyber security program can test for vulnerabilities on all available communication ports and provides direction to our customers on how to close such vulnerabilities.” Keysight offers a broad portfolio of solutions to help prevent vehicles from being cyber-hijacked, including: Automotive Cybersecurity Program – to validate and exploit the potential attack surfaces existing in connected vehicles Automotive Gateway Security Test – to validate the zoning and security posture of in-vehicle networks Network Security Test – to validate and stress a network infrastructure and backend data centers Application & Threat Intelligence (ATI) Research Center – to ensure testing that includes the latest application and security strike simulation Visibility for Network Security – to improve the performance of a security architecture with 100% visibility of all traffic on an automotive network
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The extensive analysis and discussion preceding any decision to implement a new physical security solution – whether it’s hardware, software or a combination of both – often focuses on technology, ROI and effectiveness. When it comes to deciding what type of security entrances to install at your facility, you will almost certainly also consider the aesthetics of the product, along with throughput and, if you’re smart, you’ll also look into service concerns. Each of these factors has its important place within the evaluation process, and none should be overlooked as they all have a significant effect on how well your entrances will perform once they are installed. Culture influences door solution decisions How significant will the change from current entrances to security entrances be for employees? Still, one additional factor actually trumps everything: if you have not considered your organisation’s culture in choosing a security entrance, you may be missing the most important piece of the puzzle. Culture is a part of every other decision factor when selecting an entry solution. Before you make a decision about what type of entrance to deploy, you need to consider and understand the values, environment and personality of your organisation and personnel. For example, how significant will the change from current entrances to security entrances be for employees? If people are accustomed to simply walking through a standard swinging door with no access control, this will be a culture change. Beyond this, whether you are considering a type of turnstile, a security revolving door or possibly a mantrap portal, simply walking through it will be a significant change as well. Training employees on door security You’ll want to know whether employees have ever used security entrances before. If these types of entrances are in place in another part of the facility, or in a facility they’ve worked in at an earlier time, the adjustment will not be as great as if they’ve never used them at all. Consider, too, how your personnel typically react to changes like this in the organisation or at your facility. They may be quite adaptable, in which case there will be less work to do in advance to prepare them. However, the opposite may also be true, which will require you to take meaningful steps in order to achieve buy-in and train employees to properly use the new entrances. With the increased importance of workplace security, discussing new entrances with workforces will help maintain a safer environment Communicate through the decision-making process All of this will need to be communicated to your staff, of course. There are a number of ways to disseminate information without it appearing to come down as a dictate. Your personnel are a community, so news about changes should be shared rather than simply decreed. As part of this process, you’ll need to give some thought to the level of involvement you want for your staff in the decision-making process. Finally, do not overlook the special needs among your personnel population. You undoubtedly have older individuals on staff, as well as disabled persons and others who bring service animals to the office. Entrances need to be accessible to all, and you never want to be in the position of having a gap in accessibility pointed out to you by the individual who has been adversely affected. New security entrance installation By communicating early and often with your personnel, you can alleviate a great deal of the anxiety Once you have made the decision about which security entrances to install, training your personnel on how to use the new security entrances – both before and after the installation – will help to smooth the transition. Because workplace security is such a big issue right now, it makes sense to discuss the new entrances in the context of helping to maintain a safer environment. They will prevent violent individuals from entering, decrease theft, and most of all, promote greater peace of mind during the workday. If you can help them take control of their own safety in a responsible way, you have achieved much more than just a compliant workforce. By communicating early and often with your personnel, you can alleviate a great deal of the anxiety and concern that surrounds a significant change in the work environment. Schedule group meetings Consider your employees; what type of communications do they respond best to? A few suggestions to educate staff on the benefits of the new entrances include: Typically, you would communicate a general message 2-3 months in advance and then provide more specific information (for example, impacts to fire egress, using certain entrances during construction) in a follow up message closer to the installation date. Schedule group meetings to: announce the rationale for increased security, share statistics on crime, review the new security changes that are coming, show drawings/photos of the new doors/turnstiles, and show the orientation videos available from the manufacturer. These meetings are an excellent way to work through user questions and directly address any concerns. Once the installation of a new security system is complete, it is a good idea to have an "ambassador" on board to help employees use these new systems Ensure you monitor public areas If you are implementing a lot of new changes, such as a new access control system, new guard service and security entrances, you might consider hosting a ‘security fair’ on a given day and have the selected vendors come for a day with tabletop displays to meet employees and answer questions during their lunch. This could be a great way to break the ice in a large organisation. Make user orientation videos (provided by the manufacturer) available in several ways, for example: Intranet Site Monitors in public areas—lounges, cafeteria, hallways, etc. Send to all staff as email attachments Immediately after installation, once the doors or turnstiles are operational but before they are put into service, train ‘ambassadors’ on how to use the door/turnstile. Have these people monitor and assist employees during peak traffic times. What is the ultimate success of the installation? By communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction If you have thousands of employees, consider dividing them into groups and introduce the new entrance to one group at a time (Group A on Monday, Group B on Tuesday, etc.) to allow a little extra orientation time. Place user education ‘quick steps’ posters next to the door/turnstiles for a few weeks to help employees remember the basic steps and guidelines, e.g., ‘stand in front of the turnstile, swipe badge, wait for green light, proceed.’ Ask your manufacturer to provide these or artwork. While there are always going to be people who are resistant to change, by communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction. Your responsiveness to any issues and complaints that arise during and after the implementation is equally fundamental to the ultimate success of the installation.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
The ban on U.S. government usage of Chinese-made video surveillance products was signed into law last year and was scheduled to take effect a year later – on August 13, 2019. With that deadline looming, there are questions about whether government agencies and departments will comply in time. A year ago, the U.S. Congress passed, and the President signed, a ban on government uses of video surveillance equipment produced by two of the world’s top manufacturers – Hikvision and Dahua. The provision was buried in the National Defense Authorization Act (NDAA) for fiscal year 2019, which the President signed into law on August 13, 2018. The ban, which takes effect ‘not later than one year after … enactment’, applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. Tracking software to detect banned products Forescout Technologies, San Diego, California, provides software to track various banned devicesThe bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. One problem is identifying where the surveillance equipment is being used, which involves either a tedious manual process to search out the equipment or the installation of tracking software to identify it on the network. A federal Department of Homeland Security program called ‘Continuous Diagnostics and Mitigation’ requires use of a detection tool to find any banned products on a network. Forescout Technologies, San Diego, California, provides software to track various banned devices, but not all required agencies have complied with a mandate to secure their networks by tracking every connected device (only 35% had complied as of 2018.) “Without an automated, real-time tool that can detect all of the IT devices – computer or ‘other’ – on your network, there is simply no way to be 100 percent certain that you are compliant with these product bans,” says Katherine Gronberg, Forescout’s Vice President, Government Affairs. Difficult to determine device’s manufacturer Not all equipment is marked to identify its manufacturer; some has been rebrandedAnother problem is the existence of OEM agreements and other supply chain complications that can make it difficult to determine the manufacturer of any given device. A report by Bloomberg says: “A complex web of supply chain logistics and licensing agreements makes it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules.” Not all equipment is marked to identify its manufacturer; some has been rebranded. “There are all kinds of shadowy licensing agreements that prevent us from knowing the true scope of China’s foothold in this market,” said Peter Kusnic, a technology writer at business research firm The Freedonia Group. “I’m not sure it will even be possible to ever fully identify all of these cameras, let alone remove them. The sheer number is insurmountable.” Companies banned under NDAA The NDAA ban covers “public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” It bans “video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, [and] Dahua Technology Company (or any subsidiary or affiliate of such entities).” Hytera Communications is a Chinese digital mobile radio manufacturer. Huawei Technologies Co. equipment has also been banned, including the HiSilicon chips widely used in video cameras. In addition to banning the Chinese equipment in government installations, the NDAA also includes a ‘blacklist’ provision [paragraph (a)(1)(B)], which could be interpreted to extend the ban to companies that use Chinese-made products in other, non-government applications. Rulemaking on that aspect is still under way, including a public hearing in July.
Police in the United Kingdom have been testing the effectiveness of live facial recognition (LFR) for several years now, but future uses of the technology have been called into question. The Information Commissioner’s Office (ICO), an independent authority that seeks to uphold information rights in the public interest, has weighed in on issues of data privacy related to LFR, and Members of Parliament (MPs) have called for a moratorium on uses of the technology. The big question is whether the benefits of LFR outweigh its impact on privacy rights. Live facial recognition I believe that there needs to be demonstrable evidence that the technology is necessary" The House of Commons Science and Technology Committee has expressed concerns about bias, privacy and accuracy of facial recognition systems and urged the U.K. government to issue a moratorium on further live facial recognition trails until regulations are in place to address bias and data retention. According to Elizabeth Denham, U.K. Information Commissioner: “[Police trials of LFR] represent the widespread processing of biometric data of thousands of people as they go about their daily lives. And that is a potential threat to privacy that should concern us all.” Denham says live facial recognition (LFR) is a high priority area for ICO. “I believe that there needs to be demonstrable evidence that the technology is necessary, proportionate and effective considering [its] invasiveness,” she says. Potential public distrust “Any organisation using software that can recognise a face amongst a crowd and then scan large databases of people to check for a match in a matter of seconds, is processing personal data,” says Denham. General Data Protection Regulation (GDPR) wording specifies biometric data as a ‘sensitive’ category of personal information. London’s Metropolitan Police Service performed 10 trials of live facial recognition at various venues in 2016, 2017 and 2018. The London Police Ethics Panel reviewed the trials and concluded that additional use of the technology would be supported if certain conditions were met. One condition is if the “overall benefits to public safety [are] great enough to outweigh any potential public distrust in the technology.” Each deployment should be assessed and authorised as necessary and proportionate. Operators should be trained to understand associated risks and to be accountable, and there should be evidence that the technology does not promote gender or racial bias. Develop strict guidelines Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list The Ethics Panel also specified that both the Metro Police and Mayor’s Office for Policing and Crime should develop strict guidelines to ensure that deployments balance the benefits of the technology with the potential intrusion on the public. “We want the public to have trust and confidence in the way we operate as a police service, and we take the report’s findings seriously,” said Detective Chief Superintendent Ivan Balhatchet, who led the trials. In its 10 trials of live facial recognition, Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list. The system measured the structure of each face, including distance between eyes, nose, mouth and jaw to create facial data, which was used to match against the watch list. The system only kept faces matching the watch list, and only for 30 days. Non-matches are deleted immediately. More accurate identification An independent review of the trials, commissioned by the Metropolitan Police, concluded it is ‘highly possible’ that the Met’s ‘trial’ deployments would not satisfy the key legal test of being considered ‘necessary in a democratic society’ if challenged in the courts, according to U.K. human rights advocacy group Liberty. South Wales Police have partnered with NEC to formally pilot facial recognition technology. NEC’s real-time solution enables trained officers to monitor movement of people at strategic locations. “Facial recognition technology enables us to search, scan and monitor images and video of suspects against offender databases, leading to faster and more accurate identification of persons of interest,” says Assistant Chief Constable Richard Lewis. “The technology can also enhance our existing CCTV network in the future by extracting faces in real time and instantaneously matching them against a watch list of individuals, including missing people.” U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police Intrusive technology “We are very cognisant of concerns about privacy, and we are building in checks and balances into our methodology to reassure the public that the approach we take is justified and proportionate,” says Lewis. U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police over its use of facial recognition. “Facial recognition is an inherently intrusive technology that breaches our privacy rights,” says lawyer Megan Goulding at Liberty. “It risks fundamentally altering our public spaces, forcing us to monitor where we go and who with, seriously undermining our freedom of expression.” ICO’s Denham says any judgment resulting from the legal action will form an important part of ICO’s investigation and will be considered before ICO’s final findings are published. Information management South Wales Police offers the following assurance: “Data will only be retained as long as is necessary for a policing purpose, as per guidance within the Authorised Policing Practice on information management.” Facial recognition systems are yet to fully resolve their potential for inherent technological bias" One concern is that live facial recognition ‘discriminates’ against women and people of colour because it disproportionately misidentifies them, thus making them more likely to be subject to a police attention. ICO’s Elizabeth Denham comments: “Facial recognition systems are yet to fully resolve their potential for inherent technological bias; a bias which can see more false positive matches from certain ethnic groups.” Taking regulatory action ICO has also considered data protection ramifications of commercial companies using LFR. Denham says: “The technology is the same and the intrusion that can arise could still have a detrimental effect. In recent months, we have widened our focus to consider use of LFR in public spaces by private sector organisations, including where they are partnering with police forces. We will consider taking regulatory action where we find non-compliance with the law.” A 27-page U.K. Home Office Biometrics Strategy sets out an overarching framework within which organisations in the Home Office sector will consider and make decisions on the use and development of biometric technology. However, Biometrics Commissioner Paul Wiles says the document “doesn’t propose legislation to provide rules for the use and oversight of new biometrics, including facial images. Given that new biometrics are being rapidly deployed or trialed, this failure to set out more definitively what the future landscape will look like in terms of the use and governance of biometrics appears to be short-sighted.”
Workforce management systems gather and analyse information and anomalies from security officers in the field. The information ranges from direct observations entered via mobile or desktop apps by officers on duty to reports from cleaning staff, the maintenance department, and CCTV operators. Taken together, the information yields business intelligence and data analytics at no additional cost. Trackforce is a provider of workforce management solutions specific to the security industry and its unique operational requirements. From tracking guard tours to managing incidents and officers remotely, the platform improves officer accountability, optimises operations, and delivers actionable insights via a live dashboard to reduce vulnerabilities and enhance efficiencies. The platform is customisable and scales to each client’s business. Platform to control and identify risks “Corporate security teams deal with issues related to operational risk, facility security levels and design basis threats, and must contend with manmade, naturally occurring, and technological events,” says Guirchaume Abitbol, CEO and founder of Trackforce. “We provide them a platform that enables them to control and identify risks, deliver their service, and maintain security best practices.” Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications Trackforce serves large security guard companies and global organisations in diverse vertical market sectors and is expanding in facilities management. More than 200,000 professionals at over 20,000 customer sites in 45 countries use the platform. Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications, and generates data-rich analysis and key performance indicators (KPIs) that enhance monitoring and reporting. Reduces corporate risk Better management of corporate risk is a benefit of security workforce management. The Trackforce platform reduces corporate risk in four areas by: Managing multiple sites, located anywhere, with various threat levels, cultural differences, operating procedures, and regulations. Supporting a security budget and investment in new solutions by providing data necessary for budget approval. Keeping management informed about outsourced security services partners with relevant data, analytics, and transparency. Providing real-time data on risks and incidents so operations can be quickly optimised to ensure top-level security services. Identifying potential threats and risks The platform rapidly and accurately collates data (implied data or trends) based on user-selected parameters. Data- and intelligence-rich reports become available to managers from any location via a dashboard. All necessary information is displayed on a single screen in an uncluttered format.The ability to analyse current and historical data in real time empowers security managers to track patterns Reports can be downloaded and shared with stakeholders. The ability to analyse current and historical data in real time empowers security managers to track patterns, identify potential threats and risks, and implement preventative actions and strategies. Using data intelligence as benchmark Security teams will use data intelligence as a performance benchmark for resources required to accomplish site goals. They will also use this information to pilot and rationalise resource needs for impending contracts based on historical, descriptive (what happened), diagnostic (why did it happen), predictive (what will happen) and/or prescriptive data (how can we can make it happen). “For example, when a large company incurs incremental computer equipment theft, a supervisor can use the platform to review historical reports and identify patterns and anomalies,” says Abitbol. “The supervisor could then identify and proactively implement targeted strategies to mitigate the theft, such as modifying security routes, increasing patrols, or adjusting asset management protocols.” Enhanced control of security resources The Trackforce platform has been designed to serve clients at multiple regional and national locations and is available in many languages. The Command Center allows a security supervisor based at a central location to easily manage officers on multiple sites. The Command Center provides greater oversight and enhanced control of security resources The Command Center provides greater oversight and enhanced control of security resources. Management can compare locations and evaluate security with a customisable reporting dashboard for each site. The uniform platform uses the same reporting templates and processes for each secured and managed location, thus ensuring consistency and accurate benchmarking. Trackforce’s workforce management solution has low cost and presents a low barrier to entry, with systems that can be implemented in a short time.
Over 1,600 Wisenet cameras manufactured by Hanwha Techwin have been installed at Asia’s largest mega hub terminal in order to help operators monitor the movement of parcels and vehicles, as well as keep employees and visitors safe. With its nine decades of endless innovation, Korea’s logistics service provider, CJ Logistics, is leaping forward to become a pioneer by expanding its global networks to over 94 locations and entering the Thailand, Malaysia, China and Philippines markets. Video surveillance solution In June 2018, CJ Logistics opened Asia’s largest mega hub terminal in Gonjiam, Gyeonggi-do, South Korea. The terminal, which comprises two buildings with four floors above ground and two underground, occupies approximately 300,000sq metres, almost the size of 40 football stadiums. The total length of the facility’s conveyer belts is almost 43km, long as a full-course marathon The total length of the facility’s conveyer belts is almost 43km, which is as long as a full-course marathon. The terminal also has a state-of-the-art automation system, the first of its kind in Korea, which has increased the company’s daily handling capacity to 1.72 million parcels, four times higher than its competitors. CJ Logistics looked for a top-notch video surveillance solution which could match the terminal’s grand scale and the technically advanced automated facilities. Providing periphery monitoring After testing cameras from different manufacturers in the market, CJ Logistics chose Hanwha Techwin as its supply partner and have subsequently installed around 1,660 Wisenet cameras throughout the terminal. Wisenet X series IR PTZ cameras have been installed along the building exteriors, providing periphery monitoring 24/7 and auto tracking that enables precise monitoring across long distances, while IR illumination provides visibility even at night. Inside the buildings, around 1,400 Hanwha Techwin’s Wisenet Q series cameras were installed on the terminal’s ceilings and walls. The cameras are able to help detect any problems occurring to the automated conveyer systems which have a constant flow of parcels on them. They also oversee the movement of over 1,500 vehicles in and around the terminal and help create a safe working environment. Highly accurate recognition Wisenet X series bullet cameras, running license plate recognition (ANPR) software onboard, have been installed at the main gate of the terminal to enhance security at the entrances and exits, providing highly accurate recognition of license plates. These cameras enable effective vehicle monitoring within the terminal where cargo moves in and out around the clock, and are particularly useful in monitoring the main entrance. Both camera types are equipped with 12x optical zoom and 150dB WDR Wisenet X series bullet and PTZ cameras have been installed at indoor staircases and corridors of the office building. Both camera types are equipped with 12x optical zoom and the World’s best 150dB Wide Dynamic Range (WDR) which ensures clear images are captured from scenes that contain a challenging mix of bright and dark areas, normally causing overexposed or underexposed images. Intelligent video analytics As part of the Wisenet X series, these cameras feature intelligent video analytics and offer movement, loitering and intrusion detection. They are also equipped with audio analysis functionality which recognises critical sounds such as gunshots, explosions, screams and broken glass. “Thanks to the Hanwha Techwin’s Wisenet security solution, we were able to build a safe video surveillance system that can match the size and the cutting edge facilities of Asia’s largest logistics terminal,” said an official at CJ Logistics. “Now we can safeguard every corner of our terminal including vehicles, parcels, and personnel, not to mention indoor and outdoor spaces.”
As the largest and busiest commercial port in New Zealand, Port of Tauranga spans 190 hectares and handles in excess of 1500 ships and 840,000 TEU (Twenty-foot Equivalent Units) each year. The port is a bustling import and export gateway which relies on efficient processes and procedures to maintain superior operational activity. Being a large site, with unrivalled sea, road, and rail connections, Port of Tauranga has a strong focus on employing security and safety solutions which enhance and support workflow across the site. In 2004, Port of Tauranga faced new security challenges with the introduction of the International Ship and Port Facility Security Code (ISPS Code). Key security element The new code was developed following the attacks of September 11, 2001 on the United States, and prescribed new measures required by governments, ships, and ports, in order to continue shipping trade with North America. Gallagher’s access control system was installed at 12 road access gates Compliance with the ISPS code was enforced by Maritime New Zealand, giving ports throughout the country until the end of 2004 to become compliant with the new regulations. A key security element for Port of Tauranga to become ISPS compliant was restricting and controlling access on and off the port. Gallagher’s integrated access control solution was selected as the system to deliver this for Port of Tauranga. To manage the variety of entry and exit points, Gallagher’s access control system was installed at 12 road access gates, 4 rail access gates, and over 60 doors across the site. Access Control Solution Providing more than just standard card/reader access control, Gallagher’s Challenge feature gives the port an additional tier of security by utilising video integration. The Challenge solution enables operators the ability to check cardholder identities against a live image being taken at the access point. This feature reduced the number of staffed gates required, resulting in significant ongoing labour savings for Port of Tauranga. With a large number of people coming and going from the port on a daily basis, Port of Tauranga needed a robust system capable of effortlessly managing a large database. While the port has only 170 employees, there are currently 9,000 active cardholders. “A constant flow of trucks throughout the day is essential,” said Mike Letica, Manager of Security at the Port of Tauranga. “Trucks delivering containers cannot be backed up waiting.” The Gallagher access control solution, coupled with Gallagher’s Command Centre software platform, enables Port of Tauranga to restrict entry amongst the 9,000 cardholders to the specific areas they are authorised to work in, through the use of access groups and access zones. Plant washing facility The system provides the functionality for bulk changes to be easily applied to groups, ensuring the port staff’s database administration time is kept to a minimum. More than just controlling access on and off the site, Port of Tauranga needed an auditable trail of exactly who had accessed the site. Another key feature of Gallagher Command Centre being utilised by Port of Tauranga The Gallagher Command Centre platform provided the functionality for tailored reports on who had accessed zones and facilities, and at what time. “Some services available at the port, for example the plant washing facility and diesel pump, are billed back to the user” said Letica. “We needed a simple way of identifying users and this was achieved by having access control cards activate the facilities”. Another key feature of Gallagher Command Centre being utilised by Port of Tauranga is the scheduling function. Port security team Being able to adjust the access control schedule for the road and rail gates in support of peak operating times and statutory holidays provides greater control for the port security team, along with the ability to set schedules in advance. In 10 years, the operational activity at Port of Tauranga almost doubled. From approximately 32,000 trucks per month in 2004, to over 61,000 trucks and 24,000 cars per month in 2014, the volume and tonnage growth has been extensive. Despite both activity growth and site expansion, the Gallagher system has enabled Port of Tauranga to maintain the same number of security staff they had in 2004. Letica has confidence in the Gallagher solution supporting the port’s future expansion, “We believe we have a security system that has not only met our growth needs to date, but is going to continue to meet our needs in the future.”
Wintec (The Waikato Institute of Technology), established in 1924 is a major New Zealand Government-funded tertiary institution, which has three Hamilton campuses; a city site overlooking the central business district, Avalon campus on the northern outskirts of the city, and a horticultural campus at Hamilton Gardens. In addition, it has regional operations at Te Kuiti and Thames and also an office in Beijing. The Avalon campus, a ten-minute drive from the city, is home to specialist trades training facilities, a state-of the-art sport and exercise complex and custom designed facilities for the School of International Tourism, Hospitality and Events. The third Hamilton campus, the Horticultural Education Centre, is situated amidst the 58 hectares of Hamilton Gardens. On-line distance education Wintec’s programmes and qualifications are nationally and internationally recognised Wintec is one of the largest institutes of technology in New Zealand, and has more than 35,000 full-time and part-time students, more than 500 full and part time staff and eleven schools within its academic faculty. International enrolments exceed 1000 from 47 countries. A range of student services provide its domestic and international students with a high level of support so they enjoy a positive, safe and secure study experience. Wintec’s programmes and qualifications are nationally and internationally recognised and its degrees have equal status to those from universities. The degree programmes include Media Arts, Midwifery, Nursing, Occupational Therapy, Early Childhood Education, Business Studies, Engineering, Technology, Information Technology, and Sport and Exercise Science and a wide range of full and part time courses for those already in the workforce. Wintec is also recognised nationally in the delivery of on-line distance education for those unable to attend regular classes for reasons of geographical access or other constraints. Electronically controlled doors Wintec strives for a balance of unobtrusive yet robust control of site activity, essential for maintaining an open campus environment. Shane Goodall, Security Manager at Wintec, describes the approach to security as highly proactive and collaborative: “by focusing on preventing issues arising, we now have a minimal policing role and the crime resolution rate is high”. This environment is underpinned by Gallagher’s security system, a core access control, intruder alarms and integration platform. Wintec first installed the Gallagher system (formerly Cardax FT) in 1999 and has since migrated this legacy system to Gallagher’s latest security technology platform. Security for the entire organisation, including satellite sites, is managed and monitored centrally from Wintec’s single Gallagher security system. Since initial installation, Wintec’s Gallagher access control system has grown from 7 to 240 electronically controlled doors in 2009, with another 40 planned - testimony to the scalability and flexibility of the system. Network friendly system communications The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras Wintec has integrated its imaging system to the Gallagher system delivering a visual record which can be matched to the audit trail of events in Gallagher Command Centre software. The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras (both analogue and IP). Another compelling aspect of the system for Wintec is the scalability and TCP/IP network friendly system communications. As well as monitoring and controlling staff and student access, equipment including computers, TVs, printers, audio visual resources at Wintec are also monitored through the Gallagher system. The ‘Gallagher Hub’, a new computer laboratory offering comprehensive IT resources is open 24 hours. The Hub contains 125 workstations, and there are plans to extend that number. Active monitoring of equipment though the Gallagher system has significantly reduced theft. Students and staff have scheduled access to shared IT resources, classrooms and lecture theatres. Manage cardholder data ‘Cardholder Import’, an XML Interface, supports the importation of cardholder data including course enrolments from their student record system to Gallagher Command Centre. Shane comments, “Student card issuing is an automated process which is enrolment-driven – a student’s access privileges are assigned according to their enrolled courses.” “To implement this, we defined a rules-based allocation of access groups in the Gallagher system using the XML interface. The interface is ‘live’ so that changes in the student enrolments database are immediately reflected in the Gallagher system. The student’s updated access privileges come into effect without delay.” Staff that interact directly with students are now empowered to manage cardholder data enabling the security team to focus on security. Students and staff utilise Mifare SmartCard functionality extensively, embracing them as an integral multiapplication tool in their modern educational environment – SmartCards are used to issue resources from the library and as pre-stored value cards enabling prepaid printing and photocopying. In the near future they will also be used in Wintec’s Pay and Display car-park and potentially as passes onto city council buses. Electronic access control At Wintec, security is not viewed as a discrete functional activity relegated to security staff only Stewart Brougham, Director of Internationalisation at Wintec, says students have given very positive feedback about their ID cards. In particular, the ability to verify the identity of staff members from their ID access cards provides peace of mind for students. The end result is a people-friendly campus. Future enhancements of Wintec’s security may include the utilisation of the CommCard solution from Gallagher to manage and monitor access to student accommodation. CommCard is a unique high level integration between the Gallagher Command Centre software and Salto off-line readers, delivering offline, non-monitored electronic access control for lower security doors. An overriding philosophy of collaboration has seen Wintec take a lateral approach to security, the value of which many organisations have yet to realise. At Wintec, security is not viewed as a discrete functional activity relegated to security staff only. The ongoing management of security is a joint effort between the security services team and the information services team. Increasing operational security The security services team manages the Gallagher system while IT looks after back end functions such as installation on the network and backup. Wintec has leveraged the convergence of security (access control) and other operational business functions recognising the tremendous potential for reducing risk and increasing operational security, safety, performance and efficiency. Looking beyond simply controlling and monitoring who goes where and when on site, Wintec is harnessing the reporting capabilities of Gallagher Command Centre to meet regulatory requirements. The Gallagher system enables the institution to report on actual space utilisation (not just space booking). Decisions are made for best use, and also to substantiate funding, based on these reports. “The key to space utilisation reporting are the frequency of reporting and the integrity and reliability of information,” states Stewart Brougham. It’s a national issue for educational institutes in New Zealand. Extending external partnerships “For Wintec, reporting is about ensuring compliance with regulatory requirements and is also a staff time management issue – reducing the administration load on lecturers, who would otherwise have to track student attendance manually.” Brian Fleming, Director of Gallagher Channel Partner, Concord Technologies, sites this lateral application of a security system as key to maximising the value of Gallagher to Wintec. Wintec has a strong relationship with Gallagher in the ongoing development of its technologies This collaborative philosophy extends to proactive external partnerships with their Gallagher Channel Partner, Concord Technologies, for the installation and maintenance of the Gallagher system, and with system designer and manufacturer, Gallagher. Having signed an agreement to continue in the capacity of a Gallagher field test site, Wintec has a strong relationship with Gallagher in the ongoing development of its technologies. Wintec’s success, in the last 5 years, as a test site reflects the competence of both its IT and security staff and the institute’s commitment to edge student services. Minimal training has been required. Software maintenance agreement There is open communication and information sharing between all internal and external parties involved, which means any issues that arise can be quickly addressed. Wintec has committed to a site maintenance plan with their security partner, Concord Technologies. The plan incorporates both software and hardware maintenance to ensure the system is maintained on the latest operating platforms within a known cost structure. A Software Maintenance Agreement also ensures enhanced ongoing system performance and reliability of the Gallagher system. Acknowledgements Gallagher would like to acknowledge the support of Wintec and security partner, Concord, with the development of this in-site study. Gallagher would also like to particularly acknowledge and thank Shane Goodall for the pivotal role he plays in championing the collaboration of these parties and for his outstanding support of the Northern Region Cardax User Group (NZ) in the capacity of Chairman of the group.
Todd Burgess has an easy answer when asked why he’s used a March Networks video solution in his Quik-E Food convenience stores for more than 15 years. “It’s simple. The system is constantly saving us money.” Networking and IT In his role as Vice President of Quik-E Food Stores, Burgess oversees all the networking and IT requirements for the Lynchburg, Virginia business, which includes 13 convenience stores and gas stations, six car washes, a laundromat and a craft beer pub called The Filling Station known for its unique combination of ‘growlers, grub and gas’. Finding those incidents and stopping them quickly can directly impact Quik-E’s profitability While many things about the family-owned business have changed since its founding in 1973, the need to keep a close eye on each location’s inventory hasn’t. Like every retail organisation, Quik-E can cite numerous examples of theft, fraud and inventory errors that have cost the business thousands of dollars in lost revenue. Finding those incidents and stopping them quickly can directly impact Quik-E’s profitability, and that’s where its March Networks intelligent video solution really proves its worth. Video system helps curb thefts “I can’t tell you how many thefts I’ve caught with the help of our video system,” said Burgess. “I had a former employee just finish paying me back $13,000 they owed us in stolen goods, and we recently caught another employee who was stealing probably $50 worth of cigarettes each day.” “And just this morning I was reviewing video of a weekly delivery with one of our managers,” continued Burgess. “We were able to confirm that we’d been charged for $77 worth of gloves that we didn’t actually receive. The video showed the delivery guy come into the store and put everything down. Two boxes of gloves is easy to spot, so it was obvious that that portion of the delivery was missing.” Quik-E Food Stores has upgraded its video solution over the years and Burgess uses the Searchlight software regularly to check for any unusual or suspect transactions and review the data when an incident occurs New software capabilities Over the years, Quik-E Food Stores has upgraded its video solution to take advantage of better performance and new software capabilities. The March Networks video recorders first installed more than a decade ago have been slowly replaced by new generation 8000 Series Hybrid NVRs, able to support both analogue and IP cameras or a full complement of IP-only video. Hosted networking solution Burgess has also overseen the transition from older Visual Intelligence software to March Networks Command Enterprise software working with Integrated Technology Group (ITG), the retailer’s long-time systems integrator and March Networks certified partner. That’s in addition to moving the organisation from office servers to a hosted networking solution and switching from an existing point-of-sale (POS) system to a new Gilbarco Passport POS solution. “We’ve been proactive about upgrading our IT infrastructure over the last few years, and our video system has always come back online, except in one instance where we couldn’t get the cameras connected again in a couple of locations,” said Burgess. “March Networks Tech Support was wonderful. They managed to diagnose the issue, which wasn’t related to the video products in the end. They were just a big help.” March Networks Searchlight™ Burgess says that he’s a satisfied customer and he won’t be looking for another video solution anytime soon Quik-E is also using March Networks Searchlight™ for retail, a software application that integrates surveillance video with the retailer’s POS transaction data to provide powerful search and investigation tools. Burgess uses the Searchlight software regularly to check for any unusual or suspect transactions and review the data when an incident occurs. “I use Searchlight primarily to look for voids and cancellations, or high dollar value transactions,” said Burgess. “We actually just used it to help catch a manager who probably stole thousands of dollars from us. I knew I was short in inventory, so I pulled up the video and transaction data to see if things were being rung up. It was clear they were not and we had the evidence to prove it. Now we’ll use that evidence to hopefully recoup our losses.” Satisfied customer Ultimately, Burgess says that he’s a satisfied customer and he won’t be looking for another video solution anytime soon. “I think it’s one of the best video surveillance systems on the market. March Networks has been good to me over the years and I’m a very happy customer.”
Avigilon Corporation, a Motorola Solutions company, announces that the New Bedford Housing Authority (‘NBHA’) in Massachusetts, USA has selected Avigilon video security solutions to help improve safety and reduce crime within its community. With close to 1,750 federal public housing units and 748 state aided units, the NBHA services over 6,000 individuals by providing safe, well-maintained and affordable housing units. New Bedford has faced challenges related to crime, which prompted the NBHA to seek out a security system that delivers actionable results to increase public safety throughout its community. Monitor critical areas The NBHA has deployed a complete Avigilon solution to monitor 13 of its properties throughout the city The NBHA has deployed a complete Avigilon solution to monitor 13 of its properties throughout the city. The system includes more than 125 Avigilon cameras and Avigilon Appearance Search™ technology, which is powered by AI to help enable security officers to quickly sort through hours of video with ease to locate a specific person or vehicle of interest across an entire site or multiple sites that are connected to the same Avigilon Control Center™ client software. “Our goal is to provide a safe environment for our residents and deploying an Avigilon system has allowed us to monitor critical areas more efficiently and respond more quickly,” said Steven Beauregard, executive director of NBHA. Video security solutions “So far, the results are tangible as we’ve made great strides in improving the safety and security of our communities.” “The NBHA is taking significant action to proactively address crime and other security concerns to help protect what matters most: its residents,” said Ryan Nolan, senior vice president, Commercial Operations of Avigilon. “By using our AI-powered video security solutions they are able to increase the effectiveness of their security system and provide a new level of public safety.”
One French town just north of Paris faced familiar key management challenges. Each person in their Municipal Technical Centre had to carry approximately forty physical keys. If a single key was lost or stolen, for even one door, all compromised cylinders had to be changed. To prevent unauthorised access, all the keys had to be replaced, too — at great expense. Key duplication costs were mounting. “One lost key cost from €3,000 to €4,000 for changing cylinders and replacing the keys,” explains Fabrice Girard, Territorial Technician at the Villiers-le-Bel Municipal Technical Centre. Administrators can program access rights for every CLIQ key, padlock or cylinder using the Web ManagerTo fix their expensive lost key problem, Villiers-le-Bel city administrators chose to combine ABLOY’s mechanical PROTEC2 and CLIQ electromechanical locking within the same flexible, key-based access control system. Almost 500 CLIQ wireless cylinders, 850 programmable, battery-powered CLIQ keys, plus programming devices and wireless CLIQ padlocks, have been deployed in a multi-year, rolling upgrade programme. CLIQ Web Manager software Now, with CLIQ, lost or stolen keys are cancelled instantly using the CLIQ Web Manager software. The Web Manager works securely inside a standard browser, with no software installation needed. Administrators can program access rights for every CLIQ key, padlock or cylinder using the Web Manager. They filter access to specific sites and doors according to the precise needs of every city employee. “CLIQ Web Manager is a very easy and pleasant system to use every day,” says Fabrice Girard. CLIQ also saves time for the city’s security team, because staff no longer must return to the Technical Centre to collect the keys for multiple sites. Authorised users carry a single, programmable, battery-powered CLIQ key, where all their individually tailored access rights are stored. Wireless system to enhance safety Using the CLIQ Web Manager, security staff can track exactly who has been granted access to every school site“We wanted a wireless system with reduced maintenance costs and increased safety,” adds Fabrice Girard. “CLIQ met all these requirements.” The city has already rolled out CLIQ beyond their Municipal Technical Centre to 10 local schools. Using the CLIQ Web Manager, security staff can track exactly who has been granted access to every school site — critical for these sensitive premises and to improving overall school safety. Plans are in place to equip Villiers-le-Bel’s 12 remaining schools with CLIQ within 2 to 3 years, including canteens and boiler rooms. Because CLIQ can be deployed and scaled flexibly, the city’s dedicated security budget funds this gradual extension of their CLIQ system.
Round table discussion
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?
ISC West 2019 is in the industry’s rear-view mirror, and what a show it was! The busy three days in April offered a preview of exciting technologies and industry trends for the coming year. We asked this week’s Expert Panel Roundtable: What was the big news at ISC West 2019?
Security software: Manufacturers & Suppliers
- ACT Security software
- Milestone Security software
- Vicon Security software
- DSX Security software
- Hanwha Techwin America Security software
- Gallagher Security software
- HID Security software
- TDSi Security software
- Bosch Security software
- Nedap AEOS Security software
- CEM Security software
- CCTV Software Security software
- Software House Security software
- PAC Security software
- Honeywell Security Security software
- FLIR Systems Security software
- Panasonic Security software
- Dallmeier Security software
- IDTECK Security software
- Geutebruck Security software