BitSight, the Standard in Security Ratings, announced BitSight Enterprise Analytics, the latest Security Performance Management solution available on the BitSight platform. BitSight Enterprise Analytics helps security and risk leaders quickly gain insight into the impact of risk introduced at the organisational group level – from subsidiaries to business units and departments – enabling them to identify the areas of highest risk concentration within their organisations. The solution...
The Milestone Technology Partner Program, which formalises a high level of cooperation between Milestone and manufacturers such as Hanwha Techwin, comes with a rich set of benefits and well-defined requirements. The main objective of the Program which has three levels, with ‘Platinum’ being the highest, is to ensure that mutual end-user clients are able to achieve maximum value from their video surveillance systems. Video surveillance solutions “We are delighted to be acknow...
Boon Edam Inc., a pioneer in security entrances and architectural revolving doors, announces they are emphasising the theme of tailgating mitigation and integration in booth #1103 at the GSX (formerly ASIS) exhibition in Chicago, Illinois from September 10-12. GSX is an annual event that brings together over 20,000 participants from across the security profession for a week of networking, educational opportunities and discovering the latest security solutions. Boon Edam is also the official tur...
Antaira Technologies is a developer and manufacturer of industrial networking devices and communication solutions for harsh environment applications and is proud to announce the expansion of its industrial networking infrastructure family with the introduction of the LMP-1802G-SFP and LMX-1802G-SFP Series. Antaira’s LMP-1802G-SFP and LMX-1802G-SFP series are industrial-grade equipment that is Ethernet ready to fulfil various markets’ edge-level networking applications in harsh and o...
One can customise the way they want to run their own CLIQ® access control installation. The CLIQ® Web Manager makes it easy to program, reprogram or audit every CLIQ® key, cylinder, padlock or updater. And because the interface is accessible from anywhere with a Web connection, via secure login over https:// and multifactor authentication if required, one can manage access whenever and wherever they choose. ASSA ABLOY’s intuitive CLIQ® Web Manager boosts one's efficiency....
Keysight, the test and measurement vendor introduces its new Automotive Cybersecurity Program that delivers a broad cybersecurity portfolio, including hardware, software and services, to address the growing concern of cyber-attacks on connected vehicles. The cyber world is increasingly impacting the safe operation of automobiles, opening the risks of exposure, including malicious hacker activities. The new reality is that cyber-attacks against automobiles could result in the loss of human life....
Digital Defense, Inc. and The University of Texas at San Antonio (UTSA) Department of Computer Science jointly announced a partnership that will provide students and faculty with access to an award-winning cloud-based information security platform to further enrich the students’ cybersecurity education. UTSA students and faculty will be able to utilise Digital Defense’s flagship Frontline.Cloud platform to evaluate the security posture of applications, systems and networks in classroom and lab environments both on and off campus. With Frontline.Cloud, students will not only be able to assess the security posture of software applications and systems they build and run on lab networks, but when coupled with the supervision and course curriculum provided by UTSA faculty, they will also learn how to use industry recognised tools to establish and execute an effective vulnerability lifecycle management program. Testing for hidden threats on target networks These systems will provide students with vulnerability and web application scanning capabilitiesUTSA will have access to three different systems available on the Frontline.Cloud platform. These systems will provide students with vulnerability and web application scanning capabilities, and Digital Defense’s new threat scanning solution (Frontline Active Threat Sweep), which allows testing for hidden threats on target networks. Mark Robinson, assistant professor in practice in the UTSA College of Sciences, will use the Frontline.Cloud platform in the classroom with his students this fall. “As the home of the nation’s top program in cybersecurity, UTSA is committed to developing partnerships that provide our students with unparalleled learning experiences so they can become the most competitive candidates in the marketplace,” said Robinson. “Frontline.Cloud is an incredibly powerful platform with a host of capabilities that will allow UTSA students and researchers to test their systems, applications and networks before they move into a production-style environment. We are also excited to evaluate integration possibilities for Frontline.Cloud into our security research and competitive events.” Enhanced classroom cybersecurity learning As a Security SaaS platform technology firm, Digital Defense is pleased to provide Frontline.Cloud's access to UTSA"“The alliance of our two San Antonio-based organisations is a natural fit,” states Larry Hurtado, president & CEO at Digital Defense. “We are excited to extend our existing relationship with UTSA, primarily focused on making paid internships available to UTSA students, to one that includes assisting UTSA faculty and students with more enhanced classroom cybersecurity learning. “As a global Security SaaS platform technology firm, Digital Defense is pleased to provide access to Frontline.Cloud to UTSA, one of the world’s leading cybersecurity education institutions. Working together with UTSA, we are able to provide a hands-on experience to students, enabling them to solve real-world information security challenges in a classroom setting. These types of skills are in high demand and the future will now be even brighter for these individuals as they enter the workforce.” Security research units of UTSA The UTSA Department of Computer Science offers bachelor’s, master’s and doctoral degrees supporting a dynamic and growing program with over 1,300 undergraduates, 74 master’s students and 67 doctoral students. The department’s research and experimental facilities are supported by federal research and infrastructure grantsIts major research units include the Institute for Cyber Security, which operates the FlexCloud and FlexFarm laboratories dedicated to both basic and applied cybersecurity research, and the Center for Infrastructure Assurance and Security (CIAS), which focusses on the cybersecurity maturity of cities and communities while also conducting national cyber security defence competitions for college and high school students. The department’s research and experimental facilities are supported by federal research and infrastructure grants. San Antonio is home to one of the largest concentrations of cybersecurity experts and industry leaders outside Washington, D.C., which uniquely positions the city and UTSA to lead the nation in cybersecurity research and workforce development.
Videonetics, the visual computing platform development company, announces that it ranked amongst top 5 Video Management Software providers in Asia market with the market share of 5.4%, according to a recently released report released by IHS Markit. IHS Markit is a provider of critical information, analytics and expertise to forge solutions for the major industries and markets that drive economies worldwide. Rankings are adjudged using a robust rating scale and evaluated on based on percentage revenue growth, competitive advantage, size and innovation capabilities over the year. Achieve widespread adoption Commenting on the achievement, Dr. Tinku Acharya, Fellow IEEE, Founder & MD, Videonetics, “It is a prestigious honour to be recognised as an industry leader in VMS by IHS Markit. This recognition validates our drive for high performance, innovation, differentiation and global scalability.” We’ve always strived to bring more value to our partners, integrators and customers" “Building upon our award winning and patented AI & deep learning framework, we continue to achieve widespread adoption of our Unified Video Computing Platform (UVCP™), in smart & safe cities, aviation, industrial, education, BFSI, retail, healthcare sectors”, he further added. Mr. Avinash Trivedi, VP – Business Development, Videonetics expressed, “We’ve always strived to bring more value to our partners, integrators and customers. I would like to dedicate this achievement to them for their continued support, commitment and excellent contribution to Videonetics growth”. Unique forensic investigation Videonetics Intelligent Video Management Software (IVMS) is an open architecture, agnostic, scalable and modular video management and analytics software. IVMS provides enterprise-class features without discriminating on the size of the project and manages the video effectively, optimally and securely. IVMS offers flexible deployment environments to suit your preferences, needs and budget. Powered with DeeperLook™ - Videonetics’ AI & DL platform offering unique forensic investigation and video evidence features, IVMS is an ideal software solution for challenging security needs of an organisation. IVMS is a part of Videonetics’ patented Unified Video Computing Platform (UVCP™) which brings together other applications such as deep learning based video analytics, intelligent traffic management and face recognition to address all of the video computing requirements. IVMS offers true open architecture to enable easy 3rd party integrations with various sub systems such as access control, fire alarm systems, SCADA, intrusion detection, ICCC, C4I and IBMS systems.
Digital Barriers and Capita have announced that they have signed a global strategic partnership to integrate their full suite of technology solutions, including live facial recognition with Capita’s control room solutions for emergency services. Facial recognition tech integration The agreement will see Digital Barriers’ ultra-low bandwidth live video streaming, body-worn camera, video analytics and live facial recognition technology integrated with Capita’s control room solutions for the emergency services, critical responders and national infrastructure providers. It will also be integrated with Capita’s digital evidence management platform. The collaboration means that facial recognition results can be shown in control rooms alongside other information The collaboration means that facial recognition results can be shown in control rooms alongside other information, and ultra-low bandwidth streaming will provide new ways to view emergencies from the control room, making the job of operators easier and ensuring the right resources are sent to help. Edge-intelligent solutions Under the terms of the agreement, Digital Barriers’ edge-intelligent solutions, which are already used by government and commercial organisations in more than sixty countries, will be made available through Capita’s global network. Digital Barriers will also promote Capita’s ControlWorks and VisionDS control room offerings via its own channels. Digital Barriers - Capita partnership Paul Eggleton, Managing Director of Capita Secure Solutions and Services said, “We are very excited to be signing this agreement with Digital Barriers. The integration of this technology with our portfolio truly sets us apart in being able to offer the best facial recognition technology to our customers around the world.” Zak Doffman, CEO of Digital Barriers added, “This is the perfect time to partner with Capita as there is strong demand from law enforcement for technological advancements that promote officer safety and efficiency. We look forward to working in close collaboration to further accelerate our international growth.”
Expansion of the Aqua-Pivotal collaboration delivers comprehensive security for application development and production environments on PCF. Aqua Security, global platform provider for securing container-based and cloud native applications, has announced the public release of Aqua Security’s runtime protection for Pivotal Cloud Foundry (PCF). Users of Pivotal’s platform can download and install the Aqua Security for PCF service from Pivotal Services Marketplace, and deploy an end-to-end solution for scanning, application assurance and runtime protection for their application workloads. Cloud Foundry Application Runtime PCF includes a widely deployed distribution of Cloud Foundry Application Runtime (CFAR) and allows customers to implement the same application platform on any major vendor’s cloud, on premises or in a hybrid model. “No matter where they began their journey with Pivotal, enterprises routinely begin pushing code into production faster and more frequently with our platform. Therefore, application security checks must be accessible within the deployment pipeline in order to scale safety and compliance,” said Angus MacDonald, GM Technology Ecosystem at Pivotal. Aqua Security for PCF service “Solutions such as Aqua provide the automation and controls necessary. Together, we hope to make the task of implementing end-to-end security simpler for our customers," Angus further states. Aqua Security for PCF is offered in two tiers – standard and advanced protection. The standard tier allows users to: Scan their applications for vulnerabilities during the Continuous Integration process Provision policies to block unauthorised applications during the staging phase Scan and monitor application or container artifacts for vulnerabilities, malware, and user activity Apply host assurance policies for application or container artifacts Aqua’s advanced protection tier includes all of the standard features with an added layer of security, allowing users to: Detect and block unapproved changes to running application workloads Monitor and control application activity based on customised policies View application network connections and apply firewall rules that whitelist authorised connections Leverage granular audit trails of access activity, scan events and coverage, application activity and system events Advanced runtime protection component Aqua Security for PCF installs natively as a Buildpack (containing the languages and services used by the app) Aqua Security for PCF installs natively as a Buildpack (containing the languages, runtimes, libraries, and services used by the app), and the advanced runtime protection component is implemented as a Bosh add-on, protecting all Pivotal Application Service apps without requiring any manual changes or individual re-deployments of Aqua per application. “Since introducing scanning for Pivotal Cloud Foundry last year, we have seen tremendous interest in the PCF platform at some of our largest customers”, said Upesh Patel, VP of Business Development for Aqua. “As they progressed in their application rollouts, they are now looking to protect their production-grade applications as well, and we are pleased to deliver the complete Aqua solution for Pivotal Cloud Foundry today.” Pivotal customers can get Aqua Security for PCF directly from the Pivotal services marketplace.
According to a recent report published by business intelligence provider IHS Markit, Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions, has become one of the fastest growing providers of access control software in the world. The IHS report showed Genetec rising to the number 3 position in the Americas region (with a 45% growth in business in the region), and to the number 6 position globally in 2018. According to the report Access Control Intelligence Service Annual Update for Global and Regional Databases 2019, “The advanced analytical capabilities of Genetec Security Center software have led Genetec to take market share from competitors, and several traditional access control equipment manufacturers have partnered with Genetec to take advantage of their superior software capabilities. As a result, the Genetec software business grew nearly 45% in the Americas in 2018 to reach a 7.8% market share in the region.” Unified access control platform “Broad adoption of Genetec Synergis demonstrates that our focus on offering a unified enterprise-class access control platform is putting us in a strong, leadership position. Genetec is capturing market share based on innovative technology and this is resulting in strong organic growth of our access control business worldwide,” said Thibaut Louvet, Product Group Director, Access Control. According to IHS Markit (2017 Video Surveillance Market Share Database, 2017 Access Control Intelligence Database, and 2018 ANPR & Detection Sensors Report), Genetec is the only security and public safety solutions developer to hold top-10 global rankings across all physical security industry sectors including video management software (VMS), access control software, and automatic license plate recognition (ALPR) software.
Milestone Systems recently received the Security Equipment Approval from the Security Industry Regulatory Agency (SIRA) of Dubai. SIRA is a government body regulating the security industry in the Emirate of Dubai, providing protection to the community using preventive security systems and precautionary measures. Video Guard security system Video Guard, an initiative by SIRA is specialised in monitoring security cameras in buildings, in the case of a problem or dysfunction. The video guard system will monitor security cameras in Dubai and provide direct notification to SIRA Clients and system maintenance companies. If VSS faults are detected, an alert is sent to user and service provider by email and SMS for immediate action. This program will make sure that all cameras are operating as per expectations and regulations. Based on a true open platform, Milestone XProtect shows its endless integration possibilities The Milestone XProtect Corporate, XProtect Expert and XProtect Professional+ video management software (VMS) are the first major VMS’ to be officially approved from SIRA. Based on a true open platform, Milestone XProtect shows its endless integration possibilities and strengths to embed third-party applications and business systems through the Milestone Integration Platform (MIP). Milestone Husky X8 NVR The Milestone Husky X8, a high performing network video recorder offering astonishing performance and extreme reliability, has also been certified by SIRA. This seal of approval is very important, as it helps customers identify solutions which live up to the UAE authorities’ requirements and the standards defined by SIRA. Milestone Systems is a globally renowned provider of open platform video management software; technology that helps the world see how to ensure safety, protect assets and increase business efficiency. The open platform technology enables the most extensive global partner community and drives collaboration and innovation in the development and use of network video. Reliable, scalable solutions In the Middle East since 2008, Milestone is a global company with reliable and scalable solutions that are proven in more than 150,000 sites worldwide. Since every installation is different, Milestone software is highly adaptable and can accommodate the changing needs of any businesses. Through the extensive partner network, customers have the ability to choose the optimal cameras, the best infrastructure and the prime third-party solutions suited to individual and changing needs. This provides the industry’s broadest knowledgebase only a local call away – important in distributed installations covering large geographic areas.
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The extensive analysis and discussion preceding any decision to implement a new physical security solution – whether it’s hardware, software or a combination of both – often focuses on technology, ROI and effectiveness. When it comes to deciding what type of security entrances to install at your facility, you will almost certainly also consider the aesthetics of the product, along with throughput and, if you’re smart, you’ll also look into service concerns. Each of these factors has its important place within the evaluation process, and none should be overlooked as they all have a significant effect on how well your entrances will perform once they are installed. Culture influences door solution decisions How significant will the change from current entrances to security entrances be for employees? Still, one additional factor actually trumps everything: if you have not considered your organisation’s culture in choosing a security entrance, you may be missing the most important piece of the puzzle. Culture is a part of every other decision factor when selecting an entry solution. Before you make a decision about what type of entrance to deploy, you need to consider and understand the values, environment and personality of your organisation and personnel. For example, how significant will the change from current entrances to security entrances be for employees? If people are accustomed to simply walking through a standard swinging door with no access control, this will be a culture change. Beyond this, whether you are considering a type of turnstile, a security revolving door or possibly a mantrap portal, simply walking through it will be a significant change as well. Training employees on door security You’ll want to know whether employees have ever used security entrances before. If these types of entrances are in place in another part of the facility, or in a facility they’ve worked in at an earlier time, the adjustment will not be as great as if they’ve never used them at all. Consider, too, how your personnel typically react to changes like this in the organisation or at your facility. They may be quite adaptable, in which case there will be less work to do in advance to prepare them. However, the opposite may also be true, which will require you to take meaningful steps in order to achieve buy-in and train employees to properly use the new entrances. With the increased importance of workplace security, discussing new entrances with workforces will help maintain a safer environment Communicate through the decision-making process All of this will need to be communicated to your staff, of course. There are a number of ways to disseminate information without it appearing to come down as a dictate. Your personnel are a community, so news about changes should be shared rather than simply decreed. As part of this process, you’ll need to give some thought to the level of involvement you want for your staff in the decision-making process. Finally, do not overlook the special needs among your personnel population. You undoubtedly have older individuals on staff, as well as disabled persons and others who bring service animals to the office. Entrances need to be accessible to all, and you never want to be in the position of having a gap in accessibility pointed out to you by the individual who has been adversely affected. New security entrance installation By communicating early and often with your personnel, you can alleviate a great deal of the anxiety Once you have made the decision about which security entrances to install, training your personnel on how to use the new security entrances – both before and after the installation – will help to smooth the transition. Because workplace security is such a big issue right now, it makes sense to discuss the new entrances in the context of helping to maintain a safer environment. They will prevent violent individuals from entering, decrease theft, and most of all, promote greater peace of mind during the workday. If you can help them take control of their own safety in a responsible way, you have achieved much more than just a compliant workforce. By communicating early and often with your personnel, you can alleviate a great deal of the anxiety and concern that surrounds a significant change in the work environment. Schedule group meetings Consider your employees; what type of communications do they respond best to? A few suggestions to educate staff on the benefits of the new entrances include: Typically, you would communicate a general message 2-3 months in advance and then provide more specific information (for example, impacts to fire egress, using certain entrances during construction) in a follow up message closer to the installation date. Schedule group meetings to: announce the rationale for increased security, share statistics on crime, review the new security changes that are coming, show drawings/photos of the new doors/turnstiles, and show the orientation videos available from the manufacturer. These meetings are an excellent way to work through user questions and directly address any concerns. Once the installation of a new security system is complete, it is a good idea to have an "ambassador" on board to help employees use these new systems Ensure you monitor public areas If you are implementing a lot of new changes, such as a new access control system, new guard service and security entrances, you might consider hosting a ‘security fair’ on a given day and have the selected vendors come for a day with tabletop displays to meet employees and answer questions during their lunch. This could be a great way to break the ice in a large organisation. Make user orientation videos (provided by the manufacturer) available in several ways, for example: Intranet Site Monitors in public areas—lounges, cafeteria, hallways, etc. Send to all staff as email attachments Immediately after installation, once the doors or turnstiles are operational but before they are put into service, train ‘ambassadors’ on how to use the door/turnstile. Have these people monitor and assist employees during peak traffic times. What is the ultimate success of the installation? By communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction If you have thousands of employees, consider dividing them into groups and introduce the new entrance to one group at a time (Group A on Monday, Group B on Tuesday, etc.) to allow a little extra orientation time. Place user education ‘quick steps’ posters next to the door/turnstiles for a few weeks to help employees remember the basic steps and guidelines, e.g., ‘stand in front of the turnstile, swipe badge, wait for green light, proceed.’ Ask your manufacturer to provide these or artwork. While there are always going to be people who are resistant to change, by communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction. Your responsiveness to any issues and complaints that arise during and after the implementation is equally fundamental to the ultimate success of the installation.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
The ban on U.S. government usage of Chinese-made video surveillance products was signed into law last year and was scheduled to take effect a year later – on August 13, 2019. With that deadline looming, there are questions about whether government agencies and departments will comply in time. A year ago, the U.S. Congress passed, and the President signed, a ban on government uses of video surveillance equipment produced by two of the world’s top manufacturers – Hikvision and Dahua. The provision was buried in the National Defense Authorization Act (NDAA) for fiscal year 2019, which the President signed into law on August 13, 2018. The ban, which takes effect ‘not later than one year after … enactment’, applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. Tracking software to detect banned products Forescout Technologies, San Diego, California, provides software to track various banned devicesThe bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. One problem is identifying where the surveillance equipment is being used, which involves either a tedious manual process to search out the equipment or the installation of tracking software to identify it on the network. A federal Department of Homeland Security program called ‘Continuous Diagnostics and Mitigation’ requires use of a detection tool to find any banned products on a network. Forescout Technologies, San Diego, California, provides software to track various banned devices, but not all required agencies have complied with a mandate to secure their networks by tracking every connected device (only 35% had complied as of 2018.) “Without an automated, real-time tool that can detect all of the IT devices – computer or ‘other’ – on your network, there is simply no way to be 100 percent certain that you are compliant with these product bans,” says Katherine Gronberg, Forescout’s Vice President, Government Affairs. Difficult to determine device’s manufacturer Not all equipment is marked to identify its manufacturer; some has been rebrandedAnother problem is the existence of OEM agreements and other supply chain complications that can make it difficult to determine the manufacturer of any given device. A report by Bloomberg says: “A complex web of supply chain logistics and licensing agreements makes it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules.” Not all equipment is marked to identify its manufacturer; some has been rebranded. “There are all kinds of shadowy licensing agreements that prevent us from knowing the true scope of China’s foothold in this market,” said Peter Kusnic, a technology writer at business research firm The Freedonia Group. “I’m not sure it will even be possible to ever fully identify all of these cameras, let alone remove them. The sheer number is insurmountable.” Companies banned under NDAA The NDAA ban covers “public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.” It bans “video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, [and] Dahua Technology Company (or any subsidiary or affiliate of such entities).” Hytera Communications is a Chinese digital mobile radio manufacturer. Huawei Technologies Co. equipment has also been banned, including the HiSilicon chips widely used in video cameras. In addition to banning the Chinese equipment in government installations, the NDAA also includes a ‘blacklist’ provision [paragraph (a)(1)(B)], which could be interpreted to extend the ban to companies that use Chinese-made products in other, non-government applications. Rulemaking on that aspect is still under way, including a public hearing in July.
Police in the United Kingdom have been testing the effectiveness of live facial recognition (LFR) for several years now, but future uses of the technology have been called into question. The Information Commissioner’s Office (ICO), an independent authority that seeks to uphold information rights in the public interest, has weighed in on issues of data privacy related to LFR, and Members of Parliament (MPs) have called for a moratorium on uses of the technology. The big question is whether the benefits of LFR outweigh its impact on privacy rights. Live facial recognition I believe that there needs to be demonstrable evidence that the technology is necessary" The House of Commons Science and Technology Committee has expressed concerns about bias, privacy and accuracy of facial recognition systems and urged the U.K. government to issue a moratorium on further live facial recognition trails until regulations are in place to address bias and data retention. According to Elizabeth Denham, U.K. Information Commissioner: “[Police trials of LFR] represent the widespread processing of biometric data of thousands of people as they go about their daily lives. And that is a potential threat to privacy that should concern us all.” Denham says live facial recognition (LFR) is a high priority area for ICO. “I believe that there needs to be demonstrable evidence that the technology is necessary, proportionate and effective considering [its] invasiveness,” she says. Potential public distrust “Any organisation using software that can recognise a face amongst a crowd and then scan large databases of people to check for a match in a matter of seconds, is processing personal data,” says Denham. General Data Protection Regulation (GDPR) wording specifies biometric data as a ‘sensitive’ category of personal information. London’s Metropolitan Police Service performed 10 trials of live facial recognition at various venues in 2016, 2017 and 2018. The London Police Ethics Panel reviewed the trials and concluded that additional use of the technology would be supported if certain conditions were met. One condition is if the “overall benefits to public safety [are] great enough to outweigh any potential public distrust in the technology.” Each deployment should be assessed and authorised as necessary and proportionate. Operators should be trained to understand associated risks and to be accountable, and there should be evidence that the technology does not promote gender or racial bias. Develop strict guidelines Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list The Ethics Panel also specified that both the Metro Police and Mayor’s Office for Policing and Crime should develop strict guidelines to ensure that deployments balance the benefits of the technology with the potential intrusion on the public. “We want the public to have trust and confidence in the way we operate as a police service, and we take the report’s findings seriously,” said Detective Chief Superintendent Ivan Balhatchet, who led the trials. In its 10 trials of live facial recognition, Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list. The system measured the structure of each face, including distance between eyes, nose, mouth and jaw to create facial data, which was used to match against the watch list. The system only kept faces matching the watch list, and only for 30 days. Non-matches are deleted immediately. More accurate identification An independent review of the trials, commissioned by the Metropolitan Police, concluded it is ‘highly possible’ that the Met’s ‘trial’ deployments would not satisfy the key legal test of being considered ‘necessary in a democratic society’ if challenged in the courts, according to U.K. human rights advocacy group Liberty. South Wales Police have partnered with NEC to formally pilot facial recognition technology. NEC’s real-time solution enables trained officers to monitor movement of people at strategic locations. “Facial recognition technology enables us to search, scan and monitor images and video of suspects against offender databases, leading to faster and more accurate identification of persons of interest,” says Assistant Chief Constable Richard Lewis. “The technology can also enhance our existing CCTV network in the future by extracting faces in real time and instantaneously matching them against a watch list of individuals, including missing people.” U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police Intrusive technology “We are very cognisant of concerns about privacy, and we are building in checks and balances into our methodology to reassure the public that the approach we take is justified and proportionate,” says Lewis. U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police over its use of facial recognition. “Facial recognition is an inherently intrusive technology that breaches our privacy rights,” says lawyer Megan Goulding at Liberty. “It risks fundamentally altering our public spaces, forcing us to monitor where we go and who with, seriously undermining our freedom of expression.” ICO’s Denham says any judgment resulting from the legal action will form an important part of ICO’s investigation and will be considered before ICO’s final findings are published. Information management South Wales Police offers the following assurance: “Data will only be retained as long as is necessary for a policing purpose, as per guidance within the Authorised Policing Practice on information management.” Facial recognition systems are yet to fully resolve their potential for inherent technological bias" One concern is that live facial recognition ‘discriminates’ against women and people of colour because it disproportionately misidentifies them, thus making them more likely to be subject to a police attention. ICO’s Elizabeth Denham comments: “Facial recognition systems are yet to fully resolve their potential for inherent technological bias; a bias which can see more false positive matches from certain ethnic groups.” Taking regulatory action ICO has also considered data protection ramifications of commercial companies using LFR. Denham says: “The technology is the same and the intrusion that can arise could still have a detrimental effect. In recent months, we have widened our focus to consider use of LFR in public spaces by private sector organisations, including where they are partnering with police forces. We will consider taking regulatory action where we find non-compliance with the law.” A 27-page U.K. Home Office Biometrics Strategy sets out an overarching framework within which organisations in the Home Office sector will consider and make decisions on the use and development of biometric technology. However, Biometrics Commissioner Paul Wiles says the document “doesn’t propose legislation to provide rules for the use and oversight of new biometrics, including facial images. Given that new biometrics are being rapidly deployed or trialed, this failure to set out more definitively what the future landscape will look like in terms of the use and governance of biometrics appears to be short-sighted.”
Workforce management systems gather and analyse information and anomalies from security officers in the field. The information ranges from direct observations entered via mobile or desktop apps by officers on duty to reports from cleaning staff, the maintenance department, and CCTV operators. Taken together, the information yields business intelligence and data analytics at no additional cost. Trackforce is a provider of workforce management solutions specific to the security industry and its unique operational requirements. From tracking guard tours to managing incidents and officers remotely, the platform improves officer accountability, optimises operations, and delivers actionable insights via a live dashboard to reduce vulnerabilities and enhance efficiencies. The platform is customisable and scales to each client’s business. Platform to control and identify risks “Corporate security teams deal with issues related to operational risk, facility security levels and design basis threats, and must contend with manmade, naturally occurring, and technological events,” says Guirchaume Abitbol, CEO and founder of Trackforce. “We provide them a platform that enables them to control and identify risks, deliver their service, and maintain security best practices.” Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications Trackforce serves large security guard companies and global organisations in diverse vertical market sectors and is expanding in facilities management. More than 200,000 professionals at over 20,000 customer sites in 45 countries use the platform. Trackforce uses live monitoring to ensure quality control and to upgrade situational awareness, delivers real-time incident notifications, and generates data-rich analysis and key performance indicators (KPIs) that enhance monitoring and reporting. Reduces corporate risk Better management of corporate risk is a benefit of security workforce management. The Trackforce platform reduces corporate risk in four areas by: Managing multiple sites, located anywhere, with various threat levels, cultural differences, operating procedures, and regulations. Supporting a security budget and investment in new solutions by providing data necessary for budget approval. Keeping management informed about outsourced security services partners with relevant data, analytics, and transparency. Providing real-time data on risks and incidents so operations can be quickly optimised to ensure top-level security services. Identifying potential threats and risks The platform rapidly and accurately collates data (implied data or trends) based on user-selected parameters. Data- and intelligence-rich reports become available to managers from any location via a dashboard. All necessary information is displayed on a single screen in an uncluttered format.The ability to analyse current and historical data in real time empowers security managers to track patterns Reports can be downloaded and shared with stakeholders. The ability to analyse current and historical data in real time empowers security managers to track patterns, identify potential threats and risks, and implement preventative actions and strategies. Using data intelligence as benchmark Security teams will use data intelligence as a performance benchmark for resources required to accomplish site goals. They will also use this information to pilot and rationalise resource needs for impending contracts based on historical, descriptive (what happened), diagnostic (why did it happen), predictive (what will happen) and/or prescriptive data (how can we can make it happen). “For example, when a large company incurs incremental computer equipment theft, a supervisor can use the platform to review historical reports and identify patterns and anomalies,” says Abitbol. “The supervisor could then identify and proactively implement targeted strategies to mitigate the theft, such as modifying security routes, increasing patrols, or adjusting asset management protocols.” Enhanced control of security resources The Trackforce platform has been designed to serve clients at multiple regional and national locations and is available in many languages. The Command Center allows a security supervisor based at a central location to easily manage officers on multiple sites. The Command Center provides greater oversight and enhanced control of security resources The Command Center provides greater oversight and enhanced control of security resources. Management can compare locations and evaluate security with a customisable reporting dashboard for each site. The uniform platform uses the same reporting templates and processes for each secured and managed location, thus ensuring consistency and accurate benchmarking. Trackforce’s workforce management solution has low cost and presents a low barrier to entry, with systems that can be implemented in a short time.
Over 1,600 Wisenet cameras manufactured by Hanwha Techwin have been installed at Asia’s largest mega hub terminal in order to help operators monitor the movement of parcels and vehicles, as well as keep employees and visitors safe. With its nine decades of endless innovation, Korea’s logistics service provider, CJ Logistics, is leaping forward to become a pioneer by expanding its global networks to over 94 locations and entering the Thailand, Malaysia, China and Philippines markets. Video surveillance solution In June 2018, CJ Logistics opened Asia’s largest mega hub terminal in Gonjiam, Gyeonggi-do, South Korea. The terminal, which comprises two buildings with four floors above ground and two underground, occupies approximately 300,000sq metres, almost the size of 40 football stadiums. The total length of the facility’s conveyer belts is almost 43km, long as a full-course marathon The total length of the facility’s conveyer belts is almost 43km, which is as long as a full-course marathon. The terminal also has a state-of-the-art automation system, the first of its kind in Korea, which has increased the company’s daily handling capacity to 1.72 million parcels, four times higher than its competitors. CJ Logistics looked for a top-notch video surveillance solution which could match the terminal’s grand scale and the technically advanced automated facilities. Providing periphery monitoring After testing cameras from different manufacturers in the market, CJ Logistics chose Hanwha Techwin as its supply partner and have subsequently installed around 1,660 Wisenet cameras throughout the terminal. Wisenet X series IR PTZ cameras have been installed along the building exteriors, providing periphery monitoring 24/7 and auto tracking that enables precise monitoring across long distances, while IR illumination provides visibility even at night. Inside the buildings, around 1,400 Hanwha Techwin’s Wisenet Q series cameras were installed on the terminal’s ceilings and walls. The cameras are able to help detect any problems occurring to the automated conveyer systems which have a constant flow of parcels on them. They also oversee the movement of over 1,500 vehicles in and around the terminal and help create a safe working environment. Highly accurate recognition Wisenet X series bullet cameras, running license plate recognition (ANPR) software onboard, have been installed at the main gate of the terminal to enhance security at the entrances and exits, providing highly accurate recognition of license plates. These cameras enable effective vehicle monitoring within the terminal where cargo moves in and out around the clock, and are particularly useful in monitoring the main entrance. Both camera types are equipped with 12x optical zoom and 150dB WDR Wisenet X series bullet and PTZ cameras have been installed at indoor staircases and corridors of the office building. Both camera types are equipped with 12x optical zoom and the World’s best 150dB Wide Dynamic Range (WDR) which ensures clear images are captured from scenes that contain a challenging mix of bright and dark areas, normally causing overexposed or underexposed images. Intelligent video analytics As part of the Wisenet X series, these cameras feature intelligent video analytics and offer movement, loitering and intrusion detection. They are also equipped with audio analysis functionality which recognises critical sounds such as gunshots, explosions, screams and broken glass. “Thanks to the Hanwha Techwin’s Wisenet security solution, we were able to build a safe video surveillance system that can match the size and the cutting edge facilities of Asia’s largest logistics terminal,” said an official at CJ Logistics. “Now we can safeguard every corner of our terminal including vehicles, parcels, and personnel, not to mention indoor and outdoor spaces.”
As the largest and busiest commercial port in New Zealand, Port of Tauranga spans 190 hectares and handles in excess of 1500 ships and 840,000 TEU (Twenty-foot Equivalent Units) each year. The port is a bustling import and export gateway which relies on efficient processes and procedures to maintain superior operational activity. Being a large site, with unrivalled sea, road, and rail connections, Port of Tauranga has a strong focus on employing security and safety solutions which enhance and support workflow across the site. In 2004, Port of Tauranga faced new security challenges with the introduction of the International Ship and Port Facility Security Code (ISPS Code). Key security element The new code was developed following the attacks of September 11, 2001 on the United States, and prescribed new measures required by governments, ships, and ports, in order to continue shipping trade with North America. Gallagher’s access control system was installed at 12 road access gates Compliance with the ISPS code was enforced by Maritime New Zealand, giving ports throughout the country until the end of 2004 to become compliant with the new regulations. A key security element for Port of Tauranga to become ISPS compliant was restricting and controlling access on and off the port. Gallagher’s integrated access control solution was selected as the system to deliver this for Port of Tauranga. To manage the variety of entry and exit points, Gallagher’s access control system was installed at 12 road access gates, 4 rail access gates, and over 60 doors across the site. Access Control Solution Providing more than just standard card/reader access control, Gallagher’s Challenge feature gives the port an additional tier of security by utilising video integration. The Challenge solution enables operators the ability to check cardholder identities against a live image being taken at the access point. This feature reduced the number of staffed gates required, resulting in significant ongoing labour savings for Port of Tauranga. With a large number of people coming and going from the port on a daily basis, Port of Tauranga needed a robust system capable of effortlessly managing a large database. While the port has only 170 employees, there are currently 9,000 active cardholders. “A constant flow of trucks throughout the day is essential,” said Mike Letica, Manager of Security at the Port of Tauranga. “Trucks delivering containers cannot be backed up waiting.” The Gallagher access control solution, coupled with Gallagher’s Command Centre software platform, enables Port of Tauranga to restrict entry amongst the 9,000 cardholders to the specific areas they are authorised to work in, through the use of access groups and access zones. Plant washing facility The system provides the functionality for bulk changes to be easily applied to groups, ensuring the port staff’s database administration time is kept to a minimum. More than just controlling access on and off the site, Port of Tauranga needed an auditable trail of exactly who had accessed the site. Another key feature of Gallagher Command Centre being utilised by Port of Tauranga The Gallagher Command Centre platform provided the functionality for tailored reports on who had accessed zones and facilities, and at what time. “Some services available at the port, for example the plant washing facility and diesel pump, are billed back to the user” said Letica. “We needed a simple way of identifying users and this was achieved by having access control cards activate the facilities”. Another key feature of Gallagher Command Centre being utilised by Port of Tauranga is the scheduling function. Port security team Being able to adjust the access control schedule for the road and rail gates in support of peak operating times and statutory holidays provides greater control for the port security team, along with the ability to set schedules in advance. In 10 years, the operational activity at Port of Tauranga almost doubled. From approximately 32,000 trucks per month in 2004, to over 61,000 trucks and 24,000 cars per month in 2014, the volume and tonnage growth has been extensive. Despite both activity growth and site expansion, the Gallagher system has enabled Port of Tauranga to maintain the same number of security staff they had in 2004. Letica has confidence in the Gallagher solution supporting the port’s future expansion, “We believe we have a security system that has not only met our growth needs to date, but is going to continue to meet our needs in the future.”
Wintec (The Waikato Institute of Technology), established in 1924 is a major New Zealand Government-funded tertiary institution, which has three Hamilton campuses; a city site overlooking the central business district, Avalon campus on the northern outskirts of the city, and a horticultural campus at Hamilton Gardens. In addition, it has regional operations at Te Kuiti and Thames and also an office in Beijing. The Avalon campus, a ten-minute drive from the city, is home to specialist trades training facilities, a state-of the-art sport and exercise complex and custom designed facilities for the School of International Tourism, Hospitality and Events. The third Hamilton campus, the Horticultural Education Centre, is situated amidst the 58 hectares of Hamilton Gardens. On-line distance education Wintec’s programmes and qualifications are nationally and internationally recognised Wintec is one of the largest institutes of technology in New Zealand, and has more than 35,000 full-time and part-time students, more than 500 full and part time staff and eleven schools within its academic faculty. International enrolments exceed 1000 from 47 countries. A range of student services provide its domestic and international students with a high level of support so they enjoy a positive, safe and secure study experience. Wintec’s programmes and qualifications are nationally and internationally recognised and its degrees have equal status to those from universities. The degree programmes include Media Arts, Midwifery, Nursing, Occupational Therapy, Early Childhood Education, Business Studies, Engineering, Technology, Information Technology, and Sport and Exercise Science and a wide range of full and part time courses for those already in the workforce. Wintec is also recognised nationally in the delivery of on-line distance education for those unable to attend regular classes for reasons of geographical access or other constraints. Electronically controlled doors Wintec strives for a balance of unobtrusive yet robust control of site activity, essential for maintaining an open campus environment. Shane Goodall, Security Manager at Wintec, describes the approach to security as highly proactive and collaborative: “by focusing on preventing issues arising, we now have a minimal policing role and the crime resolution rate is high”. This environment is underpinned by Gallagher’s security system, a core access control, intruder alarms and integration platform. Wintec first installed the Gallagher system (formerly Cardax FT) in 1999 and has since migrated this legacy system to Gallagher’s latest security technology platform. Security for the entire organisation, including satellite sites, is managed and monitored centrally from Wintec’s single Gallagher security system. Since initial installation, Wintec’s Gallagher access control system has grown from 7 to 240 electronically controlled doors in 2009, with another 40 planned - testimony to the scalability and flexibility of the system. Network friendly system communications The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras Wintec has integrated its imaging system to the Gallagher system delivering a visual record which can be matched to the audit trail of events in Gallagher Command Centre software. The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras (both analogue and IP). Another compelling aspect of the system for Wintec is the scalability and TCP/IP network friendly system communications. As well as monitoring and controlling staff and student access, equipment including computers, TVs, printers, audio visual resources at Wintec are also monitored through the Gallagher system. The ‘Gallagher Hub’, a new computer laboratory offering comprehensive IT resources is open 24 hours. The Hub contains 125 workstations, and there are plans to extend that number. Active monitoring of equipment though the Gallagher system has significantly reduced theft. Students and staff have scheduled access to shared IT resources, classrooms and lecture theatres. Manage cardholder data ‘Cardholder Import’, an XML Interface, supports the importation of cardholder data including course enrolments from their student record system to Gallagher Command Centre. Shane comments, “Student card issuing is an automated process which is enrolment-driven – a student’s access privileges are assigned according to their enrolled courses.” “To implement this, we defined a rules-based allocation of access groups in the Gallagher system using the XML interface. The interface is ‘live’ so that changes in the student enrolments database are immediately reflected in the Gallagher system. The student’s updated access privileges come into effect without delay.” Staff that interact directly with students are now empowered to manage cardholder data enabling the security team to focus on security. Students and staff utilise Mifare SmartCard functionality extensively, embracing them as an integral multiapplication tool in their modern educational environment – SmartCards are used to issue resources from the library and as pre-stored value cards enabling prepaid printing and photocopying. In the near future they will also be used in Wintec’s Pay and Display car-park and potentially as passes onto city council buses. Electronic access control At Wintec, security is not viewed as a discrete functional activity relegated to security staff only Stewart Brougham, Director of Internationalisation at Wintec, says students have given very positive feedback about their ID cards. In particular, the ability to verify the identity of staff members from their ID access cards provides peace of mind for students. The end result is a people-friendly campus. Future enhancements of Wintec’s security may include the utilisation of the CommCard solution from Gallagher to manage and monitor access to student accommodation. CommCard is a unique high level integration between the Gallagher Command Centre software and Salto off-line readers, delivering offline, non-monitored electronic access control for lower security doors. An overriding philosophy of collaboration has seen Wintec take a lateral approach to security, the value of which many organisations have yet to realise. At Wintec, security is not viewed as a discrete functional activity relegated to security staff only. The ongoing management of security is a joint effort between the security services team and the information services team. Increasing operational security The security services team manages the Gallagher system while IT looks after back end functions such as installation on the network and backup. Wintec has leveraged the convergence of security (access control) and other operational business functions recognising the tremendous potential for reducing risk and increasing operational security, safety, performance and efficiency. Looking beyond simply controlling and monitoring who goes where and when on site, Wintec is harnessing the reporting capabilities of Gallagher Command Centre to meet regulatory requirements. The Gallagher system enables the institution to report on actual space utilisation (not just space booking). Decisions are made for best use, and also to substantiate funding, based on these reports. “The key to space utilisation reporting are the frequency of reporting and the integrity and reliability of information,” states Stewart Brougham. It’s a national issue for educational institutes in New Zealand. Extending external partnerships “For Wintec, reporting is about ensuring compliance with regulatory requirements and is also a staff time management issue – reducing the administration load on lecturers, who would otherwise have to track student attendance manually.” Brian Fleming, Director of Gallagher Channel Partner, Concord Technologies, sites this lateral application of a security system as key to maximising the value of Gallagher to Wintec. Wintec has a strong relationship with Gallagher in the ongoing development of its technologies This collaborative philosophy extends to proactive external partnerships with their Gallagher Channel Partner, Concord Technologies, for the installation and maintenance of the Gallagher system, and with system designer and manufacturer, Gallagher. Having signed an agreement to continue in the capacity of a Gallagher field test site, Wintec has a strong relationship with Gallagher in the ongoing development of its technologies. Wintec’s success, in the last 5 years, as a test site reflects the competence of both its IT and security staff and the institute’s commitment to edge student services. Minimal training has been required. Software maintenance agreement There is open communication and information sharing between all internal and external parties involved, which means any issues that arise can be quickly addressed. Wintec has committed to a site maintenance plan with their security partner, Concord Technologies. The plan incorporates both software and hardware maintenance to ensure the system is maintained on the latest operating platforms within a known cost structure. A Software Maintenance Agreement also ensures enhanced ongoing system performance and reliability of the Gallagher system. Acknowledgements Gallagher would like to acknowledge the support of Wintec and security partner, Concord, with the development of this in-site study. Gallagher would also like to particularly acknowledge and thank Shane Goodall for the pivotal role he plays in championing the collaboration of these parties and for his outstanding support of the Northern Region Cardax User Group (NZ) in the capacity of Chairman of the group.
Todd Burgess has an easy answer when asked why he’s used a March Networks video solution in his Quik-E Food convenience stores for more than 15 years. “It’s simple. The system is constantly saving us money.” Networking and IT In his role as Vice President of Quik-E Food Stores, Burgess oversees all the networking and IT requirements for the Lynchburg, Virginia business, which includes 13 convenience stores and gas stations, six car washes, a laundromat and a craft beer pub called The Filling Station known for its unique combination of ‘growlers, grub and gas’. Finding those incidents and stopping them quickly can directly impact Quik-E’s profitability While many things about the family-owned business have changed since its founding in 1973, the need to keep a close eye on each location’s inventory hasn’t. Like every retail organisation, Quik-E can cite numerous examples of theft, fraud and inventory errors that have cost the business thousands of dollars in lost revenue. Finding those incidents and stopping them quickly can directly impact Quik-E’s profitability, and that’s where its March Networks intelligent video solution really proves its worth. Video system helps curb thefts “I can’t tell you how many thefts I’ve caught with the help of our video system,” said Burgess. “I had a former employee just finish paying me back $13,000 they owed us in stolen goods, and we recently caught another employee who was stealing probably $50 worth of cigarettes each day.” “And just this morning I was reviewing video of a weekly delivery with one of our managers,” continued Burgess. “We were able to confirm that we’d been charged for $77 worth of gloves that we didn’t actually receive. The video showed the delivery guy come into the store and put everything down. Two boxes of gloves is easy to spot, so it was obvious that that portion of the delivery was missing.” Quik-E Food Stores has upgraded its video solution over the years and Burgess uses the Searchlight software regularly to check for any unusual or suspect transactions and review the data when an incident occurs New software capabilities Over the years, Quik-E Food Stores has upgraded its video solution to take advantage of better performance and new software capabilities. The March Networks video recorders first installed more than a decade ago have been slowly replaced by new generation 8000 Series Hybrid NVRs, able to support both analogue and IP cameras or a full complement of IP-only video. Hosted networking solution Burgess has also overseen the transition from older Visual Intelligence software to March Networks Command Enterprise software working with Integrated Technology Group (ITG), the retailer’s long-time systems integrator and March Networks certified partner. That’s in addition to moving the organisation from office servers to a hosted networking solution and switching from an existing point-of-sale (POS) system to a new Gilbarco Passport POS solution. “We’ve been proactive about upgrading our IT infrastructure over the last few years, and our video system has always come back online, except in one instance where we couldn’t get the cameras connected again in a couple of locations,” said Burgess. “March Networks Tech Support was wonderful. They managed to diagnose the issue, which wasn’t related to the video products in the end. They were just a big help.” March Networks Searchlight™ Burgess says that he’s a satisfied customer and he won’t be looking for another video solution anytime soon Quik-E is also using March Networks Searchlight™ for retail, a software application that integrates surveillance video with the retailer’s POS transaction data to provide powerful search and investigation tools. Burgess uses the Searchlight software regularly to check for any unusual or suspect transactions and review the data when an incident occurs. “I use Searchlight primarily to look for voids and cancellations, or high dollar value transactions,” said Burgess. “We actually just used it to help catch a manager who probably stole thousands of dollars from us. I knew I was short in inventory, so I pulled up the video and transaction data to see if things were being rung up. It was clear they were not and we had the evidence to prove it. Now we’ll use that evidence to hopefully recoup our losses.” Satisfied customer Ultimately, Burgess says that he’s a satisfied customer and he won’t be looking for another video solution anytime soon. “I think it’s one of the best video surveillance systems on the market. March Networks has been good to me over the years and I’m a very happy customer.”
Avigilon Corporation, a Motorola Solutions company, announces that the New Bedford Housing Authority (‘NBHA’) in Massachusetts, USA has selected Avigilon video security solutions to help improve safety and reduce crime within its community. With close to 1,750 federal public housing units and 748 state aided units, the NBHA services over 6,000 individuals by providing safe, well-maintained and affordable housing units. New Bedford has faced challenges related to crime, which prompted the NBHA to seek out a security system that delivers actionable results to increase public safety throughout its community. Monitor critical areas The NBHA has deployed a complete Avigilon solution to monitor 13 of its properties throughout the city The NBHA has deployed a complete Avigilon solution to monitor 13 of its properties throughout the city. The system includes more than 125 Avigilon cameras and Avigilon Appearance Search™ technology, which is powered by AI to help enable security officers to quickly sort through hours of video with ease to locate a specific person or vehicle of interest across an entire site or multiple sites that are connected to the same Avigilon Control Center™ client software. “Our goal is to provide a safe environment for our residents and deploying an Avigilon system has allowed us to monitor critical areas more efficiently and respond more quickly,” said Steven Beauregard, executive director of NBHA. Video security solutions “So far, the results are tangible as we’ve made great strides in improving the safety and security of our communities.” “The NBHA is taking significant action to proactively address crime and other security concerns to help protect what matters most: its residents,” said Ryan Nolan, senior vice president, Commercial Operations of Avigilon. “By using our AI-powered video security solutions they are able to increase the effectiveness of their security system and provide a new level of public safety.”
One French town just north of Paris faced familiar key management challenges. Each person in their Municipal Technical Centre had to carry approximately forty physical keys. If a single key was lost or stolen, for even one door, all compromised cylinders had to be changed. To prevent unauthorised access, all the keys had to be replaced, too — at great expense. Key duplication costs were mounting. “One lost key cost from €3,000 to €4,000 for changing cylinders and replacing the keys,” explains Fabrice Girard, Territorial Technician at the Villiers-le-Bel Municipal Technical Centre. Administrators can program access rights for every CLIQ key, padlock or cylinder using the Web ManagerTo fix their expensive lost key problem, Villiers-le-Bel city administrators chose to combine ABLOY’s mechanical PROTEC2 and CLIQ electromechanical locking within the same flexible, key-based access control system. Almost 500 CLIQ wireless cylinders, 850 programmable, battery-powered CLIQ keys, plus programming devices and wireless CLIQ padlocks, have been deployed in a multi-year, rolling upgrade programme. CLIQ Web Manager software Now, with CLIQ, lost or stolen keys are cancelled instantly using the CLIQ Web Manager software. The Web Manager works securely inside a standard browser, with no software installation needed. Administrators can program access rights for every CLIQ key, padlock or cylinder using the Web Manager. They filter access to specific sites and doors according to the precise needs of every city employee. “CLIQ Web Manager is a very easy and pleasant system to use every day,” says Fabrice Girard. CLIQ also saves time for the city’s security team, because staff no longer must return to the Technical Centre to collect the keys for multiple sites. Authorised users carry a single, programmable, battery-powered CLIQ key, where all their individually tailored access rights are stored. Wireless system to enhance safety Using the CLIQ Web Manager, security staff can track exactly who has been granted access to every school site“We wanted a wireless system with reduced maintenance costs and increased safety,” adds Fabrice Girard. “CLIQ met all these requirements.” The city has already rolled out CLIQ beyond their Municipal Technical Centre to 10 local schools. Using the CLIQ Web Manager, security staff can track exactly who has been granted access to every school site — critical for these sensitive premises and to improving overall school safety. Plans are in place to equip Villiers-le-Bel’s 12 remaining schools with CLIQ within 2 to 3 years, including canteens and boiler rooms. Because CLIQ can be deployed and scaled flexibly, the city’s dedicated security budget funds this gradual extension of their CLIQ system.
Round table discussion
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?
ISC West 2019 is in the industry’s rear-view mirror, and what a show it was! The busy three days in April offered a preview of exciting technologies and industry trends for the coming year. We asked this week’s Expert Panel Roundtable: What was the big news at ISC West 2019?
Security software: Manufacturers & Suppliers
- ACT Security software
- Milestone Security software
- Vicon Security software
- DSX Security software
- Hanwha Techwin America Security software
- Gallagher Security software
- HID Security software
- TDSi Security software
- Bosch Security software
- Nedap AEOS Security software
- CEM Security software
- CCTV Software Security software
- Software House Security software
- PAC Security software
- Honeywell Security Security software
- Panasonic Security software
- Dallmeier Security software
- FLIR Systems Security software
- IDTECK Security software
- Geutebruck Security software