Storage - Expert commentary

Hybrid Working And The Threat Of Desk Data
Hybrid Working And The Threat Of Desk Data

The transition to remote working has been a revelation for many traditional office staff, yet concerns over data security risks are rising. Mark Harper of HSM explains why businesses and their remote workers must remain vigilant when it comes to physical document security in homes. Pre-pandemic, home offices were often that neglected room in people’s homes. But now things are different. After the initial lockdown in 2020, 46.6% of UK workers did some work at home with 86% of those doing so because of the pandemic. Semi-Permanent workspaces Since then, many have found that over time, those semi-permanent workspaces have become slightly more permanent – with official hybrid working coming into effect for an assortment of businesses and their teams. The adoption of hybrid working can in fact be seen as one of the few positives to come from the pandemic, with less travel, more freedom and higher productivity top of the benefits list for businesses and their employees. The handling of sensitive documents, is a growing concern for office managers But those welcomed benefits don’t tell the whole story. The transition to remote working has undoubtedly impacted workplace security, with various touch points at risk. The handling of sensitive documents for example, is a growing concern for office managers. In simpler times, sensitive data was more or less contained in an office space, but with millions of home setups to now think about, how can businesses and their office managers control the issue of desk data? Physical document security As of January 2021, it’s said that one in three UK workers are based exclusively at home. That’s millions of individuals from a variety of sectors, all of which must continue in their efforts to remain data secure. With that, reports of cyber security fears are consistently making the news but that shouldn’t be the sole focus. There is also the underlying, but growing, issue of physical document security. The move to remote working hasn’t removed these physical forms of data – think hard drives, USBs and paper based documentation. A recent surge in demand for home printers for example, only exemplifies the use of physical documents and the potential security issues home offices are facing. Adding to that, research conducted in 2020 found that two out of three employees who printed documents at home admitted to binning those documents both in and outside of their house without shredding them. Data security concern Without the right equipment, policies and guidance, businesses are sure to be at risk Those findings present a huge data security concern, one that must be fixed immediately. The Information Commissioner’s Office (ICO) has since released guidance for those working from their bedrooms and dining tables. Designed to help overcome these challenges, the ‘security checklists’ and ‘top tips’ should be the first port of call for many. Yet throughout, the ICO make reference to ‘following your organization’s policies and guidance’ – highlighting that the onus isn’t solely on the individuals working from their makeshift offices. Office managers have a monumental task on their hands to ensure teams are well equipped within their home setups. Without the right equipment, policies and guidance, businesses are sure to be at risk. But it would be wrong to insinuate that unsecure desk data has only now become an issue for organizations. Modern office spaces Keeping clear desks has long been a battle for many office managers. In fact, clear desk policies are practiced in most modern office spaces, with it recognized as a key preventative to personal information being wrongly accessed and so falling foul of GDPR legislation. Throwing sensitive documents in the bin was never an option pre-pandemic However, the unsupervised aspect of home working has led to a potentially more lax approach to these policies, or in some cases, they can’t be followed at all. For those taking a more laid back approach, organization leaders must remind staff of their data security responsibilities and why clear desk policies have previously proven effective. Ultimately, throwing sensitive documents in the bin was never an option pre-pandemic and this must be carried through to home workspaces now. Securely destroy documents There are also concerns over the equipment people have access to at home. For example, without a reliable home shredding solution, data security suddenly becomes a tougher task. To add to that, several recommendations state that employees working from home should avoid throwing documents away by instead transporting them to the office for shredding once lockdown rules ease. While this is an option, it does pose further issues, with document security at risk of accidental loss or even theft throughout the transportation period, not to mention the time spent in storage. The best and most effective way to securely destroy documents is at the source, especially in environments where higher levels of personal data is regularly handled. Correct shredding equipment The recent findings on home office behavior represent a true security risk Only when home workers implement their own clear desk policies alongside the correct shredding equipment (at the correct security level), can both home office spaces and regular offices become data secure. Realistically, these solutions should, like the common home printer, become a staple in home office spaces moving forward. The likelihood is that many UK workers will remain in their home offices for the foreseeable future, only to emerge as hybrid workers post-pandemic. And while the current working environment is more ideal for some than others, the recent findings on home office behavior represent a true security risk to organizations. With this in mind, it’s now more key than ever for business leaders, their office managers and homeworkers to all step up and get a handle on home data security policies (as well as maintaining their standards back at the office) – starting with the implementation of clear desk policies. After all, a clear desk equals a clear mind.

Data-at-rest Encryption: At The Center Of The Security Circle
Data-at-rest Encryption: At The Center Of The Security Circle

The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced Approach To Data Security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analyzed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The Importance Of Data-At-Rest Encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring Drives To Be Common Criteria Compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing An Additional Layer Of Security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries In Need Of Data-At-Rest Encryption Healthcare organizations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its partSMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing Every Hardware And Software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialog and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.

The Many Faces Of Today's Facial Recognition Technology
The Many Faces Of Today's Facial Recognition Technology

The use of facial recognition has become a highly debated topic recently, and has increasingly and misleadingly been criticized by some for being an unethical tool used to spy on the public. The reason for such criticism is however largely due to lack of information and regulation around the technology. Used proportionately and responsibly, facial recognition can and should be a force for good. It has the ability to do a lot more to increase security in the future – from street crime to airport security, all the way through to helping those battling addiction, the technology can take security and operations to new heights.  The Rise In Knife Crime Knife crime has dominated the headlines in the UK throughout the year. Recent statistics show the number of people being admitted to emergency care due to attacks by a sharp object to be up by nearly 40 per cent from two years ago, while the number of children under the age of 18 being admitted to hospitals with stab wounds is up by 86 per cent in only four years. This recent surge in knife crime has put police forces under immense pressure, and the intelligent use of facial recognition has a role to play in enabling more informed stop & search interventions. Currently UK police can stop and search an individual they suspect to be carrying drugs or weapons or both, or they can stop and search a person in a location where there have been or are considered likely to be “incidents involving serious violence.” In both cases they must do so with access to limited information, leaving themselves open to accusations of bias or discrimination. Knife crime dominated the headlines in the UK throughout 2018 Police Systems Benefiting Crime Investigations This is where facial recognition can offer up additional intelligence. These systems can memorize the faces of persons of interest, networks of gang members, wanted criminals and those suspected of involvement in serious violent crimes. Furthermore, these systems don’t need prior personal engagement to recognize an individual and see only data, not gender, age or race. The technology doesn’t take the decision away from the human police officer. However, it does bring greater transparency and context to the decision-making process of whether a stop and search intervention is justified. Similarly, the advanced technology can recognize and match an individual seen on a CCTV camera at a crime scene to someone the police encounters on the streets some time later, justifying a stop and search on that individual. Its ability to check in real time if a person is on a criminal watchlist adds an extra layer to the decision-making process prior to conducting a stop and search, lowering the likelihood of discrimination. Facial recognition thus helps eliminate both weapons and criminals off the streets and potentially prevent crimes before they have a chance to take place. Gambling Addiction And How Facial Recognition Can Help There are an estimated 593,000 people in the UK currently battling a gambling problem, making it a serious public health issue in the country. Having understood the gravity of the issue, the UK gambling commission have set limits and advice in place to help those suffering this addiction; yet as with all addictions, gambling is a tough habit to beat. In order to put effective limitations in place and make a real difference, the gambling commission needs the right technology to protect those most vulnerable in the industry.   Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers   Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers to a higher degree. Monitoring those entering and moving around gambling areas is an extremely difficult task for human staff to do alone, especially in large crowded areas such as casinos. Facial recognition technology installed around the premises would be able to help the company and the staff to identify people who have registered as gambling addicts, and keep record of their day’s play in order to inform staff if and when it was time for them to stop. It would also be able to ensure effective self-exclusion procedures, by identifying a self-excluded individual via CCTV as soon as they entered the venue to then allow security staff to respectfully escort them out. Utilizing Facial Recognition At Airport Security Facial recognition has by now become a normal sight at many airports around the world. Several people today hold a so-called biometric passport, which allows them to skip the normally longer queues and instead walk through an automated ePassport control to proceed to the gate faster without having to deal with control officers. Facial recognition used in this way has managed to significantly cut waiting times at the passport control, but it also has the ability to enhance security in and around airports. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces Earlier this year, facial recognition technology managed to catch an imposter trying to enter the US at the Washington Dulles Airport. The false passport may have been uncaught by the human eye, yet due to the accuracy of the facial recognition technology it managed to help officers catch the imposter and bring him to justice. Facial recognition thus allows officers to identify an individual faster and more accurately than the human eye. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces, which have been collected from visas, passports and other sources.   Facial recognition allows officers to identify an individual faster and more accurately than the human eye While some critics may worry about issues of privacy related to the technology, at airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-in and, in the future, even boarding proceedings.  At airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-in If used correctly and proportionately, facial recognition can help safeguard the public and improve national security on several fronts. While the many benefits of facial recognition are evident, the lack of regulation and understanding of the technology has led to misconception around how it works and what it is used for. Facial recognition technology can match faces in crowded public places against criminal watch lists, and register faces that match with those on criminal watch lists – while ignoring everyone else.

Latest Hikvision USA Inc. news

Hikvision Announces Special Promotion On Next Generation AcuSense Cameras
Hikvision Announces Special Promotion On Next Generation AcuSense Cameras

Hikvision, a manufacturer and supplier of security products and solutions is launching a special, limited-time promotion on the company’s next generation of intelligent AcuSense PCI series cameras. Employing advanced deep learning algorithms, AcuSense cameras can accurately distinguish people and vehicles from other moving targets such as animals and shadows in real-time, vastly improving detection accuracy while reducing costly false alarms. Improve safety and security “Our next generation of AcuSense cameras delivers intelligent features and capabilities that improve safety and security and help eliminate costly false alarms in virtually any environment. AcuSense PCI models use audio and visual alarm messages to actively reduce the risk of intrusion, providing real-time proactive deterrence from crime, intruders, and unwanted behavior,” said Michael Hendrix, director of sales engineering, Hikvision. “These new AcuSense cameras deliver the perfect combination of intelligent performance and cost-efficiency for a wide range of users and applications.” Limited time price reduction For a limited time during the month of May, Hikvision is offering select second-generation AcuSense PCI cameras at a significant price reduction. Those seeking details about the promotion can request additional information online. To learn more about Hikvision’s next generation of AcuSense cameras, join a special open webinar on May 7, 2021. Registration for the webinar is free but space is limited. AcuSense camera features AcuSense cameras precisely sense human and vehicle movement versus non-human objects, reducing false alarms up to 90 percent and improving alarm handling efficiency. New strobe light and audio features on SL models vastly improve on-site response and real-time, proactive crime deterrence. The new generation of AcuSense cameras includes a host of advanced features, including customizable two-way audio warnings, ultra-low light color performance, and camera-accessible cloud video storage.  

Hikvision Shares Awareness Of Cybersecurity Vulnerabilities With IoT Devices
Hikvision Shares Awareness Of Cybersecurity Vulnerabilities With IoT Devices

As the media often reports, the world of cybersecurity can be seen like the ‘Wild West’. There’s now a wide range of Internet of Things (IoT) devices connected to the web, making this a hot topic. Among these devices are security cameras. IoT devices are computers that use software that makes them vulnerable. As the famous cybersecurity evangelist Mikko Hypponen says, "If a device is smart, it's vulnerable!" Hypponen is right. On a daily basis, new vulnerabilities are found in software, regardless of the manufacturer. In 2019, more than 12,000 vulnerabilities worldwide were made public and reported as a CVE (Common Vulnerability and Exposure) in the National Vulnerability Database (NVD). Unfortunately, vulnerabilities are a given. What really matters is how a company deals with and resolves vulnerabilities. Cybersecurity vulnerabilities Awareness of cybersecurity vulnerabilities is vitally important to protect one, one’s business and the Internet Awareness of cybersecurity vulnerabilities is vitally important to protect one, one’s business and the Internet, but it’s also important to understand that a vulnerability is not synonymous with “backdoor”, and is not necessarily indicative of “cheap quality.” But there are companies out there that are embedding safeguards into their development processes to reduce the risks. One could see them as ‘Sheriffs’, taking steps to make this Wild West a little safer.  Hikvision ‘Secure-by-Design’ Manufacturers of IoT devices can significantly reduce these vulnerabilities during the production of devices Security cameras, like all other IoT devices, are vulnerable to cyberattacks. Fortunately, manufacturers of IoT devices can significantly reduce these vulnerabilities during the production of devices, using a process called ‘Secure-by-Design’. Implementation of Secure-by-Design requires a commitment on the part of the manufacturer’s management team and a serious investment in resources and technology, which can result in a longer production process and a higher cost of the IoT device. Cost is often the reason why some IoT device manufacturers do not use Secure-by-Design (and are indeed cheaper). Hikvision is a producer of IoT devices that takes security and privacy very seriously and has implemented Secure-by-Design in its production process. Management supports this process and has even set up a dedicated internal cybersecurity structure charged with product cybersecurity. This group is also the central point of contact for all other cybersecurity matters. Product testing Hikvision Security Development Life Cycle (HSDLC) is an essential part of Hikvision's cybersecurity program The Hikvision Security Development Life Cycle (HSDLC) is an essential part of Hikvision's cybersecurity program. Cybersecurity checks take place at every stage of product development — from concept to delivery. For example, product testing takes place during the verification phase, the company also regularly invites well-known security companies and public testing platforms to conduct penetrating testing. There is no guarantee if Hikvision products are immune to hacking, but the HSDLC is a testament to a manufacturer that makes every effort to produce products that are as cyber secure as possible. In addition to the Secure-by-Design process, Hikvision opened a Source Code Transparency Center (SCTC) lab in California in 2018, being a lab to open such a center. At this center, U.S., the Canadian government and law enforcement agencies can view and evaluate the source code of Hikvision IoT devices (IP cameras and network video recorders). Hikvision firmware Hikvision has a Vulnerability Management Program in place when a vulnerability is discovered It’s important to emphasize that no product is 100 percent secure. Hikvision has a Vulnerability Management Program in place when a vulnerability is discovered in a product. To date, vulnerabilities that have been reported to Hikvision and/or made publicly known, have been patched in the latest Hikvision firmware, and are readily available on the Hikvision website. In addition, Hikvision is a CVE CNA, and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch and publicly release updates to products in a timely manner. These vulnerabilities are collected in the National Vulnerability Database (NVD) and are public. Hikvision recommends that customers who are interested in purchasing security cameras inquire about a manufacturer’s cybersecurity practices and if they have an established Vulnerability Management Program.  Cybersecurity questions to consider The cybersecurity of IoT devices is a topic that needs to be addressed in a serious way and it should play an essential role in the product development process, beginning at the concept phase of an IoT product. This requires time, investment and knowledge. Consider the following questions: Trust on the manufacturer of a low-cost security camera Manufacturer with a dedicated cybersecurity organization Manufacturer on handling the vulnerabilities These are the questions that everyone should ask themselves when making a purchase, be it a camera or any other IoT product. Cybersecurity practices There is no absolute 100% guarantee of security, but Hikvision has practices to ensure the cybersecurity for its cameras. Cooperation, with its customers, installers, distributors and partners, and full transparency are key elements to successfully secure IoT devices. When one reads cybersecurity news, one is invited to look beyond the headlines, and really get to know the companies that produce the IoT devices. Before one buys a security camera or any IoT device, it is advisable to check out the manufacturer’s cybersecurity practices, look for a company with a robust vulnerability management program, a company that aligns itself with Secure-by-Design and Privacy-by-Design and a company that employs cybersecurity professionals who are ready and eager to answer one’s questions. One may remember that there are Sheriffs out there, as well as bandits.

Hikvision Introduces MinMoe And Flow Control Solutions For Density Control, Temperature Screening, Mask Detection And Access Control
Hikvision Introduces MinMoe And Flow Control Solutions For Density Control, Temperature Screening, Mask Detection And Access Control

Businesses are now gradually reopening in many countries, and people can return to restaurants, office buildings, and public spaces. A safe reopening process will rely heavily on effective public health strategies, including increased testing for the virus, social distancing, occupancy restrictions, and cleaning and disinfection activities. In many countries, temperature measurement and the wearing of masks have been commonly made mandatory in both business and public environments. While social distancing and occupancy restrictions are considered necessary in public areas such as shopping malls and transportation hubs, workplaces like office buildings and industrial parks are looking for solutions featuring authorized entries with confidence. In lifting the restrictions for businesses and public areas, innovative video technologies can also help organizations meet and exceed health guidelines for safe and effective reopening. Temperature screening at entry  The Centers for Disease Control and Prevention (CDC) in the United States, a very well-known public health organization, have issued new guidelines for reopening offices. The CDC advises daily health checks including temperature screenings before employees enter a workplace. To achieve this, security cameras equipped with thermographic video technology can be an effective tool for rapid and safe initial temperature screening. Applications include, for example, schools, industrial parks, hospitals, office buildings, malls and hotels, etc. Hikvision’s temperature screening solutions offer various product types including installed thermographic cameras, handheld thermographic cameras, metal detector doors, and MinMoe access terminals that can be flexibly deployed for a wide range of applications. Video monitoring for mask compliance Wearing masks is recommended as a measure to contain respiratory droplets and protect the general public. Masks are also commonly included in worldwide health guidelines towards reopening. Store managers also need to identify and mitigate areas where shoppers may congregate Hence, compliance with this guideline has become crucial to many organizations. Video technology can help monitor the use of protective masks in clever and unobtrusive ways. AI algorithms can detect whether a person is wearing a mask. The system then triggers a pre-defined action if no mask is detected, such as, for example, a voice prompt or a link to an access system to deny entry. This provides a simple way to monitor the situation, or even to remind people of the rules. Hikvision’s thermal and AcuSense cameras, as well as MinMoe temperature screening terminals are equipped to detect masks. A specialized interface on Hikvision’s DeepinMind NVRs can also be used to visually display temperature and mask status together, making monitoring much easier. Crowd density control Social distancing plays an important role in “flattening the curve” in the spread of the coronavirus. These technologies use people counting and 3D modeling to measure the distance between people accurately In various countries, the recommended physical distancing might differ slightly, but maintaining a distance of a meter or more (3-6 feet) will remain a key recommendation of health authorities. In addition, store managers also need to identify and mitigate areas where shoppers may congregate, so as to ensure safe shopping spaces. Technologies incorporating social distancing and occupancy detection can be put into places like these to assist the process. Hikvision Flow Control Hikvision’s Flow Control system utilizes highly accurate people counting technology. A clear, dynamic display and real-time alerts ensure pre-defined capacity thresholds are never exceeded, even in locations with multiple entrances and exits, such as, for example, shopping malls and supermarkets. Video solution provides the necessary features and functionalities to assist with the process of social distancing A digital sign can be integrated at entrance areas to display real-time occupancy data, as well as temperature and mask information, letting customers know when it is safe to enter premises. In waiting areas such as cash registers in supermarkets and indoor ATMs in malls, Hikvision’s video solution provides the necessary features and functionalities to assist with the process of social distancing. These technologies use people counting and 3D modeling to measure the distance between people accurately. The exact measurement can be adjusted, well within the social distancing minimum separation guidelines. Touch-free access control  Schools and workplaces have previously made use of traditional access control and time attendance systems such as ID card swiping, PIN codes, or fingerprint scans, which require staff and students to frequently touch shared surfaces. This only increases the risk of spreading infection. With touch-free access control terminals, organizations can not only eliminate the risk, but greatly enhance their daily operational efficiency. Hikvision’s MinMoe temperature screening terminals unify temperature screening, mask detection, and access control & time attendance in one model. The system only grants entries when the guidelines are met, which is particularly useful in highly-populated workplaces like industrial parks and office buildings. 

Related white papers

Hybrid Hyperconverged Systems Benefit Growing Storage and Retention Needs

Five Things To Consider For AI With Video Technology

Making Your Surveillance Cyber Secure