Cyber security

Alcatraz, the pioneer in facial biometric authentication for physical access, now announced the successful completion of its SOC 2 examination as of November 7, 2025. The independent audit was conducted by A-LIGN, the pioneering provider in cybersecurity compliance trusted by more than 4,000 global organizations. Biometric access with confidence “Trust in biometric systems depends on strong data stewardship,” said Tina D’Agostin, CEO of Alcatraz. “At Alcatraz, we work with some of the world’s most sensitive data and environments, and it’s a responsibility that we take seriously." "Our platform is purpose-built with privacy at its core so customers can deploy biometric access with confidence across their most critical environments. Privacy guides how every identity experience is designed, operated and secured.” SOC 2 examination Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures and operations have been formally reviewed.  AI-powered facial authentication technology Alcatraz leverages AI-powered facial authentication technology to enable private, secure and seamless entry across highly sensitive environments. Its solution, the Rock X, is deployed across Fortune 100 campuses, AI data centers, financial institutions, stadiums and government facilities, where precision, compliance and trust matter most. The technology is designed with privacy at its core, incorporating opt-in enrollment, encrypted biometric templates and detailed audit reports to support compliance with major data protection frameworks, including the GDPR, CCPA, CPRA and BIPA.  Alcatraz’s continued commitment “Congratulations to Alcatraz for completing their SOC 2 audit, a widely recognized signal of trust and security," said Steve Simmons, COO of A-LIGN. "It's great to work with organizations like Alcatraz, who understand the value of expertise in driving an efficient audit and the importance of a high-quality final report." This attestation reinforces Alcatraz’s continued commitment to compliance and ensures customers with the confidence that required safeguards are in place to protect their data.

The contract was signed, live at the SPS in Nuremberg, Germany: CADENAS is now the newest member of the Eplan Partner Network. CADENAS Managing Director Terry Jonen and Eplan Managing Director Haluk Menderes signed the new technology partnership agreement on 26 November 2025. The stated goal of the cooperation is the expanded provision of technical device data via the Eplan Data Portal, which will be implemented using a direct interface between the Data Portal and the CADENAS platform 3Dfindit. Connectivity to the CADENAS device During the SPS, Eplan and CADENAS signed a groundbreaking technology partnership that will make it easier for Eplan users to find the right device data. “CADENAS is a strong partner who will help us considerably extend the range of device data available on the Eplan Data Portal with additional, validated content,” says Eplan Managing Director Haluk Menderes. “For our customers, this cooperation is significant. The connectivity to the CADENAS device database expands our quite comprehensive selection of device data with completely new, sometimes very complex configuration data – for instance for the energy sector.” Speaking about the newly sealed deal, CADENAS Managing Director Terry Jonen says, “With the planned connection of 3Dfindit to the Eplan Data Portal, we’re making it easier for engineers to access precise, up-to-date product data and are thereby increasing the added value for our common customers.” Focusing on added value for designers Comprehensive digital device data is indispensable for design engineers. It accelerates project planning and increases efficiency in engineering, making invaluable contributions to greater data consistency. To achieve this, the companies will be developing an interface to the CADENAS portal that users will be able to access via the Eplan Data Portal, meaning directly via the Eplan cloud. Eplan and CADENAS will be working closely together to design the interface, and both companies will be engaging in continued dialog with component manufacturers. The advantages for users at a glance Eplan users benefit from a significantly expanded range of data on offer, for instance, for complex designs Design engineers will have additional options when selecting device data Data consistency throughout the entire engineering process also increases Depth of data and data consistency Now that the agreement has been signed, the technical implementation is getting started. In the coming months, both partners will set up technical working groups to define the specific measures with a view to gradually expanding the cooperation. The goal is to validate added value for common customers along the value chain. This involves various topics and industries, for instance, the energy sector. For Eplan users, this will mean increased depth of data and data consistency.

AI is one of the fastest-growing technologies in the history of modern business, with the ability to revolutionize industries, optimize operations, and drive innovation, but it is also introducing security gaps, risks, and vulnerabilities. According to McKinsey, 78% of organizations are using AI in at least one business function, up from 55% two years ago. As a result, 73% of them are investing in AI-specific security tools, either with new or existing budgets, according to the 2025 Thales Data Threat Report. Thales is introducing the first foundational capabilities of its AI Security Fabric to protect the core and edge of enterprises' AI ecosystems. Thales AI security fabric–safeguarding LLM-powered apps, data, and identities With Thales AI Security Fabric, organizations will be able to: Unlock AI-driven growth securely: Maximize AI’s business value by enabling innovation and expansion while mitigating risks such as prompt injection, data leakage, model manipulation, and exposure of sensitive or regulated data. Protect data, applications, and identities end-to-end: Provide Agentic AI and GenAI with controlled dataset access, deploy runtime security across cloud and on-premises environments, and safeguard all AI interactions with minimal integration effort. Rely on enterprise-grade, standards-aligned protection: Leverage proven security capabilities that directly address the most critical OWASP Top 10 risks and prevent costly or reputation-damaging incidents before they impact the organization. The first capabilities available now are: AI Application Security: a security solution designed to protect homegrown applications that use LLMs. Providing real-time protection for AI-specific threats, including prompt injection, jailbreaking, system prompt leakage, model denial-of-service attacks, sensitive information leakage, and content moderation. With flexible and seamless deployment options to fit any architecture, whether cloud-native, on-premises, or hybrid environments. AI Retrieval-Augmented Generation (RAG) Security: provides the capability to discover and secure sensitive structured and unstructured enterprise data before it is ingested into retrieval-augmented applications with comprehensive data protection solutions, including encryption and key management. Helps secure communication between the LLM and external sources of data. Agentic AI and Gen AI applications “As AI reshapes business operations, organizations require security solutions tailored to the specific risks posed by Agentic AI and Gen AI applications,” Sebastien Cano, Senior Vice President of Thales’ Cyber Security Products Business, said. “Thales AI Security Fabric offers enterprises specialized tools to secure AI applications while minimizing operational complexity. Supported by decades of security expertise, Thales enables businesses to confidently scale their AI adoption, safeguarding sensitive data, applications, and user interactions.” AI Security Fabric in 2026 Thales plans to expand its AI Security Fabric in 2026 with new runtime security capabilities, including data leakage prevention, a Model Context Protocol (MCP) security gateway, and end-to-end runtime access control.  These features will strengthen protection across data flows, secure agentic AI data access, and ensure unified, compliant management of interactions between users, models, and data sources. See more information or get trials and access to some of these tools at the Thales AI Security Fabric Website.

Smeup, a key partner for companies engaged in digital transformation, now announced the expansion of its adoption of Cubbit, the first geo-distributed cloud storage enabler, as part of a Business Alliance Partnership that increases capacity to 3.2 petabytes, up from the initial 1.6 petabytes. The agreement has a dual objective: to enhance data management and resilience for smeup, and to accelerate the adoption of cloud storage services across the region through the launch of a fully Italian, secure, and cost-competitive offering. In 2023, smeup successfully adopted Cubbit DS3 Cloud, a fully-managed cloud object storage solution, achieving a 30% reduction in Total Cost of Ownership (TCO) compared to equivalent configurations previously run with US-based providers. Digital transformation of SMEs Smeup supports the digital transformation of SMEs and large organizations in the manufacturing, wholesale distribution, and services sectors. As part of an industrial plan aimed at exceeding €100 million in turnover, the company is seeking to expand and consolidate its presence in the cloud market. The traditional on-premises storage solutions previously used, while providing control, proved costly, inflexible, and complex to manage, creating geographically fragmented data silos. At the same time, public cloud services raised concerns related to data sovereignty, geopolitical risk, and unpredictable costs. Internal adoption of Cubbit’s technology In line with its new corporate strategy, smeup has chosen to both expand its internal adoption of Cubbit’s technology and to become a provider of it, launching its own geo-distributed S3 storage offering for enterprises. To do so, the company has integrated Cubbit DS3 Composer — software-defined object storage — into its three data centers located in the Italian regions of Emilia-Romagna and Lombardy. Cloud object storage solutions With Cubbit DS3 Composer, smeup can deliver multiple service tiers from a single intuitive platform, simplifying operations. This strengthens a fully Italian market offering that combines maximum resilience — as data is encrypted, fragmented, and distributed across multiple nodes, ensuring files remain accessible at all times yet never exposed in full — with data sovereignty, flexibility, cost control, and S3 compatibility. This enables smeup to benefit from cloud object storage solutions aligned with the highest security standards, such as NIS2, while expanding into new markets with tailored solutions for specific sectors. Key use cases Key use cases range from immutable backup repositories to cloud NAS for file sharing, application automation, and file and document archiving, through to hierarchical storage management (HSM). As part of the partnership, Cubbit supports smeup via close technical and commercial collaboration — including training, sales support, and joint go-to-market initiatives — enabling customers to benefit from solutions with high SLA standards, expertise, and service quality. Data sovereignty and strict GDPR compliance Gianluca Pellegrini, General Manager at smeup ICS, commented: “The smeup offering has been strengthened by integrating Cubbit cloud storage into our portfolio. This entirely Made in Italy solution plays a fundamental role in enhancing our services. Cubbit’s technology is synonymous with data sovereignty and strict GDPR compliance, ensuring an unparalleled level of security and resilience for our customers, with critical assets hosted on geo-distributed infrastructure." "We are not simply acquiring technology; we are actively investing in the country’s digital future by providing a scalable, secure, and reliable cloud platform. Thanks to Cubbit, we have achieved our goal of having a flexible, distributed architecture and service, enabling us to offer our customers prices 15% lower than with our previous solutions.” Data management strategy Alessandro Cillario, co-CEO and co-founder of Cubbit, said: “We are proud to see smeup double its adoption of Cubbit’s technology, consolidating its data management strategy and extending the benefits already measured internally to its end customers." "With DS3 Composer, European service providers can regain competitiveness in the global storage market without being forced into a price race to the bottom. This is exactly what smeup is doing by integrating Cubbit’s technology into its data centers to create its own geo-distributed, sovereign, and competitive cloud storage service.”

A lot has been said about door security — from reinforced door frames to locking mechanisms to the door construction — all of which is crucial. But what security measures are in place beyond the perimeter door in case the worst happens and it’s somehow breached? Hopefully, many more levels of access control are in place to prevent, or at least slow down, a perpetrator’s ability to compromise protected assets. Additional interior layers Interior security measures must operate as an integrated, multilayered system that eliminates single points of failure. These inner protections safeguard not only the physical infrastructure but also the operational integrity, confidentiality, and availability of the systems housed within. Beyond simply preventing unauthorized individuals from getting inside, the goal is to create a controlled, monitored, and resilient environment in which every movement, action, and access attempt is verified, logged, and, when necessary, challenged. As modern buildings, data centers, and infrastructure sites host critical functions and potentially sensitive intellectual property, these additional interior layers become essential to protecting both organizations and their proprietary assets. Interior security controls One of the most important interior security controls is granular access segmentation One of the most important interior security controls is granular access segmentation. While a perimeter door may verify an individual’s right to enter the building, the interior should treat every room, cage, and corridor as its own security zone. Role-based access control and strict least-privilege principles should limit personnel to only the areas they absolutely require. For example, a network engineer may need access to routing equipment but not storage racks; a janitorial contractor might be allowed into shared hallways but not any equipment rooms at all. These access restrictions should be enforced using intelligent keys, biometric scanners, mantraps, and, at particularly sensitive locations, two-factor authentication. Segmenting access in this way limits the potential damage from a single compromised badge or insider threat and ensures that a single breach does not cascade into a total facility compromise. Low-light and infrared capabilities Biometric authentication within a building adds a layer of confidence beyond perimeter controls. Technologies such as facial identification help prevent the use of stolen, cloned, or borrowed credentials. These systems complement anti-tailgating measures, such as sally ports or mantraps, which ensure that only one authenticated person passes through at a time. Interior surveillance is another essential measure. High-resolution cameras equipped with low-light and infrared capabilities should cover every hallway, door, rack row, and logistical pathway. Camera feeds must be continuously recorded, and retention policies must align with regulatory requirements. Intelligent video analytics, such as motion pattern recognition and heat mapping, enable the detection of atypical behaviors — such as someone lingering near a cage they are not authorized to access or movement at odd hours. Physical tamper-detection mechanisms Cabinet security provides a vital layer of granularity in the access hierarchy, ensuring that even within secure facilities Integrating surveillance with access control systems creates a strong correlation; when someone successfully passes through a secured door and enters a room, the system can track whether the number of people seen on camera matches the number authenticated, and alert security if a discrepancy occurs. However, it is increasingly important that access control not stop at the room level, because the most sensitive assets are often housed in cabinets, racks, or storage units within already-secured spaces. Cabinet security provides a vital layer of granularity in the access hierarchy, ensuring that even within secure facilities, assets remain protected. Physical tamper-detection mechanisms on racks, cable trays, and server chassis add another dimension: they can detect if a panel is opened, a cable is unplugged, or a device is removed without authorization. Secure destruction protocols Another internal measure is the use of secure storage and chain-of-custody procedures for any components that contain intellectual property or personally identifiable information. Hard drives, backup media, and even printouts should be stored in locked cabinets accessible only to people with proper clearance. When decommissioning hardware, secure destruction protocols such as shredding or degaussing should be performed in controlled areas and thoroughly logged. Every movement of sensitive equipment should be traceable, from installation through end-of-life disposal. Such processes reduce the risk of data leakage from improperly discarded or undocumented devices. Consequences of improper behavior Staff should be trained to recognize social engineering attempts, unusual behaviors, and procedural deviations Operational security procedures also contribute significantly to interior protection. Background checks, ongoing employee vetting, and mandatory training ensure that individuals with access to sensitive areas understand their responsibilities and the consequences of improper behavior. Staff should be trained to recognize social engineering attempts, unusual behaviors, and procedural deviations. Maintaining a strict visitor escort policy prevents non-employees from wandering unobserved. All visitors should wear highly visible identification badges and be monitored continuously by authorized personnel. The building's interior should be treated as a controlled environment at all times, not merely a workspace. Continuous auditing and logging form Continuous auditing and logging form another pillar of interior security. Access logs from intelligent keys, biometrics, video, and environmental systems must be stored securely and evaluated regularly for anomalies. Automated systems can flag irregular patterns, such as repeated attempts to access unauthorized areas or entering rooms at odd hours. Manual audits validate that the access control list remains accurate, that no inactive or former employees retain credentials, and that documentation matches reality on the floor. These logs are indispensable during investigations, compliance assessments, and incident response efforts. Interior security controls Security networks should be isolated from the main IT networks to prevent a cyber incident Finally, redundancy and resiliency must be built into interior security controls. Electrical power for access control, intelligent keys, biometrics, and video systems should be backed by secondary sources, generators, or uninterruptible power supplies. Security networks should be isolated from the main IT networks to prevent a cyber incident from disabling physical protections. The goal is to ensure that interior security remains functional even during outages, disasters, or cyber disruptions. Multilayered approach Together, these additional interior measures create a layered defense that makes a secure building, data center, or infrastructure site extremely difficult to compromise. Rather than relying on a single barrier at the entrance, the environment becomes an ecosystem of mutually reinforcing controls — physical, operational, digital, and procedural. This multilayered approach allows structures to maintain high levels of protection even as threats evolve, ensuring that the systems inside remain secure, resilient, and trustworthy.

In today’s connected world, attacks are more likely to target digital than physical entry points. From ransomware and firmware tampering to remote hijacking, AI-driven phishing and automated vulnerability discovery, the nature of threats is evolving rapidly, and no industry can afford to neglect them. As our industry has moved from mainly mechanical to increasingly digital solutions, we have long recognized the importance of constantly monitoring and assessing the risks we face. This means not only meeting mandatory regulations but also voluntarily adopting international standards such as ISO 27001, which protects data and systems through a structured and independently audited framework. Today’s fast-changing risk environment is also why the EU introduced the Network and Information Security Directive 2 (NIS2) – to raise the bar for cybersecurity across Europe. But what do measures like NIS2 and the Cyber Resilience Act (CRA) mean in practice? How does the rise of AI fit in? And most importantly, what should our industry be doing to stay secure in such an unpredictable digital landscape? The new regulations Compliance is not just about meeting regulations, it is also a competitive advantage NIS2 is reshaping cybersecurity expectations by setting higher standards to reduce risk, improve transparency, and protect data and services. Alongside it, the CRA introduces mandatory requirements for products with digital components. This makes “secure by design,” regular updates, and compliance checks essential before products can enter the EU market. For companies in our industry, responsibilities now extend well beyond internal systems. Organizations must also ensure that suppliers and service providers comply, with regular risk assessments forming a central part of the process. The consequences of falling short are severe, ranging from significant fines and audits to the potential withdrawal of products from the market. For our customers, the message is clear: security must be built in from the start. Compliance is not just about meeting regulations, it is also a competitive advantage. At ASSA ABLOY Opening Solutions EMEIA, security is part of our DNA.  We embed these standards into everything we do, giving customers solutions they can trust to be compliant and resilient.  The rise of AI  Artificial intelligence is transforming the digital security landscape and it cannot be separated from the regulatory framework shaping our industry. With AI advancing rapidly and new regulations coming into force, we have established a digital compliance framework to stay ahead of the curve and use AI as an enabler for improving security and achieving compliance. On one hand, AI brings powerful benefits, including more intelligent monitoring, faster anomaly detection, and smarter tools for operational efficiency. These capabilities directly support NIS2 and the CRA, particularly in the areas of proactive risk management and incident response.  AI and building cybersecurity standards On the other hand, AI introduces new risks. The attack surface is expanding and threats such as deepfakes and smarter phishing create serious threats that regulators are determined to address. Both NIS2 and the CRA emphasize continuous monitoring, transparency and accountability, principles that must now also guide the responsible use of AI.    At ASSA ABLOY Opening Solutions EMEIA, we see AI not just as a risk to mitigate, but as a capability to strengthen resilience and trust. That is why we are embedding strong governance practices around AI and building cybersecurity standards into every stage of product development. By doing so, we help our customers align with new regulations while ensuring AI serves as a tool for greater security and confidence. Trust and compliance Beyond our own operations, we are also committed to supporting customers on their compliance journey At ASSA ABLOY Opening Solutions EMEIA, we are taking NIS2, the CRA and the rise of cyber-threats seriously, ensuring compliance and enhancing trust with all our customers. We have reinforced supplier oversight, streamlined incident reporting, and embedded cybersecurity into every stage of product development and lifecycle management. Our teams also conduct ongoing risk assessments and post-incident reviews, ensuring that lessons are learned and improvements are made. By taking these steps, we not only meet regulatory requirements but strengthen the resilience of our supply chain and the trust customers place in us. Beyond our own operations, we are also committed to supporting customers on their compliance journey. Initiatives such as our recently released whitepaper “Enhancing Cyber–Physical Resilience with Digital Access Solutions” and a detailed NIS2 whitepaper developed in Germany last year provide clear, practical guidance. By showing what these regulations mean in practice and how intelligent access solutions can directly support compliance, we aim to make the path forward less complex and more achievable for our customers. Looking ahead The days when security threats to businesses and products were only physical are long passed. Today, we find ourselves in a world where the digital realm poses even more serious and constantly evolving challenges. It is therefore crucial that, as an industry, we take the necessary steps to meet the directives of NIS2 and the CRA and also constantly monitor the rise of AI. Only by doing so can we protect our customers, preserve our reputations, and build the trust that defines true leadership in security.

The Internet of Things is growing quickly. It has moved far beyond a few smart gadgets at home. Today, connected technology is in homes, factories, hospitals, farms, and cities. Experts expect the global market for IoT devices to rise from about $70 billion in 2024 to more than $181 billion by 2030. This means more devices, more data, and more opportunities for industries everywhere. This growth comes from several advances working together. 5G connections make it possible to send and receive data faster. Edge computing processes information close to where it is created, which helps with quick decisions. Analytics allow organizations to understand and act on the data they collect. Together, these improvements are opening the door to new ways of working, producing, and communicating. IoT:  The next generation As devices become more advanced, they use more energy and send more data. Think about high-quality security cameras, detailed environmental sensors, or systems in vehicles that send constant updates. All of these devices require a strong supply of power and a steady connection. In 2024, sensors made up more than 32 percent of all IoT device sales. Sensors are essential, yet the next wave of devices will do even more. They will process information themselves, use artificial intelligence, and include many features in one unit. This progress depends on networks that deliver both the energy and the bandwidth to support them. Into the future Devices and applications keep improving, so networks need the flexibility to handle what comes next Setting up IoT systems is about more than meeting today’s needs. Devices and applications keep improving, so networks need the flexibility to handle what comes next. A future-ready design provides extra capacity in both power and data flow. This way, when it’s time to add new devices or upgrade existing ones, the system is prepared without requiring major changes. One smart approach is to use modular equipment. For example, a network switch might deliver more power than devices currently use, while allowing room to connect more advanced devices later. This helps keep the system ready for growth. Built for all IoT devices often operate in challenging places. Factories, power plants, rail lines, and shipping ports face extreme temperatures, dust, vibration, and other difficult conditions. Network equipment in these locations needs the strength to keep working through heat, cold, and constant use. Industrial-grade gear is designed for these environments. It can run in a wide range of temperatures, handle physical impacts, and resist interference. Features such as port security, which keep a connection safe if a cable is removed, help protect both the equipment and the data it carries. Systems with backup power inputs continue to run even when one power source goes offline. Plug into PoE Power over Ethernet (PoE) sends both energy and data through the same cable Power over Ethernet (PoE) sends both energy and data through the same cable. This makes installation simpler and allows flexibility in where devices are placed. And as devices become more capable, they often need more power to operate. The latest innovation for PoE can deliver up to 90 watts on each port. This is enough to support advanced devices like AI-enabled cameras or multi-sensor units. When every port on a switch can supply that much power at the same time, adding more devices is straightforward and performance stays strong. Protecting the network Every connected device is part of a larger network. Protecting this network means securing data from the moment it leaves the device until it reaches its planned destination. Built-in security features in network equipment — such as secure architecture, encryption support, and physical safeguards — help keep information safe. They also help meet industry and government requirements for equipment sourcing and design. A clear path Organizations leading in IoT think ahead. They prepare for the next stage of technology by building networks with flexibility, durability, and protection in mind. These networks supply extra power, allow more bandwidth, and keep data secure while adapting as the system grows. The focus is on creating a foundation that supports innovation year after year. This means planning for devices that are faster, more capable, and more connected, while making sure the infrastructure grows right along with them. Looking ahead Strong, adaptable, and secure networks will allow connected devices to reach their full potential The IoT of the future will touch nearly every part of daily life. It will help farmers grow food more efficiently, guide self-driving vehicles, improve medical care, and keep cities running smoothly. As devices multiply and gain new abilities, the networks powering them need to grow in step. Strong, adaptable, and secure networks will allow connected devices to reach their full potential. By planning for both today’s needs and tomorrow’s possibilities, organizations can make the most of the opportunities IoT brings—and keep those opportunities expanding for years to come. Key takeaways: Preparing for the future of IoT The IoT market is growing fast The global market for connected devices is expected to grow from $70 billion in 2024 to more than $181 billion by 2030. This means more devices in more industries, from farming to healthcare to transportation. Devices are using more power and data Newer devices have more features — such as high-quality video, built-in AI, and multiple sensors — and these require stronger power supplies and faster connections. Future-ready networks are essential Infrastructure should allow extra capacity for both power and data. This ensures new devices can be added without major changes or delays. Environments vary, so equipment should match the setting Industrial areas, outdoor spaces, and transportation hubs need rugged, reliable equipment that works in extreme conditions and stays secure. Security starts at the network level Built-in protections — like secure architecture, encryption, and physical safeguards — help keep information safe and meet important industry requirements.

Multiple technology trends are transforming the physical access control market. There is a fundamental shift away from physical cards and keys toward digital identities — mobile credentials, digital wallets, biometrics, and cloud-native access platforms. These next generation access solutions are radically reshaping how buildings operate, protect staff, and perform functionally. At the same time, AI and analytics solutions are being layered onto these physical access control systems to support predictive threat detection and behavioral insights. Access data itself is becoming an asset for sustainability, space optimization, and smart building initiatives. Risk, impact operations and experience The annual HID Global Security and Identity Trends Report highlights these and other issues The annual HID Global Security and Identity Trends Report highlights these and other issues. The survey cites improving user convenience as a priority for nearly half of organizations, while 41% are focused on simplifying administration, and 28% struggle with system integration. These are not theoretical challenges, they are day‑to‑day friction points that add cost, increase risk, impact operations and experience, and, of course, must be addressed. HID Global’s commercial focus HID Global’s commercial focus is to help organizations digitize their access control — with mobile identities, biometrics, and cloud platforms — and then to use the data to deliver more value. “We are turning access control from an operational cost into a software-driven asset that improves efficiency, supports Environmental, Social, and Governance (ESG) goals and even creates new revenue opportunities,” says Steven Commander, HID Global’s Head of Consultant Relations. The impact of digital transformation Digital transformation is the method of moving access control from hardware and physical credentials Digital transformation is in the process of moving access control from hardware and physical credentials to a software-driven, integrated experience. The transformation strengthens security while also improving user convenience — transforming the “pavement to the desk” journey. HID enables this shift through mobile credentials, biometrics, cloud-native platforms, and solutions that allow third-party applications to run on door hardware. “This helps customers turn access data into operational and commercial outcomes, while also improving the overall user experience,” says Commander.  Digital transformation in access control is not focused on chasing the latest trends. Rather, transformation is about turning software, data and integration into outcomes that matter to customers, says HID. “Security becomes stronger and more adaptive,” says Commander. “Operations become simpler and more cost‑effective. Experiences become seamless and consistent. Sustainability moves from ambition to action. And the financial case becomes clearer as efficiencies are banked and new value streams emerge.” The challenge of futureproofing with long lifecycles Given that physical security technologies will be in place for 15 to 20 years, it is important to plan for how systems can evolve over time. Considering how rapidly security threats, compliance standards, and user expectations change, 15 to 20 years is a long time. The decisions made at the beginning of a system’s lifecycle can either limit flexibility later (which will be costly) or enable long-term adaptability. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important Choosing products and platforms that are open, interoperable, and designed for updates can enable future-proof projects. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important.  In addition, systems built on open controller platforms — such as Mercury — enable organizations to switch software providers or expand functionality without replacing core door hardware. Architectural openness is key to system lifecycles and maximizing the return on investment (ROI) from a chosen solution. Digital credentials and mobile access Flexibility and upgradeability should also be top of mind when it comes to endpoints like access control readers. While RFID cards are still commonplace, there is a clear trend toward digital credentials and mobile access. Readers that support both allow organizations to transition at their own pace, without committing to a full system overhaul. A long system lifecycle does not mean technology should remain static. Security, particularly cybersecurity, demands more frequent updates. Technologies that support firmware upgrades in the field extend the value of a deployment while helping organizations keep pace with emerging threats. In that sense, lifecycle thinking is not just about longevity — it’s about maintaining resilience and readiness over time. Applying biometrics and mobile identities Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction. Many organizations are now deploying biometrics to support fast, seamless access journeys, with adoption already around 39% in access control according to HID’s recent research.  In addition, 80% of organizations surveyed expect to deploy mobile identities within the next five years. Full technology integration enables tap‑to‑access without opening an app; the user journey becomes faster, safer, and more convenient. “It is where the industry is headed and we are at the vanguard of this,” says Commander.    Ongoing challenge of cybersecurity At HID Global, cybersecurity is embedded into everything, from corporate processes and development practices to the solutions they bring to market. “Our approach ensures that customers can strengthen their overall security posture, not only by deploying secure products but by benefitting from HID’s commitment to the highest industry standards,” says Commander. HID holds multiple globally recognized certifications, including ISO 27001, ISO 14298, SOC Type 2, and CSA STAR, which demonstrate their robust information security and cloud security practices. In addition, HID’s SEOS® secure chipset is independently SEAL-certified, providing one of the most advanced levels of protection available on the market today. “Ultimately, this means organizations are not just purchasing isolated secure products; they are implementing solutions developed and delivered within a comprehensive, cybersecure framework,” says Commander. “When deployed according to best practices, HID solutions enable customers to achieve the highest levels of resilience against evolving physical and cyber threats.” Developing green and sustainable solutions A huge amount of waste is generated from the manufacture of plastic RFID access cards Digital credentials align with the sustainable solutions that everyone wants. A huge amount of waste is generated from the manufacture of plastic RFID access cards. Over 550 million access cards are sold annually. This creates 2,700 tons of plastic waste and 11,400 tons of carbon, based on a PVC card weighing 5 grams.  Therefore, digital credentials self-evidently reduce the reliance on plastic cards (helping reduce carbon emissions by up to 75% according to HID’s research), while leveraging access control system data supports energy optimization by shutting down or reducing systems in unused spaces. Energy use and CO₂ emissions can be cut dramatically, showing how access systems can contribute to sustainability goals and green building certification. What is the latest in smart buildings? Smart buildings increasingly rely on mobile access control as the backbone for digital services. Real-time access data enables new services such as automated room bookings, HVAC control, lift/elevator calling, e-bike hiring, and so on. Smart buildings increasingly rely on mobile access control as the backbone for digital services The financial upside is clear; smart, digitally transformed buildings can deliver around 8% higher yields per square foot versus traditional office space. Operational savings accrue from reduced administration, the removal of card production and shipping, and lighter IT support. This creates a value cycle — better experiences drive adoption, adoption fuels monetization, and monetization funds further improvements. Achieving technology impact in the real world One standout project is One Bangkok – a $3.9 billion mixed-use development in Thailand – which demonstrates the scale of what can be achieved when access control data is used for optimization, particularly when it comes to monitoring facilities usage and occupier behaviors. By switching lights off or lowering the temperature in unused rooms, for example, the One Bangkok building demonstrates this potential with a 22% reduction in energy consumption, saving 17,000 MWh and 9,000 tons of CO₂ annually.  Sustainability is a key factor in contributing to how properties are valued. And sustainability extends far beyond digital credentials having a lower environmental impact than plastic cards.  Buildings with recognized sustainability certifications often command rental premiums of around 6%, and three‑quarters of security decision‑makers now consider environmental impact in their procurement assessments.

The practice of executive protection changed forever on Dec. 4, 2024, when UnitedHealthcare CEO Brian Thompson was shot outside a Manhattan, New York, hotel. The shocking event raised awareness in board rooms around the world about the need for, and challenges of, executive protection. Questions followed immediately, including why was the high-level executive not protected? Combination of risk and reward  UnitedHealthcare’s stock price has gone down more than 20% since the shooting The event also highlighted what is at stake for companies, extending beyond the safety of executives and impacting many factors, even including a company’s stock price. UnitedHealthcare’s stock price has gone down more than 20% since the shooting, equating to tens of billions of dollars. “Companies are considering the combination of risk and reward like never before when it comes to executive protection,” says Glen Kucera, President of Allied Universal Enhanced Protection Services. “What are the chances this could happen? Before Dec. 4 many thought it was zero. And what are the financial implications for a company if it happens? Executive protection is a small investment to protect against a worst-case scenario.” Evaluation of an executive protection  Before the UnitedHealthcare shooting raised awareness, fewer than 50% of executives had protection. But concerns that previously fell on deaf ears now have the full attention of companies, says Kucera. “Boards of directors are having to figure this out,” he adds. “They may not have executive protection, but now they have to do it.” A threat assessment, conducted by a company such as Allied Universal, provides an independent evaluation of a company’s executive protection needs. The assessment evaluates factors such as an executive’s travel habits, the safety of their home, etc. Does the executive need protection 24/7, or just when they travel into more dangerous areas? Risks increase related to corporate earnings Sometimes, cases increase the need for executive protection, such as an internal threat In assessing threats, security professionals also look beyond the individual to consider the safety of a corporate facility, for example. “Is there a visual deterrent, controlling who comes and goes?” asks Kucera. “If there is good security, it all ties together. We do home assessment, facility assessment, route assessment, and travel assessment as needed.” Sometimes, circumstances increase the need for executive protection, such as an internal threat. Timing is a factor, and risks increase related to corporate earnings releases, new product announcements, and corporate layoffs or consolidation. Monitoring social media tracks shifting threats that impact the need for executive protection. UnitedHealthcare shooting  “He didn’t have it and probably didn’t think he needed it,” comments Kucera about the UnitedHealthcare executive who was gunned down in the streets of New York City. “He was staying at the hotel across the street and was used to walking down the street every day.” “Sometimes executives want to preserve their privacy and be able to walk down the street,” says Kucera. “Getting protection can be seen as a sign of weakness. Some CEOs in the past have said they just didn’t want it.” However, the UnitedHealthcare shooting raised the stakes of the need for more vigilance. “The bottom line is you have to yet beyond objections and make the investment to protect against a worst-case scenario,” says Kucera. Anti-capitalist sentiment in the general population An internal police bulletin warned of an online hit list naming eight executives and their salaries Threats to executives sometimes arise from anti-capitalist sentiment in the general population about perceived inequalities in wealth and power. Executives provide symbolic targets for anyone who fights the system, and social media has amplified the voices of those who oppose capitalism.  For example, a "Most Wanted CEO” card deck seeks to shine a spotlight on "titans of greed." Also, in the aftermath of the UnitedHealthcare shooting, CEO "wanted" posters appeared across New York City, threatening various executives of large companies. An internal police bulletin warned of an online hit list naming eight executives and their salaries. Careful monitoring of social media posts Careful monitoring of social media posts and other sources enables executive protection professionals to analyze data and separate the dangerous threats from the merely negative ones. Sadly, positive support of the UnitedHealthcare shooting was expressed by the 300,000 or so followers of the shooter, who became a celebrity of sorts. A huge outcry of negative sentiment toward the insurance industry led to fear that copycat incidents might occur. “There has been an unprecedented amount of positive support for committing murder,” commented Kucera. Executive protection requests HR executives can be at risk, especially at a time of layoffs or consolidation “Let’s face it, there has been a lot of controversy, from COVID to the Middle East crisis, to the political campaign, and there is negativity on both sides,” says Kucera. “People have opportunities to pick sides, and there is a lot of sentiment going both ways, and there is a small percentage of people who will act aggressively.” Executive protection requests now extend beyond the CEO to include others in the management ranks of companies. Basically, any public-facing executive is at risk, including anyone who makes statements to the press. Human resource (HR) executives can be at risk, especially at a time of layoffs or consolidation.   Private information on the Internet Typically, an executive is assigned a single armed operative for protection. The firearm serves primarily as a visual deterrent that hopefully makes a potential perpetrator think twice. “When they plan an event like this, their expectation is that it will be a soft target,” says Kucera. “If there is an officer, it gives them pause.” Controversial or high-profile CEOs are typically protected 24/7, including when they travel with their family. Adding risks is the fact that private information is now posted on the Internet, including where an executive lives and where their children go to school. Internet monitoring  Internet monitoring also includes the “dark web,” which includes sometimes dangerous information “We offer social media monitoring, and we advise them to be more careful with what they post,” says Kucera. “We monitor reactions to posts including any that might be threatening. We watch social media carefully if a company announces earnings or a change in their service or product offering.” Internet monitoring also includes the “dark web,” which includes sometimes dangerous information that is intentionally hidden and requires specific software, configurations, or authorization to access.   Own layer of protection Public and government officials can also come under fire in a variety of scenarios. FEMA officials faced threats after the recent floods in the Southeast, for example, among other situations where perceived unfair treatment promotes thoughts of retribution.  Although government agencies have their own layer of protection, there are instances when they call on companies such as Allied Universal for additional help.  Ad hoc protection for various executives In the aftermath of the UnitedHealthcare shooting, calls to Allied Universal’s Command Center increased by 600%, reflecting requests for ad hoc protection for various executives.  These requests are in addition to the company’s business providing “embedded” operatives that travel with executives all or some of the time. On that side of the business, requests for services are up probably 300%, says Kucera.

As the pioneering security event in the United States, ISC West is truly the global focal point for bringing together professionals across the physical and cybersecurity landscape. The event seeks to showcase innovation in security technology, nurture professional development, and explore the security implications of today’s connected world. Future of security  With the growth of cybersecurity programming and the established Cybersecurity & Connected Internet of Things (IoT) pavilion, ISC West is addressing the future of security head-on. “As the lines between the digital and physical worlds blur, collaboration and shared learning among defenders have never been more critical,” says Mary Beth Shaughnessy, Event Vice President at RX USA, who oversees all aspects of the ISC brand. Shaughnessy previews what’s new at ISC West 2025 and shares other insights in our interview. Q: For long-time attendees at ISC West, what will be the biggest surprise at the 2025 show? Shaughnessy: Long-time attendees know to expect top-tier educational content through the SIA Education@ISC West program (produced by the Security Industry Association (SIA)) in addition to cutting-edge security innovations showcased by 700+ exhibitors. New this year is our focus on technology, training, and education around cyber-physical threats. In today’s connected world, physical and cybersecurity defenders must take a unified, holistic approach to protecting their people, assets, and data. ISC West serves as a bridge between those two worlds, helping organizations tackle the complex security landscape. Q: Presenting a high-profile music concert as part of ISC West is a fun value-add for attendees. Describe how this feature has been embraced by longtime attendees, and the plans for 2025. Shaughnessy: We’re thrilled to announce that the legendary Gin Blossoms will headline the ISC West Concert, sponsored by Wavelynx. This tradition began last year and became a celebrated highlight, offering professionals a chance to unwind and connect with colleagues and peers after a productive day on the show floor. When choosing a performer, we focus on acts that resonate across generations, making the experience both entertaining and memorable for our diverse audience. We are excited to continue this fun and exciting event and networking opportunity. Q: In the past, the education program at ISC West has been seen as secondary to the Expo event. How have you sought to increase the profile of the education program, and what new features will attract more attendees in 2025?   Shaughnessy: We’ve expanded the SIA Education@ISC programming from three to four days, now beginning two days before the expo hall opens. These dedicated education days ensure professionals can engage in thoughtful discussions and gain actionable insights without overlapping with the Expo. This year, we’re proud to partner with RSA to introduce a new “IT for Security Professionals” track while also offering our core tracks, including AI & Digital Transformation, Critical Infrastructure & Data Protection, Cybersecurity & IT, InfraGard National Members Alliance @ ISC, and Video Surveillance. We will also be welcoming powerful keynote speakers — Rachel Wilson, Director of Cybersecurity, Morgan Stanley Wealth Management; Will Bernhjelm, Vice President of Security, Mall of America; and Kate Maxwell, Chief Technology Officer, Worldwide Defense & Intelligence, Microsoft. Q: What else is “new” at ISC West in 2025? Shaughnessy: Our educational programming has grown significantly — this year’s SIA Education@ISC program is our most extensive yet, offering more than 115 sessions led by over 200 distinguished experts. With broader and deeper topics, the program emphasizes the critical convergence of cyber and physical security, providing unparalleled insights for today’s security professionals. We are also significantly ramping up our cybersecurity offerings and expect to have more than 50 exhibitors in our Cybersecurity & Connected IoT pavilion with names such as Entrust and Ontic. Q: Networking is a critical aspect of ISC West. How are show organizers working to increase networking opportunities? Shaughnessy: Networking remains a top priority at ISC West, with countless opportunities to build valuable connections. Professionals can join peers at popular spots like The Bridge, The Cyber Hub, and the Career Zone (sponsored by: TEECOM). These spaces offer the chance to learn from industry experts, explore the challenges and innovations shaping the security workforce, and engage in dynamic discussions with peers. Also, returning by popular demand, the ISC West Concert, proudly sponsored by Wavelynx, delivers a vibrant evening of music and networking in a relaxed atmosphere. Together, these experiences ensure networking at ISC West is both impactful and memorable. Q: What is the biggest challenge for organizers of ISC West (and related events), and how are the organizers seeking to address the challenges? Shaughnessy: As with most events, there is a lot of pressure on organizers to ensure there’s “something for everyone,” add meaningful value, and introduce fresh, exciting features. At ISC West, we work to raise the bar each year by expanding our content with more thought pioneers, showcasing a broader range of innovative technologies, and fostering additional networking opportunities. Achieving top-quality results is no small task — it demands careful planning, collaboration, and a dedication to continuous improvement. This means actively listening to the needs of our attendees and exhibitors, staying ahead of industry trends, and ensuring we provide an experience that informs, inspires, and connects the security community.

Colt Technology Services (Colt), the global digital infrastructure company, released the key enterprise technology and market trends it expects to dominate the CIO agenda in 2026. Based on customer insights, market intelligence and its own proprietary research, Colt anticipates AI Inference, the evolution of NaaS to ‘NaaS 2.0’ and quantum-safe security to shape the technology landscape over the next 12 months. Ever-changing regulatory environment “CIOs will continue to face headwinds in 2026 as they balance complex business transformation programs at scale – often centered around AI – with ongoing cost-reduction programs in an ever-changing regulatory environment,” said Buddy Bayer, chief operating officer, Colt Technology Services. “But there’s huge opportunity too: AI programs are beginning to mature, digital infrastructure has greater capacity than ever before, and we’re seeing an evolution of solutions like NaaS which are reshaping our digital experiences. It’s an exciting time and, at Colt, we’re leading the way for our customers.” New ways to generate ROI from AI Businesses continue to drive major investments in AI, but ROI, value creation and monetization are proving elusive. Colt’s research finds one in five global firms spend US$750,000 annually on AI while 95% of the respondents in a recent MIT report study see no return on their investments. This misalignment between spending and measurable returns will shrink in 2026, as AI projects mature and begin to generate ROI, and as businesses find new ways to create value from AI. More vendors will build in AI maturity assessments and structured ROI models to help businesses define, track and quantify value across their AI tools. AI inference and Agentic AI 2026 will see AI inferencing reaching the next level of maturity, shifting from experimentation to integration into the enterprise IT environment, extracting insight, making predictions, and enabling smarter, context-aware decisions in real-time. McKinsey expects AI inference to account for a majority of AI workloads by 2030. This won’t just be limited to enterprises: Agentic AI, driven by inference, will be the force behind the automation and digitalization of day-to-day consumer tasks from privacy management and healthcare to scheduling assistance and management of household chores, according to research from the IEEE. AI Wide Area Networking (WAN) Many of Colt’s conversations with customers center around digital infrastructure’s ability to manage and optimize the performance, latency and security needed for AI workloads. AI WAN moves the conversation towards software-driven wide area networks, built for AI workloads, which dynamically manage AI traffic for peak performance and ensure application-level security of critical data. Innovation in sustainable networking technologies Similarly, AI workloads transmitted over transatlantic cables will grow in 2026 and are projected to surge from just 8% of total capacity in 2025 to 30% by 20351, placing additional strain on global network routes. Innovative tech trials and global partnerships are pioneering technologies which boost performance without increasing energy consumption or carbon emissions. Sovereign AI As nations grow their AI investments and regulations around AI governance come into force across many of the world’s major economies, sovereign AI is gaining momentum. It will rise up the CIO’s agenda as countries and organizations build and run their own AI systems using their own data, infrastructure, people, and rules. Sovereign AI is becoming more prevalent and increasingly important as nations look to stay in control of their technology, protect their data, and stay resilient in a world increasingly shaped by AI. NaaS 2.0 The NaaS market continues to grow, driven by a number of factors from AI, edge computing and cloud adoption to enterprises’ need to build in flexibility as they navigate dynamic global markets. Colt research found 58% of the 1500 CIOs it questioned said they were increasing their use of NaaS features due to growing AI demands.  In 2026 and beyond, people will see NaaS evolve to meet the demands of the AI era, moving beyond its traditional role in supporting digital experiences. The next generation of NaaS will be intelligent, automated, and outcome-focused, designed to deliver real-time performance, adaptability, and autonomy for AI-driven enterprises. Quantum security Rise in quantum security investment as Q Day gets nearer CIOs are under constant pressure to protect their data and infrastructure from emerging risk, and as governments and businesses develop a deeper understanding of quantum’s power and potential, attention and investment turn to quantum security. In its 2026 Technology and Security Predictions report2, Forrester forecasts that quantum security spending will exceed 5% of enterprises’ overall IT budget next year, while a report from The Quantum Insider estimates the quantum security market to grow at over 50% CAGR to 2030, reaching $10 billion. Traditional data cryptography methods are at risk of being deciphered by quantum computers. The point at when this happens is known as Q Day, and latest estimates suggest it could come as soon as 2030. Technologies such as post-quantum cryptography (PQC) and quantum key distribution (QKD) protect traffic from this risk as it travels across a network. 2026 will bring developments, trials and innovation in protecting data from quantum risk. Low Earth Orbit technologies – and quantum 2026 is set to be a breakthrough year for Low Earth Orbit satellites, with organizations launching new satellites and new services. These services are a vital part of global telecoms infrastructure, providing connectivity in underserved or rural areas, and providing resiliency to businesses looking for back-up options for their enterprise infrastructure. Colt is looking to trial low earth orbit satellite connectivity for quantum key distribution: this will enable secure and protected exchange of symmetric encryption keys using quantum technology, while overcoming the distance limitations of terrestrial connectivity. 2026 will see Colt and partners trialing space-based and subsea techniques which extend quantum security to global networks. Hybrid cloud computing models 2026 will see multi cloud models becoming the default, as enterprises look for more ways to build in flexibility and resilience to their infrastructure and move beyond single-provider strategies. Increasingly, APIs and secure interconnects between providers and hyperscalers are streamlined, complementary and competitive in pricing terms and accessible through aggregators. Edge computing will continue to grow through 2026 and beyond, driven by factors such as AI inference expansion, the rise in real-time analytics, and increasing data sovereignty requirements. Next-generation cloud providers Next-generation cloud providers are prioritizing deployment of infrastructure at the edge, processing data closer to where it’s generated, while hyperscalers focus on scale and compute power in centralized locations. Both strategies are needed and complementary: Edge requires highly distributed, localized infrastructure which complements centralized cloud, used for heavy compute and storage.  As demand for Edge grows in 2026 and beyond – one forecast estimates a CAGR of 33.0% from 2025 to 2033 -  expect rising demand for distributed architectures across new geographies. Tighter regulatory frameworks In 2026, expect to see a slew of reporting obligations, regulations, strategies and guidelines impacting CIOs, particularly in AI and cybersecurity. Most of the obligations under the EU AI Act will apply from 2 August 2026, while implementation of certain requirements for high-risk AI systems may be postponed. Reporting obligations for the EU Cyber Resilience Act are expected from September 2026, with phased obligations continuing from September 2026 onward under the EU Data Act. Cyber Security and Resilience Bill Peolpe also see the ISO/IEC 42001:2023 global standard for AI governance, which will lead CIOs and CAIOs to integrate AI governance into enterprise architecture and procurement decisions, as well as operational impacts for the Digital Services Act and the Digital Markets Act. In the UK, all eyes will be on the Cyber Security and Resilience Bill, while across Asia, Japan will see the impact of its AI Promotion Act and major initiatives following Singapore’s National AI Strategy 2.0 (NAIS 2.0) are also expected to come into effect in 2026.

Absolute Security, a pioneer in enterprise cyber resilience, announced it is the only provider named as both a Leader and Outperformer in the 2025 GigaOm Radar for Patch Management Solutions.  In the report, Cybersecurity Analyst Stan Wisseman recognized Absolute Security with both Superior and Exceptional ratings for its platform that delivers a unified, automated, and resilient solution used by enterprises, Managed Services Providers (MSPs), and Managed Security Services Providers (MSSPs) to address critical patch management use cases. Secure Endpoint integrated product suite In the Radar, GigaOm highlights that “Absolute Security delivers a differentiated approach to patch management with Absolute Resilience for Automation, its most advanced edition of the Secure Endpoint integrated product suite." "It combines automated remediation, patch orchestration, and endpoint visibility with firmware-embedded persistence, a patented capability that maintains a tamper-proof connection to devices even after OS corruption, reimaging, or factory reset. This persistent architecture is especially valuable in distributed, hybrid, and high-security environments, where continuous control is paramount.” Software security and risk exposures According to the Absolute Security Resilience Risk Index 2025, organizations run behind on patching an average of 56 days. Although organizations set their own patching schedules, this is well beyond the accepted 30-day standard set by organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) and dangerously outside of the one-to-seven days it takes threat actors in many cases to exploit vulnerabilities, as noted in the Index.  With Absolute Security, customers can quickly and easily automate patching and vulnerability remediation across their distributed endpoint fleets to quickly close software security and risk exposures that lead to productivity losses and lead to extended downtime. Advantage of vulnerable software “Threat actors know the fastest and easiest way to breach systems, steal data, and disrupt business operations is by taking advantage of vulnerable software,” said Ashley Leonard, SVP, Product Management, Absolute Security. “The best way to stop downtime is to avoid exposure in the first place—a key element of any resilience strategy. With this validation from GigaOm, customers are further assured that Absolute Security’s resilient and automated patching and remediation solution is helping them to proactively stay ahead of threats, incidents, our outages.” Absolute Security patch management solution According to the Radar, the Absolute Security patch management solution earned leadership status based on several key differentiators: Staged Patch Testing and Deployment: GigaOm recognized Absolute Security’s capabilities that offer staged patch rollouts with rollback logic and dynamic health checks to reduce risk prior to full deployment. In addition, real-time telemetry helps validate patch status and trigger fallback actions when required. Policy Automation and Customization: GigaOm highlighted Absolute Security’s patching logic that uses attributes such as device role, compliance posture, or geographic location. Policies can suppress reboots, enforce blackout windows, and handle exceptions. In addition, custom risk scoring enables IT to align patch management with their organization’s business priorities. Workflow Integrations: GigaOm emphasized Absolute Security’s granular integrations with platforms such as ServiceNow, ConnectWise, and CMDBs through a bidirectional public API to streamline patch operations. Integrations support SLA tracking, approval chains, and incident response handoffs—bridging IT and SecOps workflows to reduce mean time to remediation (MTTR).

St John’s College, one of the historic colleges of the University of Oxford, has significantly strengthened its cybersecurity posture with the implementation of a Managed Vulnerability Management (MVM) program delivered by long-term partner ANSecurity. Founded in 1555, St John’s supports a diverse community of more than 600 students, a large number of staff and over 100 academic fellows across multiple sites in Oxford. With a small in-house IT team and growing cyber threats, the college needed a proactive solution to improve visibility, reduce risks, and free up internal resources. MVM service After more than 13 years of collaboration, the college turned to ANSecurity to design and deploy an MVM service built on Tenable Nessus. The service includes daily credentialed scans, automated vulnerability notifications, remediation validation, and monthly strategic reviews with ANSecurity consultants. Measurable results Since launching the program in May, St John’s College has achieved: Over 50% reduction in critical and high-severity vulnerabilities Resolution of systemic issues such as broken Windows Updates, unsupported software, and weak cipher suite configurations Improved ability to challenge vendors using outdated or insecure systems Strategic resource allocation, allowing IT staff to focus on high-impact security tasks Matt Jennings, IT Manager at St John’s College Oxford said: “This service has freed up internal resources and helped us stop playing ‘whack-a-mole’ with vulnerabilities. We now know what to focus on, and how to do it. The support from ANSecurity has been invaluable in helping us become more strategic and effective.” Proactive cycle of risk management The program has also introduced a proactive cycle of risk management, with daily monitoring of public-facing systems, monthly vulnerability summaries, and overnight verification of patch updates. St John’s College has worked with ANSecurity since 2013 on projects including firewall replacements, wireless network deployments, and strategic consultancy. The MVM program marks the latest step in the college’s modernization of its cybersecurity defenses. Matt Jennings added: “ANSecurity have always been responsive, professional, and understanding of our requirements. Their engineers are not only experts in their field, but also able to explain complicated issues clearly. We look forward to working with them for many years to come.”

DFNBG Gastro GmbH & Co. KG, operator of 48 Dunkin' branches and other catering establishments in Germany, has migrated to the MOBOTIX CLOUD for the central management of its video surveillance. DFNBG partnered with MOBOTIX Diamond Partner VALEO IT Neteye GmbH for more than ten years, who have implemented and continuously optimized secure and efficient MOBOTIX video solutions in the 48 Dunkin' branches. Data protection regulations The operation of local storage systems was proving particularly difficult in shopping centers Due to the strong growth of DFNBG, the demands on the existing video management system increased. The local storage of video data became increasingly complex - both in terms of data protection regulations and the management of access rights.  The operation of local storage systems was proving particularly difficult in shopping centers. The solution: a gradual migration from local NAS storage to the data protection-compliant MOBOTIX CLOUD. Access management and GDPR: the MOBOTIX CLOUD as a solution The MOBOTIX CLOUD video surveillance-as-a-service (VSaaS) offering allows users to conveniently control their cameras via a free app. The recorded videos are stored in highly available and cyber-secure data centers located close to the user. This ensures data protection-compliant storage in accordance with the GDPR. Intelligent camera technology A key advantage of the MOBOTIX CLOUD is the combination of intelligent camera technology A key advantage of the MOBOTIX CLOUD is the combination of intelligent camera technology and a powerful cloud platform. The cameras analyze events on site and only transfer relevant data to the cloud. This minimizes bandwidth requirements while maintaining the highest security standards.  MOBOTIX Bridge Communication between the cameras and the cloud takes place via the MOBOTIX Bridge, a highly secure connection unit that ensures protected data transmission.  The cloud solution also eliminates the need to operate separate server rooms with high security standards on site - a clear advantage for branches in shopping centers or high-traffic locations. DFNBG can control access rights  Around half of the Dunkin' branches have already been converted to the MOBOTIX CLOUD Cloud data is managed directly by the users themselves. This means that companies such as DFNBG can control their access rights centrally without having to create individual solutions for each branch. “It was clear to us that the system is secure - including cyber-secure - and exceeds our requirements. But the central management of all access rights really saves us time and money,” says Harry Taubert, Construction & Development Manager at DFNBG. Around half of the Dunkin' branches have already been converted to the MOBOTIX CLOUD, and the remaining locations will follow successively. VALEO IT Neteye: MOBOTIX Partner for innovative video solutions As a long-standing MOBOTIX Diamond Partner and one of the largest integrators of MOBOTIX systems in Germany, VALEO IT Neteye has been instrumental in delivering customized, future-ready surveillance solutions to DFNBG. VALEO IT Neteye also offers full-service training to DFNBG to ensure everyone stays up to date with industry changes. “We only offer our customers MOBOTIX solutions because we are absolutely convinced of the quality and durability of the products manufactured in Germany,” explains Norbert von Breidbach-Bürresheim, Managing Director of VALEO IT Neteye.

Installing physical security systems requires integrating diverse technologies (e.g., cameras, access control, alarms) that often use different protocols and must be adapted to a building's unique physical layout and legacy infrastructure.  Specialized technical expertise is required for seamless networking and proper configuration. Hopefully, no important factors are overlooked in the installation process. We asked our Expert Panel Roundtable: What is the most overlooked factor when installing physical security systems?

Physical security and cybersecurity are deeply intertwined in today’s systems. A weakness in one realm can quickly lead to a breach in the other, and vice versa. However, given the symbiotic relationship, why do physical security systems so often fall short when it comes to cybersecurity protection? We asked our Expert Panel Roundtable: Why does cybersecurity continue to be a weak link for physical security systems?

In the past, security installers and integrators were used almost exclusively to install hardware. However, the role is changing and expanding along with the technologies used in the physical security industry. Nowadays, an installer or systems integrator is much more likely to use a strategic, IT-centric, and data-driven approach. To gain additional insights, we asked our Expert Panel Roundtable: How is the role of the security installer/integrator changing?