Data Security

WatchGuard has revealed its top six cybersecurity predictions for 2026, forecasting a year where AI-driven threats, regulatory pressures, and the decline of legacy tools will reshape the security landscape. Corey Nachreiner, chief security officer at WatchGuard Technologies, emphasizes that organizations must prepare for rapid evolution in both attack methods and defensive strategies. Crypto-ransomware goes extinct  In 2026, crypto-ransomware will effectively go extinct, as threat actors abandon encryption and focus on data theft and extortion. Organizations have significantly improved their data backup and restoration capabilities, meaning they’re more likely to recover from a traditional crypto-ransomware attack without having to pay the extortion demands. Instead, cyber criminals simply steal data, threaten to leak it and even report victims to regulators or insurance companies to increase pressure. Encryption no longer pays off; the real leverage will now come from exposure.  OSS box indexes will leverage AI to defend against supply chain attacks  If the surge of attacks against open-source package repositories like NPM and PyPI has taught security teams anything, it’s that open source is under siege. It’s a losing battle and traditional security controls, such as tighter authentication and shorter token lifetimes, can’t keep up.  In 2026, open-source package repositories will adopt automated, AI-driven defenses to fight back against a growing wave of supply chain attacks. To keep up with this significant and persistent threat, these repositories will become early adopters of automated SOC-style systems for their own applications, enabling them to detect and respond to attacks in real-time.  CRA reporting needs finally incentivize secure by design principals  In 2026, the EU Cyber Resilience Act (CRA) will finally become the market force that drives adoption of secure-by-design principles. With the first phase going into effect in September 2026, software manufacturers selling into the EU must report actively exploited vulnerabilities and security incidents within 24 hours. This is the most aggressive reporting requirement yet. While the initial rollout will likely be chaotic as companies scramble to comply and more of their weaknesses are exposed, it will ultimately create a lasting incentive to build security into products from the start. At the same time, overlapping global regulations will reveal competing frameworks and contradictions, forcing organizations to navigate an increasingly complex web of compliance.   First breach carried out by autonomous, agentic AI tools in 2026   In 2025, WatchGuard predicted that multi-modal AI tools would be able to carry out every aspect of the attackers’ cyber kill chain, which proved to be true. 2026 will mark the year AI stops just assisting cybercriminals and starts attacking on its own. From reconnaissance and vulnerability scanning to lateral movement and exfiltration, these autonomous systems can orchestrate an entire breach at machine speed.   The first end-to-end AI-executed breach will serve as a wake-up call for defenders who have underestimated the speed at which generative and reasoning AIs evolve from tools into operators. The same capabilities that help businesses automate security workflows are being weaponised to outpace them. Organizations must fight fire with fire: only AI-driven defense tools that detect, analyze and remediate at the same velocity as attacker AIs will stand a chance.  The fall of VPN and remote access tools will lead to the rise of ZTNA  Traditional Virtual Private Networks (VPNs) and remote access tools are among the top targets for attackers due to the loss, theft, and reuse of credentials, combined with the common lack of multi-factor authentication (MFA). It doesn’t matter how secure VPNs are from a technical perspective; if an attacker can log in as one of your trusted users, the VPN becomes a backdoor giving them access to all your resources by default. At least one-third of 2026 breaches will be due to weaknesses and misconfigurations in legacy remote access and VPN tools. Threat actors have specifically targeted VPN access ports over the past two years, either stealing users’ credentials or exploiting vulnerabilities in specific VPN products. As a result, 2026 will also be the year when SMBs begin to operationalize ZTNA tools because it removes the need to expose a potentially vulnerable VPN port to the internet. The ZTNA provider takes ownership of securing the service through their cloud platform, and ZTNA does not give every user access to every internal network. Rather, it allows you to grant individual user groups access to only the internal services they need to perform their jobs, thereby limiting the potential damage.  AI expertise becomes a required skill for cybersecurity  It's nearly the dawn of a new era where cyber offense and defense will take place on an AI battleground. Attackers are already experimenting with automated, adaptive and self-learning tools. Defenders who can’t match that level of speed and precision will be outgunned before they know they’re under fire. To survive, security professionals must go beyond simple understanding of AI toward mastery of its capabilities and harness it to automate detection and response while anticipating the new vulnerabilities it creates. By next year, AI literacy won’t just be a nice addition to a résumé, it’ll be table stakes, with interviewers diving in on practical applications of AI for cyber defense.

Panaseer, the pioneer in Continuous Controls Monitoring (CCM), announced the Panaseer IQ Suite, a new family of GenAI-powered tools designed for organizations who are facing growing attack surfaces and attackers using AI to increase their reach and focus. By turning cybersecurity controls data into actionable remediation across the enterprise, the IQ suite empowers security teams to take a more proactive, risk-driven approach. Panaseer CCM platform The IQ Suite builds on the Panaseer Continuous Controls Monitoring (CCM) platform’s existing capability to measure hundreds of metrics and control domains. Using generative AI, the IQ Suite explains changes to risk metrics, why they matter, and gives comprehensive next steps in natural language. Remediation advice for each metric, dashboard and scorecard includes a forecast of any action’s impact on the organization’s overall risk profile. This gives security teams a clear path to pre-emptive risk management – continuously surfacing and closing the control gaps driving risks before they can be exploited – and the ability to proactively fight back against an evolving threat and regulatory landscape. Debating cybersecurity data “As cyber programs scale, the constraint isn’t data anymore – it’s the capacity to turn that data into aligned, defensible decisions,” said Marc Moesse, chief product officer at Panaseer. “Our customers and the wider market are clear: they need to spend less time debating cybersecurity data and more time reducing risk. IQ Suite is our answer to that challenge. It takes the single system of record Panaseer already provides and layers it with context and solutions. This acts as a force multiplier so security teams can make smarter, faster, data‑driven decisions and focus their efforts where it really matters.” How it works: one intelligence layer, three views The IQ Suite applies the same GenAI-powered interpretation engine across Panaseer’s metric, dashboard and scorecard views, so every user sees guidance that fits their role, anchored in a single, consistent source of truth. For each view, the product automatically summarizes recent performance, highlights trends and anomalies, and generates contextual recommendations tied to business priorities and control objectives. Key capabilities across the IQ Suite Translating comprehensive data into contextual summaries that explain what changed, when it changed and which controls or assets are involved. Highlighting trends, anomalies and threshold breaches that require attention, so teams can distinguish meaningful shifts from background noise. Recommending practical next steps aligned to business criticality, risk appetite and defined thresholds, helping teams act quickly and consistently. Providing drill-down paths into the underlying data for deeper investigation, preserving transparency and analyst trust. Generating concise, report‑ready text that can be reused in emails, board packs, risk committees and audit reports. For CISOs, ScorecardIQ gives visibility into what the organization can realistically achieve and confidence that security improvements are aligned to the business’s key controls. It offers a high-level, executive view of risk to be presented to board members, key stakeholders and the executive risk team (ERT) on strategic security initiatives, such as compliance or cloud security, and suggests remediations to improve the organization’s overall risk profile. For security managers, DashboardIQ distributes guidance across the team, so everyone operates from the same priorities. It analyses individual security initiatives at a deeper level than Scorecard IQ, such as vulnerability and patch controls. DashboardIQ can then show what has driven changes in risk profile and offer remediation options, including clearly indicating how each action will affect the overall risk score. For security analysts, MetricIQ opens every investigation with a clear narrative and proposed actions instead of an overwhelming screen of raw data. It is the deepest layer of the IQ suite, analyzing individual security control metrics such as whether servers have been scanned for a vulnerability, before offering the same remediation and prioritization capabilities as DashboardIQ. Integrated capabilities within the Panaseer CCM platform “As environments become more complex and regulated, security teams face competing priorities while attackers use AI to automate reconnaissance and launch targeted campaign,” Moesse continues. “Teams are left reactive and exposed as boards push for clearer, data-driven assurance on cyber and AI risk, but they don’t have the resources to continuously monitor controls performance or prioritize remediation. At all levels organizations need a single, trusted system of record that allows stakeholders to align on acceptable risk and accurately assign responsibility and accountability. This is a vital first step in using AI-driven insights to identify and address the most critical issues, reducing risk rapidly and efficiently.” Panaseer IQ Suite is available to new and existing Panaseer customers, with MetricIQ, DashboardIQ and ScorecardIQ delivered as integrated capabilities within the Panaseer CCM platform.

BlackFog, the pioneer in AI-based anti data exfiltration (ADX) technology, announces the availability of its newest solution, ADX Vision. Designed to secure every endpoint and every LLM interaction, ADX Vision delivers the visibility and control organizations need to manage AI securely. Operating directly on the device, it detects shadow AI activity, prevents unauthorized data movement in real-time, and enforces governance policies automatically, all without disrupting productivity. Increased regulatory scrutiny The launch comes as organizations rapidly adopt AI tools to drive innovation and employees leverage LLMs to boost productivity. The unchecked use of unvetted AI applications is creating hidden channels for data exfiltration, exposing companies to the loss of intellectual property, confidential information, and increased regulatory scrutiny. With AI systems capable of capturing, storing, and learning from enterprise data outside of approved security controls, shadow AI has quickly become one of the most significant - and least understood - drivers of data loss today. Potential data privacy risks New findings from a BlackFog survey of 2,000 employees underscore the scale of this risk. Nearly half (49%) of respondents reported using AI tools not sanctioned by their employer at work. The research also reveals gaps in awareness of data privacy: only 53% of employees understand how the data they input into AI tools is saved, analysed, or stored. Yet, 71% believe the productivity benefits of using unapproved AI tools at work outweigh the potential data privacy risks. “As AI adoption accelerates, so does the risk of data loss through unmonitored tools. This research highlights the extent of that risk and the critical need for organizations to protect the data flowing through AI systems,” said Dr Darren Williams, CEO and Founder of BlackFog. Preventing data exfiltration “Preventing data exfiltration has been at the core of our mission from day one, and we’ve consistently adapted our technology to stay ahead of emerging threats. ADX Vision is the next step in that journey, offering unmatched visibility into shadow AI activity so organizations can protect their data with confidence.” ADX Vision delivers unified insights across the enterprise and the confidence that sensitive information stays protected. ADX Vision is available now for Windows, with support for macOS and Linux available in early 2026.

Wachter, Inc., a premier technology solutions integrator and innovator, proudly announces the appointment of James Stark as Business Development and Strategic Innovation Lead. With over 30 years of distinguished experience across various sectors, James is set to spearhead transformative initiatives that will enhance Wachter’s offerings for clients nationwide. A thought leader and respected speaker, Stark has graced national media platforms and industry conferences, sharing insights shaped by a broad career that includes executive roles at major organizations such as Neiman Marcus and Pier 1 Imports. Major cloud hyperscalers His recent experience engaging with major cloud hyperscalers and AI companies, including Google, coupled with his deep technical expertise spanning the software and hardware platforms that enable AI and advanced analytics, provides invaluable market insights that will guide Wachter's innovative national strategies.  “Wachter is the industry’s best-kept secret,” Stark states, emphasising the company's unparalleled approach to end-to-end solutions. “They excel beyond basic integration by seamlessly incorporating IoT, AI, and connected technologies at scale. My goal here is to bridge gaps for businesses, driving performance across the enterprise by leveraging business intelligence not just for security, but for optimizing operations and elevating the customer experience with intelligent, connected solutions that truly work in the real world.” Wachter’s vision for the future Matt Tyler, Vice President of Innovation & Business Development at Wachter, highlights the significance of Stark’s appointment: “James embodies an exceptional blend of business acumen, loss prevention expertise, and technological insight. His notable background with industry giants like Google and Meta enhances his capability to align strategy with client needs and significantly elevates how we serve our customers. His deep-rooted industry connections and passion for innovation make him an invaluable asset to our leadership team.” In his new role, James will drive Wachter’s innovation strategy, ensuring that cutting-edge solutions remain at the forefront while strengthening partnerships and enhancing client support across various sectors. Complex security solutions His key responsibilities include: Designing integrated solutions that address loss prevention, IoT, AI/analytics, networking, and system modernization challenges. Collaborating closely with engineering and deployment teams to bring complex security solutions to fruition. Evolving Wachter’s business development to focus on ecosystem-driven solutions tailored to the needs of diverse industries. Fostering collaborative ideation with clients to overcome operational, security, and experiential challenges. As organizations increasingly invest in AI-driven analytics, connectivity, and operational efficiency, Stark’s extensive experience positions Wachter as a key player in the dynamic transformation of technology integration. His leadership reinforces Wachter’s unwavering commitment to delivering smart, scalable, and future-ready solutions that meet evolving market demands.

Magenta Security Services marked its 30th anniversary in style last night at the Security & Fire Excellence Awards, where the company was named Security & Fire Sustainability Champion for the third year running. The Security & Fire Awards for Excellence are recognized across the sector as a benchmark for outstanding performance, innovation and best practice in both security and fire. The Sustainability Champion category honors organizations that demonstrate leadership in environmental responsibility and long-term commitment to sustainable operations. Magenta first secured the title in 2023 and retained it in 2024 before completing the hat trick in 2025. Security and sustainability “Winning the Sustainability Champion title for the third year in a row, while celebrating 30 years in business, is an incredible milestone for everyone at Magenta,” said Abbey Petkar, Managing Director of Magenta Security Services. “From the very beginning we believed that security and sustainability must go hand in hand. This recognition shows that our approach is working for our clients, our people and the planet.” Magenta’s sustainability journey Magenta’s sustainability journey is woven through its three decades in business. The company was one of the first security providers to certify to ISO 14001, embedding environmental management into its core operations rather than treating it as an add-on. That discipline enabled Magenta to reach carbon zero status in 2022, three years ahead of its public 2025 target and without relying on offsetting. Key measures include a fully electric fleet supported by on-site solar charging at its headquarters, a switch to 100 per cent renewable electricity across its estate, deep energy-efficiency upgrades and a fully paperless office environment that saves more than 150 trees each year. Cyber Essentials certification Recognising that modern risk and sustainability span both physical and digital domains, Magenta has also invested in Threat Evolution, its dedicated cyber security training and consulting arm. Threat Evolution supports clients with Cyber Essentials certification, penetration testing, vulnerability scanning and tailored cyber awareness training, extending Magenta’s commitment to resilience, governance and data protection.  Magenta’s approach Transparency is another cornerstone of Magenta’s approach. The company publishes its emissions data through the Carbon Database Initiative (CaDI), inviting scrutiny and sharing practical lessons on topics such as phasing electric vehicles, mapping energy use in older buildings and designing out paper from guarding processes. Magenta also supports Police Community Clubs locally and sponsors children internationally, aligning commercial success with long-term social value.  Own environmental performance Abbey Petkar added, “Sustainability is not a project for us. It is how Magenta works, from the vehicles we drive and the energy we use to the way we support communities and help clients improve their own environmental performance." "To receive this award again, in our 30th year, is both a proud moment and a powerful motivation to keep raising the bar.”

Eversheds Sutherland has appointed partner Albert (Alby) Yuen to lead its Technology, Data and Cyber offering in Asia – the firm’s latest step in advancing its global growth strategy and underpinning its commitment to investing in exceptional talent across key markets and jurisdictions. Alby was previously Head of Technology, Media & Telecommunications (TMT) – Hong Kong, at international law firm, Linklaters where he led and developed its TMT practice, advising on major regional and global mandates. Key areas within the TMT space His career encompasses 25 years’ extensive TMT experience across the Asia-Pacific region and on the U.S. West Coast, having held senior positions with Linklaters and Osborne Clarke in Hong Kong, Gilbert + Tobin in Australia, and U.S. firms Gibson, Dunn & Crutcher and O’Melveny & Myers in Los Angeles. In addition, he brings valuable in-house skills and technical excellence through secondments with notable telecommunications companies in Asia and Australia. A senior figure in the region’s technology and data legal market, Alby advises on an array of key areas within the TMT space including complex technology and telecom transactions, digital infrastructure projects, fintech, data privacy and cybersecurity, commercial IP, emerging technologies (such as AI, blockchain) and complex commercial transactions. TMT and Data Protection & Privacy Throughout his career, he has advised on multi-jurisdictional cloud and outsourcing projects for global and regional corporate entities, including financial institutions, large-scale digital infrastructure (including data centre, tower and fibre) projects, cutting-edge regulatory matters such as data regulation, AI governance and cybersecurity and technology risk management and compliance issues. Alby has a proven track record pioneering technology-focused legal teams and delivering on high-profile mandates. He is recognized by legal industry directories Chambers and Partners and Legal 500 as a pioneering lawyer in TMT and Data Protection & Privacy.  Legal 500 describes Alby as “superb” as well as “A stand-out practitioner in a rapidly evolving and increasingly complex field. He brings a calm, considered approach to complex data and cyber security matters…”. Both legal directories praise him for his commercial approach and technical depth. Integrated global technology practice Charles Butcher, Managing Partner Asia and Head of M&A (Asia), Eversheds Sutherland, said: “We are absolutely delighted to welcome Alby to the Eversheds Sutherland team. Alby’s appointment comes at an exciting time in our Asia development. His proven leadership, technical excellence and market recognition further strengthen our ability to deliver cutting-edge technology, data and cyber advice where it matters most – helping clients navigate opportunities across key markets regionally and worldwide." "With experience spanning Asia, Australia, and the US, Alby brings a truly international perspective and a deep wealth of knowledge in the TMT sector. He will work closely with our talented Asia technology team and our integrated global technology practice to drive the next phase of growth, ensuring clients benefit from both continuity and innovation as we expand this globally thriving practice.” Alby’s experience and knowledge Simon Gamlin, Partner and Commercial Advisory Practice Group Head, Eversheds Sutherland, said: “Technology is a core pillar of our global practice. Alby’s experience and knowledge in advising on complex technology transactions, data, cyber and related regulatory issues will strengthen our integrated offering and enable us to enhance our delivery of pragmatic, forward-thinking solutions for clients worldwide." "Working closely with colleagues across Asia and our global network, Alby will help drive the development of our technology practice in key sectors such as financial services, telecoms, energy, and digital infrastructure. We already have a fantastic team in Asia, and Alby’s leadership will amplify that strength – ensuring we continue to meet the evolving needs of clients in this cutting-edge space.” Navigating complex tech and regulatory landscapes Albert Yuen, Partner, Eversheds Sutherland, said: “The firm offers the depth and breadth needed to deliver truly integrated solutions for clients navigating complex tech and regulatory landscapes. Joining a team that values innovation and is committed to growing its technology, data  and cybersecurity capabilities across Asia and globally is an exciting opportunity to make a real impact.” Earlier this year, Eversheds Sutherland and Microsoft were recognized at the Financial Times Innovative Lawyers Awards Asia-Pacific 2025, winning the Innovation in Outside Counsel Management category for its joint submission. More widely the firm recently welcomed new partners Mike Rainey and Asal Saghari to its corporate finance offering, marking its 27th lateral partner hire this year.

In today’s connected world, attacks are more likely to target digital than physical entry points. From ransomware and firmware tampering to remote hijacking, AI-driven phishing and automated vulnerability discovery, the nature of threats is evolving rapidly, and no industry can afford to neglect them. As our industry has moved from mainly mechanical to increasingly digital solutions, we have long recognized the importance of constantly monitoring and assessing the risks we face. This means not only meeting mandatory regulations but also voluntarily adopting international standards such as ISO 27001, which protects data and systems through a structured and independently audited framework. Today’s fast-changing risk environment is also why the EU introduced the Network and Information Security Directive 2 (NIS2) – to raise the bar for cybersecurity across Europe. But what do measures like NIS2 and the Cyber Resilience Act (CRA) mean in practice? How does the rise of AI fit in? And most importantly, what should our industry be doing to stay secure in such an unpredictable digital landscape? The new regulations Compliance is not just about meeting regulations, it is also a competitive advantage NIS2 is reshaping cybersecurity expectations by setting higher standards to reduce risk, improve transparency, and protect data and services. Alongside it, the CRA introduces mandatory requirements for products with digital components. This makes “secure by design,” regular updates, and compliance checks essential before products can enter the EU market. For companies in our industry, responsibilities now extend well beyond internal systems. Organizations must also ensure that suppliers and service providers comply, with regular risk assessments forming a central part of the process. The consequences of falling short are severe, ranging from significant fines and audits to the potential withdrawal of products from the market. For our customers, the message is clear: security must be built in from the start. Compliance is not just about meeting regulations, it is also a competitive advantage. At ASSA ABLOY Opening Solutions EMEIA, security is part of our DNA.  We embed these standards into everything we do, giving customers solutions they can trust to be compliant and resilient.  The rise of AI  Artificial intelligence is transforming the digital security landscape and it cannot be separated from the regulatory framework shaping our industry. With AI advancing rapidly and new regulations coming into force, we have established a digital compliance framework to stay ahead of the curve and use AI as an enabler for improving security and achieving compliance. On one hand, AI brings powerful benefits, including more intelligent monitoring, faster anomaly detection, and smarter tools for operational efficiency. These capabilities directly support NIS2 and the CRA, particularly in the areas of proactive risk management and incident response.  AI and building cybersecurity standards On the other hand, AI introduces new risks. The attack surface is expanding and threats such as deepfakes and smarter phishing create serious threats that regulators are determined to address. Both NIS2 and the CRA emphasize continuous monitoring, transparency and accountability, principles that must now also guide the responsible use of AI.    At ASSA ABLOY Opening Solutions EMEIA, we see AI not just as a risk to mitigate, but as a capability to strengthen resilience and trust. That is why we are embedding strong governance practices around AI and building cybersecurity standards into every stage of product development. By doing so, we help our customers align with new regulations while ensuring AI serves as a tool for greater security and confidence. Trust and compliance Beyond our own operations, we are also committed to supporting customers on their compliance journey At ASSA ABLOY Opening Solutions EMEIA, we are taking NIS2, the CRA and the rise of cyber-threats seriously, ensuring compliance and enhancing trust with all our customers. We have reinforced supplier oversight, streamlined incident reporting, and embedded cybersecurity into every stage of product development and lifecycle management. Our teams also conduct ongoing risk assessments and post-incident reviews, ensuring that lessons are learned and improvements are made. By taking these steps, we not only meet regulatory requirements but strengthen the resilience of our supply chain and the trust customers place in us. Beyond our own operations, we are also committed to supporting customers on their compliance journey. Initiatives such as our recently released whitepaper “Enhancing Cyber–Physical Resilience with Digital Access Solutions” and a detailed NIS2 whitepaper developed in Germany last year provide clear, practical guidance. By showing what these regulations mean in practice and how intelligent access solutions can directly support compliance, we aim to make the path forward less complex and more achievable for our customers. Looking ahead The days when security threats to businesses and products were only physical are long passed. Today, we find ourselves in a world where the digital realm poses even more serious and constantly evolving challenges. It is therefore crucial that, as an industry, we take the necessary steps to meet the directives of NIS2 and the CRA and also constantly monitor the rise of AI. Only by doing so can we protect our customers, preserve our reputations, and build the trust that defines true leadership in security.

In today’s fast-evolving aviation landscape, innovation isn’t optional — it’s essential. With passenger traffic in the Asia-Pacific continuing to surge, the region is facing a pivotal moment: adapt with scalable tech, or fall behind. In January 2025 alone, APAC carriers accounted for 56.6% of global passenger traffic growth. Airports are operating at near capacity, with a record-high Passenger Load Factor (PLF) of 82.1%, leading to pronounced congestion at check-in counters, security checkpoints, and boarding gates. Increasing passenger volumes As airports strive to manage increasing passenger volumes without resorting to costly and time-consuming infrastructure expansions, technology — particularly facial recognition and biometric automation — emerges as a viable solution. However, the full realisation of these innovations requires more than just installing new system However, the full realisation of these innovations requires more than just installing new systems. It’s about building the right ecosystem of partners, processes, and policies to ensure sustainable, secure, and scalable growth. Presenting physical documents According to their estimates, over 120 APAC airports have already deployed biometric solutions at key travel touchpoints, including check-in, bag drop, security, and boarding. Thailand exemplifies this shift, with facial recognition deployed at six major airports — Suvarnabhumi, Don Mueang, Chiang Mai, Chiang Rai, Phuket, and Hat Yai — dramatically reducing passenger processing times. These systems allow travelers to verify their identities seamlessly at multiple touchpoints, from check-in and security screening to boarding gates, without presenting physical documents. This case reflects the Airports of Thailand’s (AOT) commitment to leveraging technology to improve operational efficiency and passenger experience. Digital identity programs Biometric solutions also extend beyond the airport: digital identity programs enable travelers to verify their identities before arriving at the terminal, creating seamless journeys from curb to gate. In this environment, facial recognition is not merely a futuristic innovation; it has become an operational imperative. Airports that fail to adapt risk falling behind, unable to manage burgeoning passenger volumes or meet evolving traveler expectations. True operational efficiency Despite its transformative potential, biometric technology cannot be successfully deployed in isolation. Achieving true operational efficiency through facial recognition requires strategic collaboration among technology vendors, IT integrators, airports, airlines, and regulatory authorities. Several pillars underpin a successful biometric implementation: Interoperability: Biometric systems must integrate seamlessly with a wide array of airline platforms, security protocols, and airport infrastructure. Lack of interoperability can lead to fragmented systems that frustrate staff and passengers alike. Scalability: Passenger volumes are forecasted to continue rising. Biometric solutions must be designed to scale rapidly in response to demand surges and future security challenges. Data Privacy and Security: With growing public scrutiny over personal data usage, airports must implement robust security frameworks that prioritize privacy and transparency. Encryption, consent-based use, and strict access controls are critical to gaining and retaining passenger trust. Future security challenges BKI can achieve significant throughput gains without major construction disruptions A case study illustrates these points: Malaysia’s planned revamp of Kota Kinabalu International Airport (BKI) aims to boost capacity by 33% over the next few years. Rather than expanding physical infrastructure alone, authorities are exploring facial recognition solutions to increase efficiency within existing spaces. By integrating biometric checkpoints at key touchpoints, BKI can achieve significant throughput gains without major construction disruptions. Such outcomes are only possible through well-coordinated technology partnerships, where vendors, airports, and integrators work toward a shared vision of future-ready travel. AI-powered computer vision What’s Next: Fully Biometric-Enabled Travel Looking ahead, the pressure on APAC airports is set to intensify. Airports Council International projects 9.5 billion air travelers globally by the end of 2025, a volume traditional processing methods cannot manage effectively. In response, AI-powered computer vision and facial recognition will continue to refine biometric processes, delivering higher accuracy rates and faster verification. Future systems will leverage real-time liveness detection, predictive analytics for crowd management, and seamless integrations across all travel stages. A fully biometric-enabled journey is becoming reality: Check-in with a glance at a kiosk Drop bags without producing an ID or boarding pass Clear security with automated facial recognition portals Board flights through biometric-enabled gates — without ever presenting a physical document. Experiencing significant growth Seamless integration across touchpoints creates a unified, frictionless journey In this vision of the future, identity becomes the ticket. Seamless integration across touchpoints creates a unified, frictionless journey.  For APAC airports experiencing significant growth, full biometric enablement is becoming increasingly important for maintaining efficiency and staying competitive. At the same time, such a future demands robust technology ecosystems, where ongoing innovation is supported by partnerships that align regulatory, operational, and technological goals. Expanding physical infrastructure Building the Smart Airports of Tomorrow: Join the Conversation The aviation sector in APAC stands at a critical crossroads. Passenger growth, operational challenges, and heightened security requirements are converging, creating an urgent need for innovation. Facial recognition and biometric automation offer a clear path forward, enabling airports to handle growing volumes, enhance security, and deliver superior passenger experiences without necessarily expanding physical infrastructure. Facial recognition solutions Yet, the success of these innovations hinges on strategic, trusted technology partnerships. Airports must collaborate with technology vendors, IT system integrators, airlines, and regulators to ensure interoperability, scalability, and data security. At RecFaces, they believe the future of APAC airports is fully biometric-enabled. To explore how tech collaborations and advanced facial recognition solutions can transform airport operations, they invite users to join their free online panel discussion on April 30: ‘Smart Airports Start With Smart Tech: Facial Biometrics for APAC Airports.’

Technology advances in the security industry are transforming the way modern systems are designed and installed. Customers today are looking for greater scalability and flexibility, lower up-front costs, and operational efficiency. Cloud-based software as a service (SaaS) solutions, AI-enhanced tools, and IoT-enabled sensors and devices are increasingly in demand. The traditional role of the systems integrator is evolving as a result. While security integrators have always worked closely with end users, today’s pioneers go beyond installation and maintenance. They align security strategies with evolving business needs, integrating IT, cybersecurity, and data-driven insights into their offerings. A look at the past and present Integrators are often asked to help tailor solutions and provide expertise in IT and cybersecurity Traditionally, systems integrators specialized in installing and maintaining wired physical security systems like CCTV, access control, and alarms. The service model was built around large, up-front investments and project-based installations. However, today customers are seeking comprehensive solutions. They’re looking to wirelessly integrate security infrastructure with cloud-based SaaS systems and IoT devices. While modern systems are often faster to deploy, they’re most effective when supported by ongoing consulting and strategic planning. Integrators are often asked to help tailor solutions and provide expertise in IT and cybersecurity. Data requirements and modern systems  Data requirements have also changed. Modern systems collect vast amounts of data. Advanced analytics, machine learning, and automation are now must-have tools for actionable insights. Security integrators can help end users set up custom dashboards, automations, and continuous system optimization. Let’s look at some of the specific ways the role of systems integrators is evolving and how to adapt and succeed. Strengthen your IT expertise Integrators with IT expertise can ensure that hardware is optimized and maintained for peak performance The competitive landscape today includes not just security specialists but also IT-focused integrators and SaaS providers. Systems integrators with expertise in traditional physical security solutions plus IT experience offer unique value. They understand the real-world security challenges and opportunities, along with cybersecurity and network best practices. Integrators with IT expertise can also ensure that hardware is optimized and maintained for peak performance. Their experience with legacy systems allows them to offer practical recommendations on cost-effective approaches, such as upgrading or integrating older hardware with new digital solutions. Consider who’s making the purchase decisions Traditionally, security integrators primarily sold to security directors, facility managers, and operations teams. Now, multiple stakeholders may be involved in decision-making. IT teams, CIOs, and CTOs often weigh in on purchase decisions when cloud-based security and SaaS solutions are under consideration. Customers today aren’t just shopping for cameras, access control panels, alarms, and other hardware components. They’re looking for security ecosystems that can integrate with enterprise-wide IT infrastructure and business applications. When working with these different teams, consider outlining the system's return on investment (ROI). How can the solution reduce risk for various departments? Can it help improve operational efficiency or reduce the time required to onboard and train staff? Will it make regulatory compliance easier to manage? Focus on the long-term value for the entire organization. Take a consultative approach Another way systems integrators are adding value is by offering vertical specialization Installation fees remain important for many integrators, but there may be additional consultative opportunities to build long-term relationships with customers. Offer services such as roadmap planning, hardware and integration maintenance, training to certify end users on the manufacturer’s product, and cybersecurity services. While cloud-based solutions reduce on-premises maintenance, they don’t eliminate the need for ongoing support and training. Consider offering training opportunities. These can lead to other benefits as well. Better-educated and technically proficient customers are usually more willing to adopt new technologies. They understand the value of these investments and have more confidence that they’ll see results. Another way systems integrators are adding value is by offering vertical specialization. Healthcare, sports venues, critical infrastructure, education, retail - each specialty has its own set of challenges, partner networks, regulatory restrictions, training needs, and business requirements. Integrators who specialize are uniquely positioned to offer key sector-specific insights that are invaluable to their clients. Embrace the cloud A key growth area for integrators is supporting customers in their shift to cloud deployments. Cloud solutions aren’t a one-size-fits-all solution. Each organization is evaluating options and deciding whether cloud, hybrid, or fully on-prem solutions are the right fit for its unique needs. A key growth area for integrators is helping clients in their shift to cloud deployments Helping customers navigate and adopt cloud or hybrid solutions opens new opportunities to expand your business and deepen your relationship with your customers. Systems integrators who sell cloud solutions have the opportunity to add new layers to services for more value for customers. With a cloud solution that's easy and fast to deploy and managed and maintained by the provider, you can reduce overhead costs, staff training, and truck rolls via remote customer support. These benefits also allow you to spend time developing greater expertise in your customers’ processes. Using this knowledge, you can tailor your services towards potential productivity gains for your customers and turn them into additional sales. You ensure that your customers get the most out of the technology that’s available and that they have already purchased. Highlight your focus on cybersecurity Cybersecurity is no longer solely an IT department's responsibility. While dedicated IT security teams may still handle broader network defense, integrators play a crucial role in securing access control, surveillance, and IoT devices within a security framework. If unsecured, these devices can provide an entry point for cyber criminals to gain access to an organization’s network. Cybersecurity is no longer solely an IT department's responsibility To best protect end users from cyberattacks, choose physical security systems with built-in security and privacy-by-design features. Help customers implement best practices to ensure their entire ecosystem is designed, built, and managed with end-to-end security in mind. Once implemented, work with your manufacturers, consultants, and end users to ensure that vulnerabilities are identified and mitigated. Every person on the network plays a role in keeping cyber threats at bay. Lean into the power of partnerships In today’s complex and dynamic security landscape, choosing the right technology partners is crucial. Ask potential partners to share their technology roadmap, and how you can offer feedback or participate in discussions about industry trends. Ideally, your partners will have a program in place to get input from integrators and end users, so they can develop products that are designed to address their most pressing issues and concerns. Your manufacturer partners should be working to help identify the evolving needs of customers and communicate these insights to systems integrators. Seek partners who actively support integrators to understand how security is evolving In addition to a good experience for the end user, strong manufacturer partners also offer solutions to streamline and automate workflows for integrators. It should be easy to order and check your shipping statuses online, for example. These are simple things that save you time and demonstrate your partner’s care for your business. Seek partners who actively support integrators to understand how security is evolving. While training is often offered on-site, some companies are now also offering blended learning models so integrators and their technicians can reduce classroom time and stay out in the field. Evolution is an opportunity Security integrators with traditional physical security expertise remain indispensable because they understand real-world risks and regulatory requirements. They can provide hands-on system deployment and optimization. Now, there are new opportunities to build long term customer relationships. As the physical security industry undergoes this profound shift, adaptation is key. By embracing cloud and hybrid solutions, integrators can unlock new revenue streams, enhance customer relationships, and stay ahead of technological advancements. With the right partnerships and a forward-thinking mindset, systems integrators can navigate this transformation and take advantage of new opportunities being presented by evolving technology.  Leverage your deep industry experience while upskilling in cloud, cybersecurity, and IT. The strongest approach is for end users, systems integrators, IT specialists, and manufacturers to work together to navigate industry changes.

Anyone who has been in a proverbial cave for the last couple of years faced a language barrier at this year’s ISC West 2025 trade show. The industry’s latest wave of innovation has brought with it a new bounty of jargon and buzzwords, some of which I heard at ISC West for the first time. As a public service, we are happy to provide the following partial glossary to promote better understanding of the newer terms. (Some are new to the security industry but have been around in the IT world for years.) Obviously, if we can’t understand the meaning of the industry’s lexicon (and agree on the meaning of terms!), we will struggle to embrace the full benefits of the latest industry innovation. Not to mention we will struggle to communicate. Generative AI Generative AI can identify an object in an image based on its understanding of previous objects This was perhaps the most common new(ish) term I heard bouncing around at ISC West. While the term artificial intelligence (AI) now rolls off everyone’s tongue, the generative “version” of the term is catching up. Generative AI uses what it has learned to create something new. The name comes from the core function of this type of artificial intelligence: it can generate (or create) new content. It doesn’t just copy and paste; it understands the underlying patterns and creates something original based on that understanding. In the case of video, for example, generative AI can identify an object in an image based on its understanding of previous objects it has seen. Video and security Generative AI can tell you something digitally about what is happening in an environment. There is no longer a need to write “rules;” the system can take in data, contextualize it, and understand it, even if it does not exactly match something it has seen before. In the case of video and security, generative AI offers more flexibility and better understanding. From 2014 to 2024, the emphasis was on detecting and classifying things; today AI is expanding to allow new ways to handle data, not so prescriptive and no more rules engines. Agentic AI Agentic AI refers to artificial intelligence systems that can operate autonomously to achieve specific goals Agentic AI refers to artificial intelligence systems that can operate autonomously to achieve specific goals, with minimal to no direct human intervention. In addition to the capabilities of generative AI, agentic AI can take action based on what it detects and understands. Use of agentic AI typically revolves around an if/then scenario. That is, if action A occurs, then the system should proceed with action B. For example, if an AI system “sees” a fire, then it will shut down that part of the building automatically without a human having to initiate the shutdown. There is a lot of discussion in the industry about the need to keep humans involved in the decision-making loop, so use of truly autonomous systems will likely be limited in the foreseeable future. However, the ability of agentic AI to act on critical information in a timely manner, in effect to serve as an “agent” in place of a human decision-maker, will find its place in physical security as we move forward. Inference Inference is another common term related to AI. It refers to the process by which an AI model uses the knowledge it gained during its training phase to make predictions, classifications, or generate outputs on new, unseen data. The direct relationship of this term to physical security and video is obvious. In the simplest terms, an AI system is “trained” by learning patterns, relationships, and features from a large dataset. During inference, the trained model is presented with new questions (data it hasn't seen before), and it applies what it learned during training to provide answers or make decisions. Simply put, inference is what makes AI systems intelligent. Containerization Dividing a massive security management system into several separate containers enables management of the various parts In IT, containerization is a form of operating system-level virtualization that allows you to package an application and all its dependencies (libraries, binaries, configuration files) into a single, portable image called a container. This container can then be run consistently across any infrastructure that supports containerization, such as a developer's laptop, a testing environment, or a server in the cloud. In the physical security industry, you hear “containerization” used in the context of separating out the various components of a larger system. Dividing a massive security management system into several independent containers enables the various parts to be managed, updated, and enhanced without impacting the larger whole. Genetec’s SecurityCenter cloud platform Think of it like shipping containers in the real world. Each container holds everything an application needs to run, isolated from other applications and from the underlying system. This ensures that the application will work the same way regardless of the environment it is deployed in.   “It took us five years to containerize Genetec’s SecurityCenter cloud platform, but containerization now simplifies delivering updates to products whenever we want,” says Andrew Elvish, Genetec’s VP Marketing. Among other benefits, containerization enables Genetec to provide more frequent updates--every 12 days. Headless appliance Headless appliance is a device that is managed and controlled remotely through a network or web interface A headless appliance is a device that is managed and controlled remotely through a network or web interface. The device is like a “body without a head” in the traditional sense of computer interaction: It performs its intended function, but without any visual output or input device for local interaction. In physical security, such devices are increasingly part of cloud-based systems in which the centralized software manages and operates all the disparate “headless” devices. A headless appliance does not have a Windows management system. “The whole thing is managed through the as-a-service cloud system,” says Elvish. With a headless device, you just plug it into the network, and it is managed by your system. You manage the Linux-based device remotely, so configuring and deploying it is easy. Democratizing AI You hear the term democratizing AI used by camera manufacturers who are looking to expand AI capabilities throughout their camera lines, including value-priced models. For example, even i-PRO’s value-priced cameras (U series) now have AI – fulfilling their promise to democratize AI. Another approach is to connect non-AI-equipped cameras to the network by way of an AI-equipped camera, a process known as “AI-relay.” For instance, i-PRO can incorporate non-AI cameras into a system by routing/connecting them through an X-series camera to provide AI functionality. Bosch is also embracing AI throughout its video camera line and enabling customers to choose application-specific analytics for each use case, in effect, tailoring each camera to the application, and providing AI to everyone. Context Cloud system also enables users to ask open-ended queries that involve context, in addition to detection Context refers to an AI system that can understand the “why” of a situation. For example, if someone stops in an area and triggers a video “loitering” analytic, the event might trigger an alarm involving an operator. However, if an AI system can provide “context” (e.g., he stopped to tie his shoe), then the event can be easily dismissed by the automated system without involving an operator. Bosch’s IVA-Pro Context product is a service-based model that adds context to edge detection. The cloud system also enables users to ask open-ended questions that involve context in addition to detection. For example, rather than asking "do you see a gas can?" you can ask "do you see any safety hazards in this scene?" The pre-trained model understands most common objects, and understands correlations, such as "a gas can could be a safety hazard.” A scaled-down on-premise version of the IVA Context product will be available in 2026. Bosch showed a prototype at ISC West. Most video data is never viewed by an operator. Context allows a system to look at all the video with "almost human eyes." Cameras are essentially watching themselves, and understanding why something happened and what we can do. All that previously unwatched video is now being watched by the system itself, boosted by the ability to add “context” to the system. Any meaningful information based on context can trigger a response by an operator. Data lake A data lake is a centralized repository that allows one to store vast amounts of structured, semi-structured, and unstructured data in its native format. In the case of the physical security marketplace, a data lake includes data generated by systems outside the physical security infrastructure, from inventory and logistics systems, for example. A data lake is where an enterprise can accumulate all their data, from the weather to Point-of-Sale information to logistics, to whatever they can gather. Putting the data in one place (a “data lake”) enables them to mine that data and parse it in different ways using AI to provide information and insights into their business. Notably, a data lake contains all a company’s data, not just security or video data, which opens up new opportunities to leverage the value of data beyond security and safety applications. Crunching the various information in a data lake, therefore, security technology can be used to maximize business operations.

The practice of executive protection changed forever on Dec. 4, 2024, when UnitedHealthcare CEO Brian Thompson was shot outside a Manhattan, New York, hotel. The shocking event raised awareness in board rooms around the world about the need for, and challenges of, executive protection. Questions followed immediately, including why was the high-level executive not protected? Combination of risk and reward  UnitedHealthcare’s stock price has gone down more than 20% since the shooting The event also highlighted what is at stake for companies, extending beyond the safety of executives and impacting many factors, even including a company’s stock price. UnitedHealthcare’s stock price has gone down more than 20% since the shooting, equating to tens of billions of dollars. “Companies are considering the combination of risk and reward like never before when it comes to executive protection,” says Glen Kucera, President of Allied Universal Enhanced Protection Services. “What are the chances this could happen? Before Dec. 4 many thought it was zero. And what are the financial implications for a company if it happens? Executive protection is a small investment to protect against a worst-case scenario.” Evaluation of an executive protection  Before the UnitedHealthcare shooting raised awareness, fewer than 50% of executives had protection. But concerns that previously fell on deaf ears now have the full attention of companies, says Kucera. “Boards of directors are having to figure this out,” he adds. “They may not have executive protection, but now they have to do it.” A threat assessment, conducted by a company such as Allied Universal, provides an independent evaluation of a company’s executive protection needs. The assessment evaluates factors such as an executive’s travel habits, the safety of their home, etc. Does the executive need protection 24/7, or just when they travel into more dangerous areas? Risks increase related to corporate earnings Sometimes, cases increase the need for executive protection, such as an internal threat In assessing threats, security professionals also look beyond the individual to consider the safety of a corporate facility, for example. “Is there a visual deterrent, controlling who comes and goes?” asks Kucera. “If there is good security, it all ties together. We do home assessment, facility assessment, route assessment, and travel assessment as needed.” Sometimes, circumstances increase the need for executive protection, such as an internal threat. Timing is a factor, and risks increase related to corporate earnings releases, new product announcements, and corporate layoffs or consolidation. Monitoring social media tracks shifting threats that impact the need for executive protection. UnitedHealthcare shooting  “He didn’t have it and probably didn’t think he needed it,” comments Kucera about the UnitedHealthcare executive who was gunned down in the streets of New York City. “He was staying at the hotel across the street and was used to walking down the street every day.” “Sometimes executives want to preserve their privacy and be able to walk down the street,” says Kucera. “Getting protection can be seen as a sign of weakness. Some CEOs in the past have said they just didn’t want it.” However, the UnitedHealthcare shooting raised the stakes of the need for more vigilance. “The bottom line is you have to yet beyond objections and make the investment to protect against a worst-case scenario,” says Kucera. Anti-capitalist sentiment in the general population An internal police bulletin warned of an online hit list naming eight executives and their salaries Threats to executives sometimes arise from anti-capitalist sentiment in the general population about perceived inequalities in wealth and power. Executives provide symbolic targets for anyone who fights the system, and social media has amplified the voices of those who oppose capitalism.  For example, a "Most Wanted CEO” card deck seeks to shine a spotlight on "titans of greed." Also, in the aftermath of the UnitedHealthcare shooting, CEO "wanted" posters appeared across New York City, threatening various executives of large companies. An internal police bulletin warned of an online hit list naming eight executives and their salaries. Careful monitoring of social media posts Careful monitoring of social media posts and other sources enables executive protection professionals to analyze data and separate the dangerous threats from the merely negative ones. Sadly, positive support of the UnitedHealthcare shooting was expressed by the 300,000 or so followers of the shooter, who became a celebrity of sorts. A huge outcry of negative sentiment toward the insurance industry led to fear that copycat incidents might occur. “There has been an unprecedented amount of positive support for committing murder,” commented Kucera. Executive protection requests HR executives can be at risk, especially at a time of layoffs or consolidation “Let’s face it, there has been a lot of controversy, from COVID to the Middle East crisis, to the political campaign, and there is negativity on both sides,” says Kucera. “People have opportunities to pick sides, and there is a lot of sentiment going both ways, and there is a small percentage of people who will act aggressively.” Executive protection requests now extend beyond the CEO to include others in the management ranks of companies. Basically, any public-facing executive is at risk, including anyone who makes statements to the press. Human resource (HR) executives can be at risk, especially at a time of layoffs or consolidation.   Private information on the Internet Typically, an executive is assigned a single armed operative for protection. The firearm serves primarily as a visual deterrent that hopefully makes a potential perpetrator think twice. “When they plan an event like this, their expectation is that it will be a soft target,” says Kucera. “If there is an officer, it gives them pause.” Controversial or high-profile CEOs are typically protected 24/7, including when they travel with their family. Adding risks is the fact that private information is now posted on the Internet, including where an executive lives and where their children go to school. Internet monitoring  Internet monitoring also includes the “dark web,” which includes sometimes dangerous information “We offer social media monitoring, and we advise them to be more careful with what they post,” says Kucera. “We monitor reactions to posts including any that might be threatening. We watch social media carefully if a company announces earnings or a change in their service or product offering.” Internet monitoring also includes the “dark web,” which includes sometimes dangerous information that is intentionally hidden and requires specific software, configurations, or authorization to access.   Own layer of protection Public and government officials can also come under fire in a variety of scenarios. FEMA officials faced threats after the recent floods in the Southeast, for example, among other situations where perceived unfair treatment promotes thoughts of retribution.  Although government agencies have their own layer of protection, there are instances when they call on companies such as Allied Universal for additional help.  Ad hoc protection for various executives In the aftermath of the UnitedHealthcare shooting, calls to Allied Universal’s Command Center increased by 600%, reflecting requests for ad hoc protection for various executives.  These requests are in addition to the company’s business providing “embedded” operatives that travel with executives all or some of the time. On that side of the business, requests for services are up probably 300%, says Kucera.

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of this problem has emerged in the consumer and political worlds, the issue cannot be ignored when it comes to the authenticity and protection of video and security data. Video surveillance data SWEAR is a company with the mission to ensure the integrity of video surveillance data by mapping video data and writing it into the blockchain, providing real-time, immutable proof of authenticity. Blockchain, which is the underlying technology that enables cryptocurrencies, is a decentralized digital ledger that securely stores records across a network of computers in a way that is transparent, immutable, and resistant to tampering. SWEAR solution The SWEAR solution is based on proactive, foundational protection that validates data at the source The SWEAR solution is based on proactive, foundational protection that validates data at the source before any opportunity for manipulation can occur. “Our technology is about proving what’s real and our goal is to ensure that security content and video surveillance data remain untampered with and reliable when needed,” says Jason Crawforth, Founder and CEO of SWEAR. Real-time authentication Security leaders need to ensure that the content they are relying on to make mission-critical decisions is authentic. Once verified, organizations can be sure that their investment in video can be trusted for critical use cases, including intelligence operations, legal investigations, and enterprise-scale security strategies. SWEAR seeks to embed trust and authenticity directly into video surveillance content at the point of creation. This ensures real-time authentication while proactively preventing tampering or manipulation before it can happen.  AI-generated content The rise of AI-generated content, such as deepfakes, introduces significant challenges As AI transforms the landscape of video surveillance by enhancing threat detection and predictive analysis, it also introduces the very real risk of manipulation through AI-generated content. This presents a significant challenge in protecting critical security data, especially in mission-critical applications. The rise of AI-generated content, such as deepfakes, introduces significant challenges when it comes to ensuring the protection of digital media like video surveillance.  Recent study findings It is a fact that digital media content is being questioned more regularly, which puts businesses, legal systems, and public trust at risk.  A recent study from the Pew Research Center found that 63 percent of Americans believe altered videos and images create significant confusion about the facts of current issues. Last month, California Governor Gavin Newsom signed three bills aimed at curbing the use of AI to create fake images or videos in political ads ahead of the 2024 election.  Footage authenticity “While most of the news cycle has centered on the use of fake content in politics, we need to think about how manipulated videos could affect security,” says Crawforth. “In video surveillance, ensuring the authenticity of footage is critical for keeping operations secure and safe around the world. That means verifying and protecting video data is a must.”  Organizations must be capable of performing thorough digital investigations, which involve retrieving and analyzing video and security data from devices and networks through a chain of evidence. Digital forensic capabilities Strong digital forensic capabilities also enhance incident response, risk management, and proactive security An in-depth understanding of who has handled video data, how it was handled, and where it has been is an important step in responding to security incidents, safeguarding assets, and protecting critical infrastructure. Strong digital forensic capabilities also enhance incident response, risk management, and proactive security measures, all essential for risk management, regulatory compliance, and cost control, says Crawforth.  An unbroken chain of custody “By using tools to identify, preserve, and analyze digital evidence, organizations can ensure swift and accurate responses to security incidents,” he adds. “Using the latest tools and techniques is vital for maintaining a strong security posture." "But you must ensure your digital content isn’t manipulated.” SWEAR’s technology provides an unbroken chain of custody, ensuring that video evidence can be trusted and admissible in court and forensic applications.  Authenticating content Authenticating content also strengthens accountability and trust, protecting organizations By verifying video content is protected from tampering, manipulation, or forgery, organizations can be sure that they have reliable evidence that produces actionable results. Authenticating content also strengthens accountability and trust, protecting organizations from legal disputes or compliance violations.  Safeguarding digital content “With an increasing amount of disinformation in today’s world, we sought to develop an innovative solution to safeguard the integrity of digital content,” says Crawforth. SWEAR safeguards security content using real-time “digital DNA” encoding. It integrates directly at the video management system level, ensuring it is preserved with a secure chain of custody and maintains integrity for evidentiary purposes.  Real-time “digital DNA” encoding The digital DNA is then stored on a blockchain, creating an immutable record The solution integrates with cameras and other recording devices to map this digital DNA of the video data, all in real-time. The digital DNA is then stored on a blockchain, creating an immutable record that tracks the content’s history and integrity. Any attempt to manipulate the media can be instantly detected by comparing the current state of the media to its original, authenticated version. SWEAR is actively collaborating with video management solution providers to integrate the technology into their platforms. Video and security data benefits “We’re still in the early stages of our collaboration in this space, but it is clear that the industry recognizes that we have to work together to mitigate this risk proactively before it becomes a significant issue,” says Crawforth. “The feedback we have received from the industry to date has been beyond our expectations, and we expect to have more integration partners to highlight shortly.”  “We should approach this as a collaborative effort across the industry, as ensuring the authenticity of video and security data benefits everyone involved,” says Crawforth. 

Stratas is a UK-based specialist in document automation, finance automation, and intelligent document processing (IDP). Its solutions help organizations automate processes underpinned by documents and improve control across finance and operations.   Stratas needed a new, secure, and scalable data storage solution after notification that its remote storage provider planned to discontinue services. Richard Webb, the company’s Professional Services Technical Consultant, explains: “We weren’t confident that the physical servers were being properly maintained. Our provider was using older machines and running Windows Server 2012, which presented us with reliability and security challenges. If we had continued with our arrangement, things would have had to change.”    Solution   After considering several options, Richard and his team selected Node4’s Virtual Data Center (VDC) offering – the company’s managed, hosted Infrastructure as a Service platform. As the first step in deployment, Node4 set up a bespoke landing zone to assist Richard with data migration from his organization’s legacy servers. Node4 also configured VDC access via a secure, high-speed VPN. Public cloud solution “We told Node4 from the outset that we wanted a managed, hosted environment. We’re a lean business with no physical premises and didn’t want the overheads and complications of managing physical servers,” Richard comments. “On paper, a public cloud solution might have seemed logical. But we run several niche applications with specialized workflow and process requirements. Node4’s VDC was a better fit – we got the scalability and flexibility of public cloud without the complexity and administration headaches. But we also benefit from Node4’s support and expertise. It’s the best of both worlds.” Node4’s data center  “We also wanted our data to remain in the UK on servers owned by a UK company,” he acknowledges. “That’s important for GDPR compliance and data sovereignty." "It was also a bonus that Node4’s data center is just down the road from us, so we’re hyperlocal, I guess. It all adds to the feeling that we’re not dealing with some faceless conglomerate – that there are real people on hand with a genuine interest in helping our business to thrive.”     Results   Stress-free migration   With the landing zone operational and VPN connectivity established, Richard and his team began migrating applications and clients to their new Virtual Data Center. “Clients using our invoicing and accounting service can’t be offline for a long time – especially around month-end. So, although it was slower for us, we migrated one customer at a time at a rate of about five per week,” he explains. “Node4’s landing zone also allowed us to test migrations to ensure everything worked as expected before going live. This kept downtime to an absolute minimum and reduced many of the risks associated with migration to hosted environments.”    Enhanced backup, recovery, and resiliency    Richard and his team immediately benefited from switching to Node4’s virtual data center. “Our previous provider offered only basic backups, and their infrastructure lacked resiliency,” he recalls. “We could start work on a Monday and, without any prior warning, find half our servers were down. Switching to Node4’s virtual data center with modern, resilient servers – alongside built-in comprehensive backup and disaster recovery – improved our day-to-day operations and customer experience right from the outset.”   Richard admits that the connectivity and reliability improvements far exceeded anything he’d hoped for. “It’s amazing! Even basics like logging in are easier. On our old system, it would take several attempts, and there was always a chance you’d get kicked out after a couple of hours. Getting online first time probably saves each of us around ten minutes a day. That may not sound much, but it quickly adds up as the weeks and months go by.”    Advanced, integrated security    Richard also notes that the VDC offers a range of security benefits, including firewall defences, DDoS protection and secured instances. “We’re planning to introduce multi-factor authentication to access our VPN. It’s a vital identity management tool for all businesses,” he comments. “But especially ones like ours with a 100% remote workforce.”   Consumption-based model: Pay for used compute, network, and storage    Richard is also keen to highlight the advantages of a consumption-based model. “The VDC is fully self-service. We can adjust compute, network, storage, and services on demand with just a few clicks – giving us complete control over our environment and costs." "This is important right now and also helps us plan ahead; for example, we can now see a pathway to rolling out AI and advanced automation in the coming years.”    Transparent pricing    “I like the fact that VDC pricing is transparent,” Richard admits. “We did our due diligence and looked at a few other companies. Their project and operational costs seemed lower. But there were lots of gotchas – like fixed data charges and data limits – hidden in the small print. So, when we weighed it all up, Node4, with its consumption-based pricing, was far better value and a much better organizational fit.”    He concludes: “What does that mean on a day-to-day basis? Currently, we’ve scaled requirements as we’re carrying out some server consolidation work. But all that extra capacity is still there for us. And while we’re waiting, we’re not being charged for it. That’s a huge benefit. It helps us remain competitive and responsive to changing market and economic conditions.”

St John’s College, one of the historic colleges of the University of Oxford, has significantly strengthened its cybersecurity posture with the implementation of a Managed Vulnerability Management (MVM) program delivered by long-term partner ANSecurity. Founded in 1555, St John’s supports a diverse community of more than 600 students, a large number of staff and over 100 academic fellows across multiple sites in Oxford. With a small in-house IT team and growing cyber threats, the college needed a proactive solution to improve visibility, reduce risks, and free up internal resources. MVM service After more than 13 years of collaboration, the college turned to ANSecurity to design and deploy an MVM service built on Tenable Nessus. The service includes daily credentialed scans, automated vulnerability notifications, remediation validation, and monthly strategic reviews with ANSecurity consultants. Measurable results Since launching the program in May, St John’s College has achieved: Over 50% reduction in critical and high-severity vulnerabilities Resolution of systemic issues such as broken Windows Updates, unsupported software, and weak cipher suite configurations Improved ability to challenge vendors using outdated or insecure systems Strategic resource allocation, allowing IT staff to focus on high-impact security tasks Matt Jennings, IT Manager at St John’s College Oxford said: “This service has freed up internal resources and helped us stop playing ‘whack-a-mole’ with vulnerabilities. We now know what to focus on, and how to do it. The support from ANSecurity has been invaluable in helping us become more strategic and effective.” Proactive cycle of risk management The program has also introduced a proactive cycle of risk management, with daily monitoring of public-facing systems, monthly vulnerability summaries, and overnight verification of patch updates. St John’s College has worked with ANSecurity since 2013 on projects including firewall replacements, wireless network deployments, and strategic consultancy. The MVM program marks the latest step in the college’s modernization of its cybersecurity defenses. Matt Jennings added: “ANSecurity have always been responsive, professional, and understanding of our requirements. Their engineers are not only experts in their field, but also able to explain complicated issues clearly. We look forward to working with them for many years to come.”

Elegance, design and entertainment – that’s what the new Grand Sapphire Resort & Casino in Iskele, in the east of the Turkish Republic of Northern Cyprus (TRNC), stands for. This exclusive hotel complex, located directly on the beach of the Karpaz Peninsula, offers guests top-level service, stunning architecture and a very special highlight: a casino with 42 live game tables and over 300 slot machines across a 2,700 m² gaming area. To ensure that guests not only have an impressive but also a safe experience, Grand Sapphire relies on a customized video surveillance solution from Dallmeier. The “Made in Germany” video technology ensures around-the-clock security and efficient processes – not only through high product quality, but also through the highest standards for data protection and data security. Data protection requirements One of the main requirements was the complete monitoring of gaming areas  When the casino was opened, the security team at the Grand Sapphire Resort faced the task of implementing a modern casino security solution that would ensure both guest safety and smooth operations. “Our goal was to create a top-tier casino environment – and that includes a security concept that combines quality, data protection and efficiency,” explains Bayram Tegay, General Manager at Grand Sapphire. One of the main requirements was the complete monitoring of gaming areas, especially the live game tables, without interfering with day-to-day operations. At the same time, an exceptionally high level of data protection had to be maintained. Strict compliance regulations “In Northern Cyprus, casinos face especially strict compliance regulations,” says Yücel Çalişkan, Surveillance Manager at the resort. “Our department operates in full isolation from the rest of the organization. Protecting sensitive data is not optional for us – it is the very foundation of our work.” Integrated surveillance concept The team opted for a comprehensive video surveillance system from Dallmeier The team opted for a comprehensive video surveillance system from Dallmeier, planned and implemented by Dallmeier Türkiye. The customized security concept was visualized and preconfigured using the 3D camera planning tool PlanD. “PlanD offered the customer 100% planning reliability,” says Orhan Yörükoğlu, Director of Dallmeier Türkiye A.Ş. “Project stakeholders could see in advance exactly which camera would cover which area and what the overall project scope would be. That was enormously helpful for decision-making.” Precision from eight meters above All cameras were installed at a height of approximately eight meters on the ceiling  All cameras were installed at a height of approximately eight meters on the ceiling – a technical challenge solved through the use of high-resolution cameras with suitable optics. For seamless surveillance of the 42 live game tables, slot areas and entrances, the installation combines Dallmeier PTZ and dome cameras. To provide a full overview of the gaming floor, a Panomera S8 multifocal sensor system is used. Thanks to its unique optical design, Panomera delivers a complete overview of the casino floor while still allowing detailed zoom-in views where needed. Central control room In the central control room, four operators work per shift on three 27-inch monitors each, while 18 large-format monitors provide overall visual control. Recording is handled redundantly via IPS 10000 network video recorders. The entire system is managed using the Hemisphere VMS platform operated on four VMC Touch workstations. For non-public areas, ONVIF-compatible third-party cameras are used, and their data is also fully integrated into the Dallmeier system thanks to Hemisphere’s open system architecture. Facial recognition Another key feature is the integration of a Corsight facial recognition system, operated on dome cameras Another key feature is the integration of a Corsight facial recognition system, operated on dome cameras. The system automatically identifies blacklisted individuals when they approach the casino entrance and notifies both front desk and security personnel in real time. “This feature not only helps us enforce bans, but also strengthens our guests’ sense of security,” says Çalişkan. “We receive alerts within seconds if a blacklisted individual tries to enter the casino.” Although the casino is open from 12:00 noon to 6:00 am, the surveillance system operates 24/7. This ensures that potential threats such as break-ins or tampering outside of business hours are reliably detected. In day-to-day operations, the system significantly speeds up incident resolution – for example, in the case of misunderstandings between dealers and guests. Closed network architecture The entire system operates within a completely closed network – with no physical or wireless interfaces to other systems, no cloud connectivity, and no mobile access. This architecture ensures full data security and regulatory compliance. Internally, strict policies are in place: surveillance staff are not permitted to have contact with employees from other departments. This underscores the critical role of data protection in the casino environment of Northern Cyprus. The current system architecture is designed for seamless future expansion. AI-based functions and video content analytics (VCA) can be integrated at any time if required. Security meets efficiency With the Dallmeier solution, Grand Sapphire benefits from a state-of-the-art surveillance system that not only meets the highest security standards but also supports operational efficiency. Casino Manager Bayram Tegay concludes: “The image quality, system responsiveness and support have really convinced us. For us, it was absolutely the right decision. Thanks to Dallmeier, we can make well-founded decisions at any time – quickly, reliably and based on high-quality data.”

With a vast portfolio of smart locks, lock management systems, and connected readers, ensuring strong authentication, data integrity, and compliance with global regulations is essential. To meet these challenges, ASSA ABLOY is leveraging the long-time IoT expertise of HID to implement HID PKI-as-a-Service. This strategic deployment is not just about protecting millions of connected devices but also about future-proofing ASSA ABLOY’s security infrastructure for years to come. Cryptographic assurance: Securing every lock, inside and out ASSA ABLOY boosts trust in its devices, preventing unauthorized clones or counterfeit products A crucial aspect of this solution provides Genuine ASSA ABLOY products — an assurance that every smart lock, reader, and system within the network is verified as an authentic and authorized product.  By leveraging PKI-based identity verification, ASSA ABLOY strengthens trust in its devices, preventing unauthorized clones or counterfeit products from entering the ecosystem. For example, the inside of a lock can only pair with a matching outside component from ASSA ABLOY, ensuring the integrity and security of the entire system. This level of cryptographic trust not only enhances device security but also strengthens protection against counterfeit components or unauthorized modifications. Meeting stringent security and compliance needs As the industry faces increasing regulatory pressure, including the EU Cybersecurity Act and the upcoming Cyber Resilience Act, ASSA ABLOY needed a scalable, automated solution to manage over a million certificates annually. HID’s expertise in certificate management provides enhanced security, reduced complexity HID PKI-as-a-Service enables seamless device authentication, automated provisioning, and hierarchical key management, ensuring compliance with evolving security standards. An essential part of the solution is the offline Root Certificate Authority (CA), which serves as the foundation for secure operations. HID’s expertise in certificate management provides enhanced security, reduced complexity, and operational efficiency across ASSA ABLOY’s global IoT ecosystem. Driving innovation and efficiency By integrating automated bootstrapping and customized attestation certificates, the implementation has significantly improved operational efficiency while minimizing manual effort. This allows devices, including those operating offline, to maintain secure provisioning and updates without requiring constant connectivity. Additionally, the system is future-ready, designed to support emerging IoT protocols such as Thread, CoAP, EDHOC, and OSCORE, ensuring adaptability as the industry evolves. Collaborative success The success of this deployment is rooted in a strong alliance between ASSA ABLOY and HID The success of this deployment is rooted in strong collaboration between ASSA ABLOY and HID. A dedicated steering group ensured alignment on global PKI policies and security objectives, leading to a smooth rollout with minimal disruption. “The implementation of HID PKI-as-a-Service wasn’t just about meeting current security requirements, it was about future-proofing our IoT ecosystem for security and scalability,” says Anders Calbom, VP & Head of Technology Solutions, ASSA ABLOY. Major milestone in IoT security   Anders Calbom added: “With the ability to manage over a million certificates annually, we’re now positioned to scale our security infrastructure alongside our business growth.” This initiative marks a major milestone in IoT security, compliance, and operational efficiency. As ASSA ABLOY continues to innovate and expand, HID PKI-as-a-Service provides the secure foundation needed to drive future growth and digital transformation.

Iveda®, a pioneer in AI-driven video surveillance and smart-city technologies, announced that Subic Sun Development, Inc. has chosen the IvedaAI™ platform as the video surveillance solution for the soon-to-open Subic Sun Resort, Convention & Casino. IvedaAI was selected early in the build-out to inform camera placement and ensure frictionless integration with future-ready, AI-powered analytics. Focus on safety and service Located on the former U.S. naval base in the Subic Bay Freeport Zone—a special economic hub that hosts thousands of international and local businesses—the resort will feature 500 guest rooms, a state-of-the-art convention center, a luxury casino, and two Accor-brand hotels, Ibis Styles and Mercure, scheduled to open in December 2025. The decision comes as global resort operators sharpen their focus on safety, service, and operational efficiency. The global resort market generated $347 billion in 2024 and is projected to reach nearly $945 billion by 2030, an 18.5% CAGR. IvedaAI’s AI-enabled video analytics IvedaAI’s AI-enabled video analytics will help property staff lower security costs, respond to incidents faster IvedaAI’s AI-enabled video analytics will help property staff lower security costs, respond to incidents faster and unlock data-driven insights that boost both guest satisfaction and bottom-line performance. “Iveda being selected as a premier security and surveillance provider before the first Subic Sun Resort guest ever checks in is a powerful endorsement of our commitment to providing state-of- the-art monitoring technology,” said David Ly, CEO and Founder of Iveda. IvedaAI’s real-time analytics Ly added: “By designing camera layouts around IvedaAI’s real-time analytics, Subic Sun can optimize coverage, reduce blind spots, and deliver safer, smoother guest experiences—without a costly equipment overhaul. We expect more ground-up projects to follow this blueprint.” Iveda Philippines—Iveda’s joint venture focused on nationwide smart-city deployment—secured the Subic Sun contract and will oversee the on-site rollout. The win represents the team’s first major hospitality project and advances its plan to generate US$ 3 million in smart-city revenue by FY 2026, building on the broader initiative it announced last year.

iCard, a pioneering European e-money institution, has successfully upgraded its customer checks with Regula’s advanced biometric and document verification technologies. By integrating Regula Face SDK and Regula Document Reader SDK with its KYC (Know Your Customer) and risk assessment systems, iCard has moved to speedy, automated verification with improved fraud detection, and enhanced the overall experience for customers in 30+ countries. Implementing Regula’s solutions As a licensed fintech organization, iCard must comply with strict European KYC regulations while maintaining a robust risk assessment system alongside low-effort customer experience. iCard complies with strict European KYC rules while keeping a robust risk review system Prior to implementing Regula’s solutions, manual verification processes led to inefficiencies, longer wait times, increased fraud, and potential friction for users. Customers often had to re-upload photos or wait for manual reviews, causing delays—especially outside business hours. Additionally, iCard needed a more comprehensive document verification system that was capable of recognizing a broader range of ID types. The Regula solution: Fast and fraud-free identity verification To modernize and automate its verification process, iCard selected Regula’s complete solution for document and biometric verification for its industry-leading accuracy, ease of integration, and ability to meet the company’s specific requirements. Regula Face SDK: Integrated into the iCard Digital Wallet app (Android and iOS), it provides fast and reliable biometric verification when a user logs in or performs a money transaction. The solution conducts instant liveness detection and face matching, preventing fraud attempts, including presentation attacks, deepfakes, or injected videos.  Regula Document Reader SDK: Deployed in iCard’s back-office system, it automatically authenticates ID cards, passports, and residence permits, including previously unsupported paper-based IDs. Regula’s solution reads and authenticates data from multiple document zones, including MRZs (machine-readable zones), RFID chips, and barcodes, and cross-validates the information to detect any inconsistencies that may indicate fraud. Tangible business benefits The project was completed in just one month, and the impact has been immediate: Instant identity verification: Customers can now authenticate their identity in under a minute. Reduced operational costs: Automated verification processes have minimized manual reviews. Enhanced fraud prevention: Advanced biometric and document verification strengthen security measures. Increased conversion rates: Faster verification leads to a smoother onboarding experience and reduced drop-off rates. Fast and secure identity verification “Implementing Regula Face SDK and Regula Document Reader SDK has optimized our internal processes while ensuring a seamless experience for iCard Digital Wallet customers." "The integration was completed in a short period, resulting in fast and secure identity verification, improved operational efficiency, and reduced fraud risks—all while boosting customer satisfaction,” says Gabriela Anastasova, Chief Product Officer at iCard. Balancing security and user convenience “In today’s fintech landscape, balancing security and user convenience is critical. Customers expect seamless access, while businesses must comply with strict regulations and defend against sophisticated fraud. We are proud to support iCard in finding that perfect balance." "Our solutions ensure that every identity check is robust, automated, and frictionless, allowing fintech innovators like iCard to scale securely and efficiently,” comments Ihar Kliashchou, Chief Technology Officer at Regula.

Emphasizing proactive rather than reactive security shifts the focus from dealing with crises and damage control to prevention. Advantages of a proactive approach include cost efficiency, better business continuity, and fewer crises that draw attention away from strategic improvements. Staying ahead of threats is a core mission of the security department, and technology has evolved to enable security professionals to deliver on that mission better than ever. We asked our Expert Panel Roundtable: How are security systems transitioning from reactive to proactive, and what is the benefit?

Data overload is real. Sometimes it seems we are bombarded by the sheer volume, velocity, and variety of data available in our personal lives, and in our work lives. The solution is to figure out how to make sense of the data and transform it into real information we can use. In the case of physical security systems, new opportunities are emerging every day to utilize data to make our businesses safer and better managed. We asked our Expert Panel Roundtable: What is the expanding role of data in physical security systems? Why does it matter?

New technology advancements significantly increase efficiency and productivity in any industry, including physical security. Enhanced innovation both creates new products and services and improves existing products, all for the benefit of security manufacturers, integrators, and end users. Companies that embrace new technology stay ahead of the curve and gain a significant competitive advantage. In addition, they can differentiate themselves in the marketplace. We asked this week's Expert Panel Roundtable: What are the most promising new technologies in the physical security industry?