Workforce management systems gather and analyze information and anomalies from security officers in the field. The information ranges from direct observations entered via mobile or desktop apps by officers on duty to reports from cleaning staff, the maintenance department, and CCTV operators. Taken together, the information yields business intelligence and data analytics at no additional cost. Trackforce is a provider of workforce management solutions specific to the security industry and its...
When it comes to emergency planning and response, there is an abundance of resources to help enterprises prepare to mitigate the impact of an incident. The U.S. Federal Emergency Management Agency (FEMA) has devised the National Incident Management System (NIMS), aimed at defining and standardizing ways that resources can be used to manage and respond to an incident. An enterprise’s Emergency Operations Plan, or EOP, incorporates NIMS concepts and spells out what to do in an emergency. S...
Cook Security Group (CSG) successfully unveiled its privately branded video surveillance solution, Piko VMS, during their 2019 Technology & Innovation Summit in Portland Oregon. Health monitoring Cook named Razberi Technologies as their hardware partner to provide the intelligent appliance and health monitoring component to the new VMS brand. “While we still have strong relationships with our traditional video partners, we wanted to provide an open cloud-enabled platform to deliver...
UK organizations are failing to make progress towards strong cybersecurity and are facing paralysis as cybercriminals become more advanced. This is the conclusion drawn from the findings of the 2019 Risk:Value report – ‘Destination standstill. Are you asleep at the wheel?’ – from NTT Security, the specialized security company and center of excellence in security for NTT Group. Examining the attitudes of 2,256 non-IT decision makers to risk and the value of security to th...
The definition of a standard is “an authoritative principle or rule that usually implies a model or pattern for guidance, by comparison with which the quantity, excellence, correctness, etc., of other things may be determined.” In technology markets, such as physical security, standards are agreed-upon language, specifications or processes that are used across the board by multiple stakeholders to enable easier interconnectivity and smoother operation of systems. We asked this week&r...
Ping Identity, global provider of identity defined security solutions, has announced updates to its data governance solution, PingDataGovernance, to better manage data security and privacy requirements for APIs and user profiles. Today’s enterprises manage many different APIs on average, meaning sensitive consumer data like banking information and healthcare records are increasingly vulnerable. This rapid growth of APIs and third-party API traffic necessitates fine-grained data protection...
ONVIF, a global standardization initiative for IP-based physical security products, announced that its Export File Format, the ONVIF specification for the export of video from security surveillance recording platforms, is the new standard recommended by the National Institute of Standards and Technology (NIST) for the exporting and playback of video surveillance recordings. In a research project commissioned by the FBI to aid law enforcement in forensic investigations, NIST worked in conjunction with ONVIF to adopt the Export File Format to serve as the FBI’s new minimum interoperability requirements for exporting and sharing video clips, streamlining the playback process of video from different video recording platforms from different vendors. Aid forensic investigation The ONVIF Export File Format will enable law enforcement as well as private users These files are often exported in different proprietary formats, making it difficult for law enforcement to collect, correlate, and analyze the video data, as demonstrated by the 2013 Boston Marathon bombing, where more than 120 FBI analysts reviewed in excess of 13,000 videos before discovering key evidence in the footage. The NIST recommendation is published as NISTIR 8161 revision 1, which replaces revision 0. The ONVIF Export File Format will enable law enforcement as well as private users to more quickly and efficiently conduct forensic investigations using video of an incident from multiple sources – both private and public – regardless of what recording system originally captured the video. Export File Format will also be part of new worldwide standards to be published this year by the International Electrotechnical Commission (IEC) on the use of video surveillance systems in security applications, increasing the applicability of this standardized format on a global scale. Technology interoperability “This is a major step toward harnessing the massive amounts of video evidence, produced by IP-based video surveillance systems, that can be available to law enforcement in the event of a major incident, as well as to any user of a video recording system in need of faster and easier access to multiple video files,” said Per Björkdahl, chairman of the ONVIF steering committee. The NIST report addresses technical details as the use of MP4 as the standardized file format “We were very pleased to offer our expertise, specifically from our technical experts Dr. Hans Busch and Stefan Anderson, and have our work toward interoperability be validated in this way by the global standards and law enforcement communities.” The NIST report addresses technical details as the use of MP4 as the standardized file format and includes support for video codecs H.264 as well as and future variants to ensure video quality. Exported video must contain standardized, UTC clock timestamps that correspond to each video frame, with a recorded export system UTC clock time, with a reliable external reference time that is determined at the time the video is exported. exported metadata information ONVIF is an industry forum driving interoperability for IP-based physical security products Using the ONVIF Export File Format will also provide useful exported metadata information (e.g. recording equipment used, export file creation time and name of export operator), as well as allow the video file to be digitally signed to ensure the chain of custody for evidentiary purposes. Founded in 2008, ONVIF is a leading and well-recognized industry forum driving interoperability for IP-based physical security products. The organization has a global member base of established camera, video management system and access control companies and more than 12,000 profile conformant products. ONVIF offers Profile S for basic streaming video; Profile G for edge storage and retrieval; Profile C for door control and event management; Profile Q for quick installation, Profile A for access control configuration and Profile T for advanced video streaming. ONVIF continues to work with its members to expand the number of IP interoperability solutions ONVIF conformant products can provide.
KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organizations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year. Cybersecurity And Cyber Threat Mitigation The finance industry demonstrated an overall healthy improvement in culture from 2017 According to the 2018 Cybersecurity Culture Report, 95 percent of organizations see a gap between their current and desired organizational cybersecurity culture. With 94 percent of malware being delivered via email (2019 DBIR), it’s clear that working with users to minimize cyber risk and improve security culture is key. The 2018 Security Culture Report shows the value of being able to measure culture, helping organizations to demonstrate the effectiveness of their organizational security controls, as required by GDPR, CCPA and other regulations. Interestingly, the finance industry demonstrated an overall healthy improvement in culture from 2017 while the real estate industry showed a decline. CLTRe Toolkit And The Security Culture Framework CLTRe created the CLTRe Toolkit and the Security Culture Framework, which work in tandem to help organizations gather evidence about their current security culture and how it changes over time. The acquisition of CLTRe is advantageous for both KnowBe4 and CLTRe clients; KnowBe4 users will gain access to a research-driven measurement platform to show how their security culture program matures over time. And CLTRe clients will be introduced to the industry’s most progressive and easiest-to-use SAT and simulated phishing platform to help educate users and change their behavior. CLTRe measures the seven dimensions of security culture: behavior, responsibilities, cognition, norms, compliance, communication and attitudes. Quotes By Industry Experts: Stu Sjouwerman, CEO, KnowBe4 “Today’s announcement brings KnowBe4 very valuable tools to help our customers measure what matters – their security culture – so they can make decisions about how to improve. We’re excited to welcome Kai and the CLTRe team to the KnowBe4 family and to enhance our European presence while supporting more global customers.” Kai Roer, CEO, CLTRe “KnowBe4 is a leader in innovation and has a wonderful track record for growing quickly but with a very specific focus on improving security at the human-level. This is a natural fit for our evidence-based analytics and measurement tools, as KnowBe4 customers will now be able to measure their security cultures, benchmark against their industry sectors, and pinpoint exactly what kind of security culture they have. With KnowBe4 and CLTRe, organizations can gain true insight into their security culture, improve their security with pinpoint accuracy, report their progress to their board of directors, and educate their users to make smarter security decisions.” Perry Carpenter, Chief Evangelist & Strategy Officer, KnowBe4 “From my former life as a Gartner analyst, I have a strong appreciation for evidence over opinion, which is what CLTRe gives to its clients in the form of a data-driven examination of their security culture. To change user behavior and address awareness, we have to understand and change security culture. CLTRe gives organizations the tools to understand where they are today so they can get to where they want to go tomorrow.” Espen Otterstad, CISO at Abax (CLTRe customer) “Our work with CLTRe has been important to helping us gauge the maturity of our security culture over time. Now that CLTRe is part of KnowBe4, we have a very real way to advance the maturity of our program and test the knowledge of our user’s understanding via KnowBe4’s fresh content, engaging trainings and simulated phishing tests. The combination of CLTRe and KnowBe4 means that we can improve security within our organization through training and phishing tests and manage our security culture program while proving ROI.”
ExtraHop, provider of enterprise cyber analytics from the inside out, has announced the new ExtraHop Panorama Partner Program. The Panorama Program is designed to enable global channel partners to accelerate the adoption and integration of network traffic analysis (NTA) to help enterprise customers modernize their security operations. Panorama Partner Program Fueled by 10x growth in cybersecurity, ExtraHop is expanding its global channel program by working with global resellers, distributers, managed services, and integration partners with deep domain expertise in the international security market. The new Panorama Partner Program supports these channel partners with industry-leading accreditation that provides the foundational knowledge and tools to accelerate integration of NTA into security operations. The accreditation program also offers partner sales engineers a deeper technical view of the ExtraHop solutions, including demos, key use cases and competitive differentiation. Through the program, partners can leverage the robust integrations offered by ExtraHop In addition to partner accreditation, the new partner portal provides easy access to just-in-time (JIT) sales and training materials that help ExtraHop partners rapidly identify use cases and fast-track solutions specially tailormade for their customers. The Panorama Partner Program also makes it easier than ever for channel partners to pair ExtraHop with industry leading technology solutions. Through the program, partners can leverage the robust integrations offered by ExtraHop with products including ServiceNow, IBM QRadar, and Splunk to provide their enterprise customers with full detection, investigation, and remediation capabilities. AWS CPPO Program Through the Panorama Program, partners also have the ability to deliver full cloud solutions using the AWS Consulting Partner Private Offer (CPPO) program. Through the AWS Consulting Partner Private Offer program, ExtraHop brings together sophisticated analytics, machine learning and threat investigation capabilities from Reveal(x), world-class security services and program development from channel partners to deliver best of breed cybersecurity for AWS customers. ExtraHop partners with leading organizations around the globe including Allentis, AppCentrix, Epicon, GuidePoint Security, KedronUK, Kite, Macnica, Miel, Optiv Security, Presidio and Trace3. “As the demand for ExtraHop Reveal(x) continues to expand, we look to the leading channel partners to support our rapid growth around the world,” said Mark Fitzmaurice, Vice President of Global Channel Sales, ExtraHop. “We depend on our partners to deliver the visibility, speed, and scale enterprise security teams need to rise above the noise of the endless traffic required for digital business. The Panorama Partner Program is designed to make our partners highly effective and more profitable based on their investments in ExtraHop.” What Partners Are Saying: The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility" "At Kedron, we take pride in offering our customers a seamless experience with the best technology for their environment," said Roland Stigwood, Managing Director and Owner, Kedron UK. "The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility across the complex, hybrid IT environments of today.” “Kite Distribution specializes in bringing disruptive technologies to the UK channel, with the goal of driving incremental value for our customers,” said Kip Tumber, Director for Kite Distribution. “As one of the fastest growing distributors in the UK, we look for vendors that align to our own growth ambitions. ExtraHop is a leader in the real-time data analytics sector and provides valuable insights to IT security teams. Their Panorama Partner Program also demonstrates ExtraHop are fully committed to working collaboratively with the channel. Our joint early successes, reseller recruitment, and pipeline generation point to a strong successful partnership.” ExtraHop also offers partners a Sales Academy and an Accreditation Program to provide advanced knowledge and tools.
March Networks, a global video security and video-based business intelligence pioneer, is proud to announce that it has been designated as a cybersecure business by Cyber Essentials Canada for a second consecutive year. March Networks was the first company in the country to achieve the certification in 2018, and is the first to re-certify through the program this year. Developed as part of the United Kingdom’s (U.K.’s) National Cyber Security Programme, Cyber Essentials certification is awarded to organizations able to demonstrate good cybersecurity practices and an ability to mitigate risks from Internet-based threats in areas including: boundary firewalls and Internet gateways; network configuration; software management; access control; and malware protection. The toolset is also a valuable asset for end user organizations seeking to verify the security of their supply chain. Adhering To Best Security Practices Our participation in the Cyber Essentials program enables us to confirm that we are adhering to the current security practices"“March Networks works with many Fortune 500 customers, including some of the world’s largest banks, so strong corporate security practices have always been a priority,” said Peter Strom, President and CEO, March Networks. “Our participation in the Cyber Essentials program enables us to confirm that we are adhering to the most current security best practices. It also provides our customers with yet another assurance of our high cybersecurity standards.” March Networks’ holistic approach to security involves a 360° view of all areas of its business – from product development and source code management, to operational processes and customer data privacy. The company’s Network Operations Center, for example, operates with extensive physical access and networking controls and restrictions to ensure the security of customer data. The company also participates in comprehensive security audits initiated by large enterprise customers seeking to confirm the security of their video solution provider. Identifying Potential Vulnerabilities Proactive resilience strategies help strengthen organizations’ ability to avoid disruption"In addition, March Networks takes a proactive approach to identifying potential vulnerabilities in its products. The company’s Security Updates and Advisories program involves regularly tracking US-CERT reports on identified vulnerabilities, conducting in-depth investigations when required, and alerting customers and partners to any necessary software updates via email alerts and information posted directly on the March Networks website. Endorsed by the U.K. government, Cyber Essentials was originally created in collaboration with industry partners such as the Information Security Forum (ISF) and the British Standards Institution (BSI). CyberNB, a special operating agency of Opportunities New Brunswick, administers the program in Canada, where it is gaining momentum as a requirement to win business in both public and private sectors. “The team at CyberNB is proud of the commitment to security and continuous improvement that we’ve seen from March Networks,” said Josh Waite, Head of Cyber Essentials Canada. “Proactive resilience strategies help strengthen organizations’ ability to avoid disruption and demonstrate responsible practice. We congratulate March Networks for having made Cyber Essentials Canada certification part of their strategy.”
Pulse Secure, global provider of secure access solutions to both enterprises and service providers, has been recognized as a technology leader and among the top three performers in Network Access Control (NAC) according to research by Quadrant Knowledge Solutions. The NAC market, estimated at nearly $1.3 billion and growing by 27.6 percent per year, is driven by workforce mobility and Bring Your Own Device (BYOD), global regulations, automated threat response and Internet of Things (IoT) security risks. 2019 NAC Market Outlook According to the '2019 NAC Market Outlook' report by Quadrant Knowledge Solutions, NAC manages and controls access of devices and users to corporate networks based on policies, including endpoint configuration, authentication and user’s identity. NAC technologies have evolved significantly from device access authorization, BYOD and guest management functions to more granular endpoint visibility, access and security capabilities that support robust policies driven by mobility, cloud and virtualization trends. Modern NAC technology includes functionality to support granular network segmentation, user behavior monitoring, enhanced visibility, and security automation and orchestration capability for automated threat detection and response. The published report provides an overview of the market including NAC capabilities, technology, drivers, adoption trends and competitive insights. IoT Proliferation IoT proliferation and the convergence of IT/OT networks is expanding the enterprise attack surface"“IoT proliferation and the convergence of IT/OT networks is expanding the enterprise attack surface. With endpoint, BYOD and IoT security risks, organizations are taking advantage of the operational visibility and threat mitigation capabilities of next generation NAC solutions,” said Piyush Dewangan, industry research manager at Quadrant Knowledge Solutions. “Pulse Secure has received strong ratings for its sophisticated technology platform, competitive differentiation, scalability, technology vision and overall customer impact.” The report cites that Cisco, ForeScout Technologies, and Pulse Secure are the top performers and technology leaders in the global NAC market. These companies provide comprehensive NAC solutions targeting large enterprise organizations, improving their network visibility and granular policy implementation. Pulse Policy Secure Among the capabilities highlighted in the report that earned Pulse Policy Secure (NAC) a technical leadership ranking, the most distinguished are: Integrated visibility, BYOD and IoT security and Zero Trust enforcement capabilities Easy path to NAC, starting with rich network device profiling, inventory and guest management Dynamic identification, classification, monitoring and reporting of managed and unmanaged endpoint and IoT devices Agent and agentless options for pre- and post-admission control, supporting an existing 802.1x supplicant/agent, or by employing agentless multi-factor device discovery and verification Automated or self-service provisioning of guest, BYOD and IoT devices Advanced User Enhanced Behavior Analytics (UEBA) further detects anomalous user, endpoint and IoT device activity Integration with leading networking and security tools, and automated threat response Data center or cloud administration of multiple distributed PPS appliances; each appliance can control up to 50,000 devices to scale to over a million devices per network Integration with leading networking and security tools, and automated threat response Common NAC/VPN Client, policy engine and system management for streamlined deployment, unified visibility and consistent access control for data center and hybrid IT Expanding Enterprise NAC Platform Pulse Secure continues to experience growth in its enterprise NAC platform with sales through partners to existing customers" “Pulse Secure continues to experience growth in its enterprise NAC platform with sales through partners to existing customers, as well as to organizations investing in first-time NAC deployments and those replacing their current solutions,” said Scott Gordon, vice president of marketing at Pulse Secure. “With our unique means to offer a simple, unified NAC and VPN solution, we allow enterprises to gain essential intelligence, compliance and protection for remote, cloud and data center access. We are honored to receive this NAC market distinction as technology leader.” The 'NAC Market Outlook' report earmarks that the global NAC market is expected to increase significantly in the next five to six years. NAC is increasingly becoming mature and accepted as a key technology to improve an organization's overall security defenses. Both large and mid-sized organizations are looking at full-scale deployments and extending NAC security to a greater number of devices and endpoints. Adopting Security Technologies Traditionally, the adoption of security technologies is primarily driven by compliance to broader global regulations. In the global market, banking & financial services, education, government and healthcare sectors are the primary users of NAC solutions. However, organizations from several industry verticals are increasingly focusing on improving their security measures to enhance overall security. IT/OT convergence has resulted in increased exposure to cyberthreats to the industrial environment, and NAC vendors are expanding their capabilities to support IT/OT convergence.
Dr. Rick Rigsby, a renowned communicator, author and viral video star, will share his motivational message titled ‘Making an Impact’ during the ESX Keynote Luncheon on June 4 in Indianapolis. A video of Rigsby’s inspiring commencement speech to the California State University Maritime Academy went viral in 2017, racking up more than 200 million views worldwide. His book, Lessons from a Third Grade Dropout, is a USA Today, Wall Street Journal and Amazon bestseller. Rigsby’s audiences include Fortune 500 companies, academic communities and service organizations. Passionate Security Professionals This June, Rigsby is coming to ESX to speak to Passionate Security professionals to inspire, motivate and empower them to make an impact in their professional career and personal life. “How would you like to be better this year than you were last year?” says Rigsby. “Here’s the key: growing your capacity every day for greatness requires intentional steps. Join me, and let’s discover them together in Indianapolis.” Rigsby’s Main Stage session will be available to all Premium Pass holders at ESX. This session is one of three exclusive Main Stage presentations, all of which include meals. Premium Passes also grant access to more than 30 educational sessions held during ESX. The early-bird rate of $250 for a Premium Pass is available until April 20.
The oil and gas market is driven by a number of technology trends, political issues, waves of supply and demand, and regulations. At times, it seems like the market is in a constant state of ebb and flow, with business affected by traditional drivers, such as government mandates and operational efficiencies, and other non-traditional markers, like challenging weather conditions (consider the 2017 hurricane season as an example). Additionally, the global economy continues to grow, propelling increased energy demand. But like nearly every other market today, the oil and gas market is on the brink of a sea change. According to Deloitte’s 2018 outlook on oil and gas, “the digital revolution is here.” The sheer volume of information and data generated by digital devices, such as those associated with the Internet of Things, will allow producers to leverage rich data and combine it to deliver smart, efficient solutions. The rise of digital technologies is unleashing new ideas across the oil and gas industry and even though we are in the beginning stage of being able to harness the power of these types of technologies, innovative ideas are emerging — all designed to support the core business, reduce internal investments, deliver products faster, boost efficiencies, and enhance safety. Maximized Operations And Increased ROI This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand This is welcome news because there are a number of challenges facing the oil and gas industry, from improving reserve replacement and ensuring workplace safety to reducing operating costs and limiting downtime. All of these objectives must be achieved while maximizing operations and increasing overall return on investment. Never has it been more crucial for critical infrastructure organizations to demonstrate a focus on safety, security, and collaboration. Here's why: Growth and demand According to the U.S. Energy Information Administration, world energy consumption will grow by 56 percent between 2010 and 2040. This ongoing growth propels energy producers to embark on extensive exploration and production activities to meet increased demand. As energy-centric organizations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success. Compliance Continuous demand is only one challenge; compliance with industry and government regulations is another significant hurdle that must be maintained or there is risk of production shutdowns. For example, the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) impose comprehensive federal regulations for high-risk chemical facilities, requiring organizations to conduct vulnerability assessments. This is just one of many regulatory procedures sites must follow to conform to environmental protections, safety precautions, and safe handling of hazardous materials. As energy-centric organizations look to emerging markets or remote regions to source production, safety becomes even more mission-critical to their success Threat Protection, Mitigation, And Collaboration In addition to meeting the requirements of regulatory procedures, mitigating risk in this industry propels leaders to develop stringent strategies to ensure robust protection of people, property, and assets, effective and efficient response to incidents when they occur, and procedures and protocols to ensure business continuity in emergency situations. Energy providers require comprehensive safety planning and technology systems that can augment the capabilities of on-site and remote personnel. In recent years, video solutions have become the standard for monitoring facilities, assets, and employees, and now these organizations require enterprise-class solutions that can help gather intelligent data that allows for enhanced security and safety efforts but also focus on processes that enhance operational efficiencies. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market IT security is also a concern. Cyber-attacks are becoming increasingly more complex and sophisticated in the oil and gas market. An IT breach can cause operational havoc, risk to the public, and damage to an organization’s brand. Adopting a continuous improvement approach to a security strategy safeguards and helps protect valuable company information and reduces the likelihood of an incident. Also, collaboration between IT and physical security leaders and the correlation of both departments' data makes it much easier to identify a potential breach before havoc ensues. The Digital Age With the rise of the digital revolution and the demand for data to improve insight, oil and gas producers and businesses need to find new ways to capture data, correlate it as needed, and then leverage it to make the most informed decisions. Software platforms are being used in a wide variety of applications to provide a single pane-of-glass view that allows operators to gain critical insight into operations. By collecting intelligence from digital sensors, such as video surveillance cameras, open-source Web intelligence, building systems, crowdsourcing, weather sensors, mobile devices, and more, operators can detect potential risks and manage and respond to situations more efficiently. Furthermore, information can be shared easily with multiple agencies, employees, citizens, and first responders — especially valuable in the event of a safety incident where rapid response is paramount. By creating a single enterprise-wide view across disparate systems and technologies, organizations experience improved response times, lowered operational costs, and increased employee safety. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically Traditional Command Centers Intelligent solutions, such as those derived from the idea of artificial intelligence, help organizations make sense of vast amounts of data. These integrated applications, such as advanced video analytics and facial recognition, can automatically pinpoint potential breaches and significant events, and send alerts to the appropriate personnel, departments, and agencies. These solutions can be powerful in unifying disparate command center technologies within the oil and gas industry, fusing critical data input from emergency calls and responder activity to enhance situational awareness. With traditional command centers relying mostly on call and radio updates, visibility can be limited, but new digital platforms enable operators to oversee a situation and engage with and direct the response force. Overall, these types of automated functions deliver a simplified and modernized operating environment. The Future Is The Intelligent SOC Oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets All of these digital solutions are designed to take center stage within the Intelligent Security Operations Center (ISOC). To combat advanced, multi-stage threats, oil and gas facilities are transforming the traditional SOC into the next-generation unified ISOC with an integrated platform for detection, investigation, communication, and response. Cyber, traditional security, digital devices, and situational awareness technologies combine to deliver an integrated, automated, and adaptive architecture to efficiently mitigate advanced threats in real time or forensically. Energy providers operate in challenging, fast-moving environments in which opportunities, requirements, and regulations can vary widely, change quickly, and evolve significantly over time. As the idea of the digital age continues to transform this market, new technologies will be more widely used to improve business operations from exploration and extraction to transportation and distribution. With the right technology, strategic partnerships, and enhanced situational awareness, oil and gas facilities can implement a proactive approach to safety and better mitigate threats and protect assets, while continuing to focus on achieving business goals that will sustain supply and demand for years to come.
According to the reports of not-for-profit organization Gun Violence Archive, the year 2018 has seen 323 mass shooting incidents as of November 28 in the United States. This number is 346 for the year 2017 and 382 for 2016 (more statistics are available here), with “mass shooting” defined as cases where four or more people are shot or killed in the same time period and location. While definitions of mass shooting vary with organizations in the US, the count of over 300 incidents per year, or about once per day on average, is simply alarming. It raises public safety concerns, ignites debates and protests, which in turn lead to public unrest and potentially more violence, and increases costs for governments from the regional to federal level. Most importantly, the loss of lives demands not only improvement in post-incident handling and investigation, but also new prevention technologies. Gunshot Detection Solutions AI weapon detection offers a more efficient alternative to prevent active shooting There are several gunshot detection solutions in the security market, commonly used by law enforcement agencies to detect and locate gun fires. These systems function based on acoustic recordings and analyses and often in combination with signals detected by sensors of the optical flash and shockwave when a gun is fired. However, gunshot detection by nature dictates that the law enforcement can only react to a shooting incident that has occurred. With fast action, law enforcement can prevent the incident from escalating, but lives that are lost cannot be recovered. With the development of artificial intelligence in object recognition, AI weapon detection offers a more efficient alternative to prevent active shooting: AI can visually detect guns based on their shapes before they are fired. The AI is trained to recognize firearms in different shapes, sizes, colors, and at different angles in videos, so that the AI weapon detector can be deployed with existing cameras systems, analyze the video feeds, and instantly notify security staff when a gun is spotted. Comparison of the advantages for law enforcement and public security agencies Legacy gunshot detection using sensors AI weapon detection Reactive measure: detect after guns have been fired Proactive measure: detect before guns are fired Time to action: within 1 second Time to action: within 1 second Unable to provide visual data about shooter(s) Can provide data about shooter(s) based on the camera recording: clothing, luggage (backpack, handbag, etc.), facial features, vehicle Unable to track the location of the shooter(s) before and after shooting because of the lack of sound Can track the shooter(s) using AI Person & Vehicle Tracking, AI Face Recognition, and AI License Plate Recognition False detection caused by similar sound such as fireworks and cars backfiring Minimal to no false detection, as AI can distinguish different types of handguns and rifles from normal objects (umbrella, cellphone, etc.) Require physical deployment of gunshot detection sensors Can be used with existing camera systems, do not require special hardware Complicated to deploy, require highly trained professional Easy to deploy as an add-on to existing video surveillance system - Can integrate with gun-shot detection to create a “double knock” audio and video active shooter alert system Gun-Shot Detection Advantages In addition to advantages for law enforcement and public security agencies, this type of visual-based pre-incident detector has three-fold advantages for the public: Save lives by spotting the shooter before the shooting event. Minimize the chaos entailing an incident: panic and chaos caused by a shooting incident often adds to injury, as people run, fall, trample on others… With an AI weapon detector, when a gun is spotted, the system sends an alert to security staff, who can quickly control the situation in an organized manner and apprehend the intending shooter. Can be added as a SaaS (Security as a Service) component to small business and home surveillance systems, e.g., intrusion detection alerts (home invasion incidents with firearms number over 2500 per year nationwide). For a complete active shooter detection system, video-based AI detector can operate in conjunction with gunshot detectors for enhanced security. Traditional X-ray based weapon detection or metal detection entrance systems are complicated and expensive; with AI video technology, active shooter detection system can be cost-effective, and after all, what price tag can one put on a life? Written by Paul Sun and Mai Truong, IronYun
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organization’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-Level Threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organization’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organizations. Bad actors have realized that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organizations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organizations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-Progress Attack Detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data Exfiltration Detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organization was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best Practice Resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organizations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organizations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organization monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customize protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analyzing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organization’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organization’s health and well-being in 2019. Protecting Applications Against Data Breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organization. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
The Electronic Security Expo (ESX) will be held at the Indiana Convention Center, June 3-6, in Indianapolis. The show focuses exclusively on the electronic security and life safety industry, including companies that service the connected Internet of Things (IoT) space for homes and businesses. The ESX Main Stage will highlight inspirational presentations from motivational speakers, Dr. Rick Rigsby and Kevin Brown. In addition, there will be a founder of a drone security company and an Entrepreneur-in-Residence from Kleiner Perkins for OpenXchange, and a Secret Service agent for the Closing Keynote. Sharing Best Practices And Trends In breakout sessions, colleagues and business thought leaders will share best practices, trends and opportunities that helped their own companies and careers, so that others might replicate their successes or minimize their failures. These sessions are aimed at propelling attendees to reimagine their business models and go-to-market strategies, says George De Marco, Chairman of ESX and Managing Partner for DECO Ventures LLC. Examples of breakout sessions include: CounterPoint Forum – “False Alarm Dispatches - A Real Threat or a Nuisance to the Industry?” “Top 3 Ways to Grow Your Video RMR” “5 Faster, Smarter Ways to Improve Cash Flow” “Artificial Intelligence Real Time Video Monitoring Solutions” Promoting Security Professionals’ Growth Our goal is to develop next-gen methods that deliver industry content and promote professional growth"“Each year, we challenge ourselves to raise the bar of the educational sessions and main stage events,” says De Marco. “One of the ways is introducing new faces and voices for the peer-developed and peer-driven educational sessions that offer best practices and identify trends, opportunities and challenges for industry professionals to consider today and in the future. Our goal is to develop next-gen methods that deliver industry content and promote professional growth as the industry pivots to the future.” New entrants and disruptors are challenging traditional go-to-market strategies, causing traditional companies to rethink how they rise above the noise in a changing competitive landscape and handle new consumer buying behaviours, says De Marco. Exhibitors At ESX Exhibitors that support ESX include Interlogix (Diamond sponsor), Napco (Platinum sponsor), Alula and DMP (Gold sponsor), and ADI, Altronix, Bold Group, Essence, ICT, Quick Response, Resideo, Secura key, Security Central and WeSuite (Silver sponsors). ESX seeks to connect exhibitors with the influencers and decision-makers from companies that represent a cross section of dealers, integrators and monitoring companies in North America. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s impressive convention center. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s convention center “We recognize individuals and companies during the Opening Celebration that help propel the industry forward and at our VIP Event at the Indianapolis Motor Speedway,” says De Marco. “During the day, there are meals around the Main Stage sessions which gather attendees around the table for casual conversation before the presentation begins.” Indianapolis, home of the Indy 500, is a unique location that has a lot to offer the attendees of ESX. A special night at the Indianapolis Motor Speedway will invite a limited number of guests to share great food and drinks, to experience a trip around the track in an official pace car, and to ‘kiss the bricks’, a speedway tradition. Centrally located in the US, Indianapolis is a convenient convention destination for travel, whether flying or driving. Connecting With Peers And Colleagues Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small There are also networking opportunities throughout the week. The Pub Crawl, an attendee favorite, is a night where long-time friends gather, and new friendships are made. “This is where the real conversations happen between peers and colleagues about real problems of running and growing a company, and solutions that can make a difference,” says De Marco. Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small players. This enables professionals to come together to connect with their peers and colleagues, allowing for deep discussions on how to grow their people, revenues and profits, including mentoring opportunities that encourage leadership development, says De Marco. The subject of finding qualified employees is top of mind for almost every industry today, especially the security industry. Sessions that address hiring and managing employees for industry professionals include “Hiring from Outside the Monitoring Industry: Surprising Resources for Great Operators” “Maximize New Employees: Why Onboarding is Critical to Their Success” “5 Tips for Effective Employee Performance Evaluations” Helping Attendees To Reinvent Their Business “Our focus is primarily on the attendee, helping them connect with suppliers, colleagues and opportunities that reimagine their businesses, so they can be stronger competitors,” says De Marco. “If we can provide the right knowledge to inspire or transform the attendees to take meaningful action or implement change that helps them remain relevant, we believe we have succeeded.” There will be an undercurrent of sadness at ESX this year because the industry recently suffered a loss. George Gunning, former CEO of USA Alarm Systems and one of the founding members of ESX, passed away in February. “We would be remiss if we didn’t recognize his contributions and influence on the industry and ESX over the years,” says De Marco. Another founding member of ESX who has passed away is John Murphy, formerly CEO of Vector Security.
Simultaneous suicide bombings at several churches and hotels in Sri Lanka on April 21 were of a scale, sophistication and level of coordination that hasn’t been seen since 9/11. Nine suicide bombers targeted three churches and three hotels on Easter morning, and the resulting casualties numbered 359 dead, including 45 children, and about 500 injured. The complexity of the attacks suggests the bombers received help from an outside organization, likely the Islamic State (IS). Sadly, security warnings from Indian intelligence officials, which might have helped to prevent or minimize the attacks, were ignored by Sri Lanka security weeks earlier. In the wake of the massacre, two of Sri Lanka’s top security officials were asked to resign, and Sri Lanka’s president promised to completely restructure state security. Contradiction To The Terrorism Report The twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacksA motivation for the Sri Lanka tragedy is thought to be the March 15 shootings at two mosques in Christchurch, New Zealand, where 50 people were killed and 50 more were injured. A 28-year-old Australian white supremacist was arrested and charged with murder. Taken together, the twin calamities provide a dramatic counterpoint to an observed global decrease in terrorist attacks, as documented in a recent report. The suicide bombers in Sri Lanka were eight men and one woman, most of them well-educated and coming from the middle or upper class. One was the leader of National Thowheeth Jamaath, the homegrown militant Islamist group the government has blamed with carrying out the attacks. There is also evidence to corroborate a claim of responsibility by IS. Some 60 people have been arrested in the investigation. Even days later, police continued to find explosives and said there was still danger. Multiple Attacks One explosion on Easter morning occurred at St. Sebastian’s Church in Negombo, 20 miles north of Colombo, where more than 100 were killed. Another bomb killed 28 people at the Zion Church in Batticaloa, and an unknown number died at St. Anthony’s Shrine, a Roman Catholic church in Colombo. The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury The three hotels that were attacked were all in Colombo – the Shangri-La, the Cinnamon Grand and the Kingsbury. Two more explosions happened Sunday afternoon, one at a small guest house and another at the suspects’ safe house, where three officers were killed. Security at houses of worship has been a high-profile concern in the United States in recent years following incidents such as an attack at Emanuel African Methodist Episcopal (AME) Church in downtown Charleston in 2015 that killed nine people. Just last October, 11 people were killed and six others injured in a shooting at a synagogue in Pittsburgh. Hardening Security At Churches “It’s no longer enough to pray for a safe and secure environment,” commented Patrick Fiel of PVF Security Consulting in an Expert Panel Roundtable discussion. “Churches are soft targets. Clergy and parishioners will need to work closely with security consultants and local law enforcement to harden their facilities.” Access control, CCTV solutions and mass notification systems are all helpful and can be placed unobtrusively so as not to interfere with aesthetics of the church, Fiel adds. The scale and scope of the bombings in Sri Lanka provide a wakeup call to the global likelihood of terrorist attacksIt doesn’t appear technology would have made much difference in the case of the Sri Lanka attacks, although awareness and vigilance can have an impact. At Zion Church in Batticaloa, for example, a bomber was stopped by pastors from entering the congregation area where some 500 people gathered. Because of their suspicions, the bomb was instead detonated in a courtyard where children were eating breakfast; 28 people died. The scale and scope of the bombings in Sri Lanka provide a dramatic wakeup call to the continuing global likelihood of terrorist attacks. The last territory of the Islamic State in Syria fell in March, but IS and its ideology live on, and continue to be a global terrorism threat. And that’s just one among many possible sources of terrorism worldwide. Hopefully, the recent incidents do not foreshadow more attacks that are even more deadly.
As the Internet of Things (IoT) and other trends drive the convergence of physical and information security, integrators and end users attending ISC West may be struggling to keep pace with new areas of responsibility and expanding roles in the larger security ecosystem. Help is here. The Connected Security Expo, co-locating with ISC West, focuses on building a holistic security strategy for the connected enterprise. Exhibitors will focus on how physical and information security can be used together to mitigate new and emerging cyber-threats in a hyper-connected world. Connected Security Expo provides attendees access to cutting-edge products and technology in both the physical and IT secure realms. It is clearly a growth factor in the market. Here’s a look at some of the companies on display in the 2019 Connected Security Expo: Integrated Video Cloud Service The AI-powered video analysis software suite delivers high-speed object search and facial classification Arcules provides the Arcules integrated video cloud service, which combines untapped video and sensor data with the latest technologies in cloud, artificial intelligence, and machine learning to deliver actionable business and security intelligence for modern organizations. The cloud-based service is designed to ensure security, scalability, streamlined operations, and bandwidth management — all from a single, easy-to-use interface. Hardware-Accelerated Solutions BrainChip Inc. is a global developer of software and hardware-accelerated solutions for advanced artificial intelligence (AI) and machine learning applications. The AI-powered video analysis software suite delivers high-speed object search and facial classification for law enforcement, counter terrorism and intelligence agencies. PSIM Software Platform CNL Software Inc. is an open, adaptable, scalable and secure Physical Security Information Management (PSIM) solutions provider. The IPSecurity Center PSIM software platform helps law enforcement, government agencies, the military, public and private critical infrastructure, transportation networks, corporations and campuses to integrate, automate and manage systems, allowing better security intelligence and improved operational efficiency. Facial Recognition Software IOmniscient Corp. provides facial recognition software that can recognize multiple faces even in crowded and uncontrolled scenes IOmniscient Corp. provides facial recognition software that can recognize multiple faces even in crowded and uncontrolled scenes. Matching faces with an existing database, the system can detect an unauthorized person and track him or her across non-overlapping cameras. Enhance Situational Awareness Oncam offers 360 and 180-degree video technology. The company has the largest range of wide-angle cameras that are open platform and easy to integrate. Unique dewarping technology allows the creation of award-winning video solutions for stakeholders from the C-suite to the security officer in wide range of industry segments. Oncam’s products greatly enhance situational awareness. Enterprise-Class Security Pivot3 is a provider of intelligent solutions using hyperconverged infrastructure. Pivot3’s intelligent infrastructure is optimized to deliver performance, resilience, scalability and ease-of-use required for enterprise-class security, video surveillance and IoT deployments. Electronic Physical Security The UL 2900-1 standard offers general requirements for software cybersecurity for network-connectable products UL LLC is working to increase the prominence of the Underwriter Laboratories brand in cybersecurity with the UL Cybersecurity Assurance Program (CAP). The UL 2900-1 standard, the standard that offers general requirements for software cybersecurity for network-connectable products, was published in 2016 and in July 2017 was published as an ANSI (American National Standards Institute) standard. The standard was developed with cooperation from end users such as the Department of Homeland Security (DHS), U.S. National Laboratories, and other industry stakeholders. UL 2900-2-3 – the standard that focuses on electronic physical security/life safety & security industry, was published in September 2017. Proactive Automated System Viakoo is a provider of the security industry’s first proactive automated system and data verification solution. Create Significant Value Vidsys is innovating and accelerating a transition to Converged Security and Information Management or CSIM. The company is committed to educating and supporting customers with their evolving needs to provide a more holistic view of risk and throughout the overall business process re-engineering necessary to create significant value across the entire organization.
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the program, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardization across sites, shorter implementation times and cost efficiencies. Standardizing Company’s Security Measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardizes the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardized security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardize our physical security solution. The Global Client Programme also minimizes risk and guarantees compliance. It really meets our needs in every possible way.” Central Security Platform Saves Money The program helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The program also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Premier League football club Everton FC has deployed SureCloud’s GDPR suite to manage and monitor its data and GDPR compliance, enabling the club to work towards GDPR compliance, optimize internal processes and position it strategically for the future. The solution replaced Everton FC’s manual data mapping and processing methods. Manual Data Mapping And Processing Everton FC’s databases are extensive, containing details on over 32,000 season ticket holders and over 600,000 registered fans, with details on around 360 employees, players, agents, suppliers, and individuals associated with the club’s community charity and partner school. Much of this information is sensitive. This data and all of the processes associated with it were being manually managed and tracked in a series of Excel spreadsheets. With multiple requests and queries to respond to every day, the club’s Data Protection Officer was struggling to record and manage smaller ad hoc queries, incidents, and tasks. With GDPR due to place much tighter restrictions on how the club processed, managed and shared its data – as well as on the reporting of any incidents that did occur – the club needed a more comprehensive and reliable tool in place before 25th May 2018. SureCloud Platform The club approached its long-standing IT support provider NCC to find a solution. NCC recommended the SureCloud GDPR Suite, delivered on the SureCloud platform. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organization, Everton FC selected its cloud-based suite of solutions. Two dashboards were created according to Everton FC’s specific needs Two dashboards were created according to Everton FC’s specific needs: one to show all data mapping and transfers, including where data is being held and who it is being shared with; and one showing incidents and requests, including a subject request register and incident tracker path. This gives an immediate overview of which requests are still outstanding, such as a request for an individual’s personal information to be erased from the database. SureCloud GDPR Suite The five applications Everton FC chose to deploy from the SureCloud GDPR Suite were: GDPR Program Tracker - to enable the club to map all its disparate data and workflows using intelligent risk-based questions GDPR Management – to provide all mandatory GDPR business-as-usual processes Information Asset Management - to record and maintain the club’s entire data inventory Compliance Management for GDPR - to help Everton FC speed up their process of attaining compliance and on-going real-time risk remediation Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise Ian Garratt, Data Protection Officer at Everton FC said: “The penalties for not achieving GDPR compliance are severe – up to 4% of our revenues, or €20 million. It was imperative that we got a solution in place that could not only help us achieve GDPR compliance but would also make it quick and easy for us to demonstrate that compliance at any point, on request. SureCloud’s GDPR Suite fit the bill.” Centralized Data Management Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralized system “We are now tracking and recording every single data request in a centralized way. With NCC’s support, SureCloud’s solution has brought a comprehensive clarity to our data processing that was impossible to achieve with manual spreadsheets. The system is so intuitive; it has helped us streamline multiple processes and undertake impact assessments that we couldn’t handle before.” Now, all of Everton FC’s disparate data are mapped, risk-assessed and tracked in a single centralized system. All changes and requests are automatically tracked so that activity records and data audits can be produced at the click of a button. Should an incident like a suspected data breach occur, it is identified and reported immediately and automatically. The club’s data protection team can select which asset has been affected and immediately determine the severity of the incident and whether it needs to be reported to the ICO. Should it need to be escalated, the report is available instantly. Data Processing, Documentation And Risk Management Ian Garratt added: “The SureCloud GDPR Suite isn’t just a compliance tool; it’s a comprehensive management tool. We now have a continuous, real-time status of where we are and what we need to be doing in terms of data processing, documentation and risk management. It would have simply been impossible to achieve this manually. SureCloud has not only helped us to work towards GDPR compliance they have optimized our internal processes and positioned us strategically for the future.” In addition to deploying five applications within the GDPR suite, SureCloud is currently adapting its Incident Assessment tool to meet Everton FC’s specific requirements.
To succeed in business, one must be brilliant at one thing. In many cases it’s a skill, such as art, coding, engineering or design. Or that one brilliant attribute can also be a personality trait or a business process. No business will be successful unless it is at least adequate, and preferably superb, in product development, sales, and customer engagement - not to mention finance, planning, marketing and recruiting. Too many VMS producers are trying to do all these things themselves when they should be doubling up on what they are best at and leveraging the rest. It is a new mindset. Instead of obsessing about which ‘me-too’ product to supply, software producers could make their first priority finding complementary and compatible partners. Developing A Partnership Ecosystem One partner might see the opportunity to sell a solution. Another partner might know a better way to distribute a product. A third partner might provide the vertical expertise to get the customer a perfectly tailored solution. By leveraging partners and developing a partner ecosystem, a company will tend to have more unique offerings and the ability to execute faster in an ever-changing world. All this additional partner horsepower is still no guarantee a company will succeed but partnerships will also give a company a feedback channel. Many stand-alone companies plod along, never quite failing, but never getting better either. Partners are less likely to tolerate business limbo. They will be quick to utilize great products, and less wedded to the concept if it doesn’t prove out. Because the partners are in close contact with the market, they are the first responders to changing or developing needs. This is why a company should listen very closely to their partners: They are the feet on the street and the ears to the beat! Open Platform Matters Producing software takes time, and producing great software takes even longer All of this is not possible, however, if a company produces closed platform software. This is software whose functions can only be changed by the original developers. Producing software takes time, and producing great software takes even longer. This means low agility. The partners might identify great opportunities, but before the closed platform software producer can react, the opportunities might be gone - or worse, be grabbed by competitors. The slow reaction capabilities of closed platform providers will frustrate partners and may lead to the worst of all complications in a partnership: distrust. Add-On Modules and Intrinsic Scripting When the products are based on an open platform, however, they are adaptable. Then the partners have the ability to change the solution through the open software architecture. Not by changing the basic code (that would be open source) but by add-on modules and intrinsic scripting abilities. Total Integrated Solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution Open platform means that the partner can easily extend and enhance the software into a total integrated solution to fulfill the customer’s needs with the minimum of effort. This gives agility, and agility means fast go-to-market abilities. Just what is needed in this fast-moving world. There are some important things to note here. The ways to extend and enhance the software have to be easy and well documented. The partners must have access to training and knowledge sharing. (It does not help to have a system for extending the capabilities of the software if the partners have to guess at the process and the documentation is rudimentary.) Open Access Is Key It is important that the business philosophy is based on openness, giving the partners full access to all relevant information. And openness is a two-way street: By being open for your partners, you also have to be open about their business. A partner might be able to develop a highly sophisticated solution but be unable to market the solution. By building a catalog of partner solutions easily accessible to customers, openness extends to ensure open access to the partners. Openness is not something a business can just tack on to their approach. It has to be in the DNA of the business from the start. In a Harvard Business Review article entitled ‘Predators and Prey: A new ecology of competition,’ JF Moore says: “A business ecosystem, like its biological counterpart, gradually moves from a random collection of elements to a more structured community.” Structured Business Ecosystem Milestone has seen this progression within the company's ecosystem Milestone has seen this progression within the company's ecosystem. They introduced training and certification requirements as part of the partnership success structure, ensuring knowledge is shared and also used in a way that is most mutually beneficial for all involved. Moore also writes: “Every business ecosystem develops in four distinct stages: birth, expansion, leadership and self-renewal.” At present, Milestone and its partners are entering into the ‘leadership’ stage, where video enabling is creating opportunities beyond those offered by a traditional video surveillance system, and into areas that provide additional business benefits to our customers. Video Enabling “A leader must emerge in the ecosystem,” Moore says, “to initiate a process of rapid, ongoing improvement that draws the entire community toward a grander future.” This is the role Milestone has played in leading the industry towards the video enabling phase and redefining the industry’s expectations of what a surveillance system is capable of. In the article, Moore underlines that “executives whose horizons are bounded by the traditional industry perspectives will find themselves missing the real challenges and opportunities that face their companies.” Getting Connected Connectors are those people with a wide range of contacts across different social circles In his book The Tipping Point, Malcolm Gladwell describes what he calls ‘The Law of the Few,’ which says: "The success of any kind of social epidemic is heavily dependent on the involvement of people with a particular and rare set of social gifts." This is based on the 80/20 principal, “which is the idea that in any situation roughly 80 percent of the 'work' will be done by 20 percent of the participants." He goes on to identify three types of people with these gifts: Salesmen, who are skilled in persuasion and negotiation; Mavens, who collect and disseminate useful information; and Connectors. Connectors are those people with a wide range of contacts across different social circles who can make introductions and create links between otherwise disparate individuals. Milestone, Key Connector In Physical Security Industry In the wider scheme of things, Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry. Milestone brings together companies who are brilliant in their respective fields and make it easy for them to work together to create a valuable solution for the customer. The company provides the environment for that to occur and work closely with them to ensure that the end result is useful and effective. At Milestone, partners realized that significant investments in education and training was required to create the demand for the company's products and solutions that the conservative physical security industry required. The value of partnership was learnt and the ‘open’ approach adopted, which was a central part of the thinking behind our software. Adopting The Scandinavian Management Model Milestone effectively acts as a ‘Connector’ in the business ecosystem and in the overall physical security industry Milestone extended this approach to the entire business model, creating the ecosystem that has been the driving force for success. And while the company embraced the best of the Scandinavian management model, its inclusiveness and encouragement of creativity, they still needed to have the courage to make changes to the business, changes which would ensure the best possible position to take on whatever challenges the future might hold. Milestone Partner Ecosystem Milestone have always worked in a partner-driven business mode. The company from the start was designed to be open and partner oriented. The Milestone partner ecosystem is a fundamental part of its mindset and daily operations. It is one of the major reasons for getting the company to the position where it is today. To be in a company without the partner component would be like cutting the internet and phone cables while reverting to telex and written paper letters! The company would be developing products in the dark, not knowing the demand. Open Business World Today, Milestone's partners are delivering optimal solutions to mutual customers, building a better and open business world with video as a business enhancer. All thanks to the company's open platform and community approach. To have a flourishing partner ecosystem, one must think not as a corporation but in human terms. Because companies don’t think, humans do. In all senses of the word, there is one thing that will contribute more to the success of a partnership than anything else; 'Give before hoping to receive'.
The Security Industry Association (SIA) has expressed strong support for MI HB 5828 and HB5830, two bills designed to improve school security across the state of Michigan. Michigan Legislation In a letter to Michigan House of Representatives Committee on Appropriations Chairwoman Laura Cox and Vice-Chair Rob VerHeulen, SIA CEO Don Erickson praised the bills’ creation of a comprehensive school plan and fund to enable local districts to procure security solutions to protect students from malicious perpetrators and update building code requirements to include security measures. “Sadly, our nation’s schools have increasingly become a soft target for mass violence – at Sandy Hook Elementary, recently at Stoneman Douglas High School and in many other attacks,” said Erickson. “We support holistic approaches to improving school safety and security in response to these tragedies – recognizing there is no single action that can be taken that will, by itself, make our schools safe.” SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts Improving School Security SIA represents about 900 security and life safety solutions providers – companies that develop, manufacture and integrate technologies that help keep people and property safe from hazards. These industry leaders strive to introduce robust security solutions integrated into our nation’s K–12 public schools, private academic institutions, colleges and universities. In addition to serving member organizations working to improve security in schools and other environments, SIA is a co-founder of the Partner Alliance for Safer Schools (PASS), a consortium of school security experts that developed threat- and income-based guidelines for schools housing grades K–12 to implement appropriate, layered security measures. These guidelines are available to help guide school investments. Additionally, PASS provides integrators with risk assessments and white papers that can be used when working with schools to evaluate and establish the best security protections for their buildings. SIA believes state assistance like that in the Michigan legislation is a start to addressing key security gaps in schools and is especially critical to high-risk school districts or those with limited budgets.
Keeping the food supply safe was not an issue for Furman Foods back in 1921, when John W. Furman canned 360 glass jars of tomatoes with his wife, Emma, and their six children. Just as food processing practices have evolved over time, so too has the nation’s approach to securing food processing facilities. Today, Furman Foods uses ID cards as the first step of a greater plan to enhance its plant security. Furman Foods is a family-owned business. By 1969, the company had sold a million cases of tomatoes and was complementing its tomato crop with beans, peppers and other vegetables sold under the Furmano’s name. The company’s roots are planted firmly in the soil of the Susquehanna River Valley of Pennsylvania. Despite this remote location, Frank Furman, Vice President of Quality, is ready to take the facility to the next level of security and quality. “The need is here,” he said. “Everything is coming together at once. Not only does security make good business sense, but it also is something we need to do for our customers.” Food Safety And Security While the company has focused on food safety for many years, the U.S. Food and Drug Administration’s (FDA’s) Bioterrorism Act of 2002 made security a top concern for food producers such as Furman’s. Title III of the act specifically addresses protecting the safety and security of food and drug supplies. In addition, because Furman Foods provides food for U.S. Department of Agriculture (USDA) food programs, it is subject to USDA security measures. Security isn’t new to the company. It began incorporating additional security measures shortly after September 2001. The well heads for the water supply are locked and checked daily, for example, and a third-party security service is on duty during off-hours. Delivery truck doors now must be sealed, the company’s computer systems have new access controls in them, and locks now adorn all bulk storage areas, such as those for corn sweeteners and vinegar, some of the most vulnerable areas in the company. An important part of the security system at Furman’s is a new ID card program Time And Attendance Tracking An important part of the security system at Furman’s is a new ID card program. “We needed to replace our time clocks,” said Mark Slear, Systems Administrator, “so we took advantage of the opportunity to introduce employee ID cards to track time and attendance.” “I wanted some kind of control so that people who don’t work here don’t get in,” Furman said, “Despite the fact that we are located in a rural area, we still were seeing people here who shouldn’t be here. We had to figure out some way to limit access.” In the past, the company had pre-printed, pre-numbered, bar coded cards for hourly employee access. Employees were assigned a number, but that was it. HID Fargo Printer/Encoder Slear and Furman selected the Fargo DTC550 Direct-to-Card Printer/Encoder with lamination capabilities from ID Wholesaler (www.idwholesaler.com), a Fargo Value-Added Retailer and the largest online reseller of photo ID products. “I looked around quite a bit,” said Slear, “and all of my research kept coming back to Fargo.” Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs" “We determined that Furman Foods needed a higher level of security than a basic photo ID card could offer,” said Shane Stark, Account Manager, ID Wholesaler. “The FDA keeps tight regulations on who has access to food processing areas. Along with using bar codes and magnetic encoding for security measures, Furman’s warehouse employees require a stronger card to withstand the everyday wear and tear associated with their active jobs. This led us to lamination and a Mylar card, which offers greater durability.” Slear was also interested in the printer’s speed. “When we ramp up during the summer, we produce a year’s worth of product in three months,” he said. “We have to print a lot of ID cards quickly to accommodate our seasonal workers.” Security Access Cards Furman’s bought the Fargo printer in October, took employee pictures in November and began issuing new ID cards in January. The ID cards contain a full photo, and the program includes all employees, even the extra 300 that are hired during the July-to-October busy season. While tracking time and attendance with the ID cards was the company’s first concern, Slear and Furman were thinking ahead when they chose an ID card printer, knowing that security needs would be enhanced down the road. “We added a magnetic stripe and photo in preparation for future security,” said Slear. “We haven’t defined yet what else we might do, but much of it will be driven by FDA and USDA directives.” “We liked the fact that the DTC550 printer can print on proximity cards if we decide to upgrade our ID cards someday,” said Slear. Furman agreed. “Eventually, we will go to smart cards, especially for the room where our ingredients are mixed,” he said. “We need to limit this area to those who are designated to be there. They will have to swipe an ID card for access. We chose a printer that will allow us to upgrade the cards, knowing that sooner or later we’ll have to go further with security.” Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements" Comprehensive Identification Solutions “Everything has been going well,” Slear said. “The person printing the cards picked up on it quickly.” Slear gives high marks to ID Wholesaler for their customer service. “Every time I talk to Shane, I get the answers I need,” he said. “He also checks in from time to time, just to see how things are going.” “Our product and industry knowledge enable us to assess our customers’ needs and present options that meet their requirements and their budgets,” said Jennifer Clancy, Marketing Manager, ID Wholesaler. Currently there are three variations to the Furman’s ID cards: yellow background for employees, green background for visitors and blue background for vendors. “Certain vendors are allowed on site without an escort,” said Furman. “For instance, because we are a kosher facility, once a month a rabbi comes in to check our operations. He has his own vendor ID card and is pre-approved, so he can move throughout our facility unescorted.” Facility Security One of our big concerns is having someone follow a carded employee into the plant Furman Foods prides itself on its strong values, its quality products, its sustainability and its food security. Yet Furman isn’t satisfied. “We are still not where we should be,” he said. “We have come a long way, but we have a long way to go. If I could wave a magic wand, we would have one entrance, where everybody has to enter and exit. This entrance would be secured by a card reader, so individuals would have to swipe an ID card to get in. One of our big concerns is having someone follow a carded employee into the plant. Restricted areas should require special access cards, and I’d like a fence around the entire facility, with a guard shack where everyone checks in and out,” he further added. Right now, there are multiple entrances for traffic. The facility is very spread out, and the road in front is a public road. Photo ID Access Card Yet, all agree that the ID cards are an important step on Furman Foods’ journey toward enhanced security. “A safe workplace is fundamental,” said Clancy. “Photo ID cards provide at-a-glance validation that the card wearer is authorized to be on the premises. This is especially important for food manufacturers.” “I tell our employees security is only going to get tighter,” Furman said. “More safeguards will be put in place. We are in the food business. If we don’t have safe foods, we don’t have jobs.”
Following several high-profile incidents alleging abuse of special needs students (including some non-communicative students), and the activism of a number of parent groups in the state of Texas, Governor Greg Abbott signed Texas Senate Bill 507, requiring districts to install audio and video surveillance equipment into select special education classrooms when requested. The law requires the installation of cameras and recorders in classrooms meeting certain criteria—if and when a parent, school board member, or school staff requests them from the 2016-2017 school year forward. Surveillance must cover all areas in a classroom, with the exception of bathrooms and changing areas, and recorded footage must be retained for a minimum of six months. Many Texas school districts have begun the work of bringing relevant educational spaces into compliance with the law, including the Edna Independent School District.The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements Super Fisheye-Powered Surveillance Carefully considering Edna ISD’s requirements for a highest-quality surveillance solution, capable of audio recording and coverage in compliance with the law, along with their need for a fiscally responsible solution that minimized total cost of ownership, while maximizing value, PSX recommended the IDIS Total Solution’s DirectIP line. The IDIS Total Solution has a selection of affordable, highest-quality options for school districts, easily scaled to meet any classroom size, configuration, or budget. The IDIS solution crafted by PSX meets Edna ISD’s SB 507 compliance requirements with a custom configuration of IDIS cameras and recorders for multiple classrooms and sites. At the heart of the solution is the IDIS DirectIP Super Fisheye Camera, which features breakthrough IDIS technology recognized by the industry for solving common concerns found with many other fisheye models.The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture Smart UX Controls The IDIS Super Fisheye offers unparalleled client, camera, and mobile dewarping for a clearer picture and strongest possible assessment and documentation of incidents. It also features the company’s award-winning IDIS Smart UX Controls (named a 2016 ‘New Product of the Year’ by Security Products magazine), which allow for agile real-time pointing and zooming in a simplified and smooth manner previously unheard of in the industry. Other IDIS benefits, including two-way communication and the powerful recording and storage technology the company is known for, make the solution an ideal one for Edna ISD’s needs. Significantly, SB 507 was not accompanied by additional funding for implementation. It required school districts to cover the cost of surveillance purchases and installation from existing funds, donations, or other alternate funding strategies. This expands the requirement for school districts such as Edna ISD, beyond the simple purchase and installation of new surveillance solutions, to include the identification of surveillance solutions able to provide maximum quality with a low total cost of ownership and to be as responsive as possible to the law, student needs, and existing budgetary requirements.The IDIS Total Solution has proven a strong fit for school districts Cost-Effective Deployment Offerings that feature combinations of technical and cost-effective benefits have proven a strong fit for school districts, including Edna ISD, looking to meet SB 507 requirements without sacrificing quality for cost, something that is important to institutions such as public schools, charged with both optimal execution of their core educational mission and careful stewardship of public funds. The IDIS Total Solution, differentiated by its ease of installation and use as well as its lack of licensing and maintenance fees, has proven a strong fit for school districts, including Edna ISD. Alan Morris, Vice President of Sales for PSX, Inc., stated, “While SB 507 compliance has proven a challenge for some school districts, Edna ISD has shown an uncompromising commitment to its special needs students through the selection of technology that provides easy real-time review of classroom behavior and provides the best, clearest evidence possible should an incident occur.” Secure Learning Environment "In Edna ISD, the safety of our students, teachers, and staff is a key part of our educational mission. When those in our schools, and the families that love them, know their environment is safe and secure, the educational mission can thrive. We have embraced the SB 507 requirements as yet another tool in ensuring an ideal learning environment for all, providing additional support and protection for our special needs population.” “We were committed to doing this with only the best technology the industry had to offer, while also remaining responsible to our taxpayers throughout the process. The IDIS combination of a fully scalable solution of next-generation technology with a lower total cost of ownership than typically seen in the industry made it the right choice for our needs."
Round table discussion
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?
Knowledge shared among peers is often afforded more credibility than information from manufacturers. An approximation of that principle is at work in the use of case studies as marketing tools in the physical security industry. Case studies are aimed at telling real-world success stories – from actual customers – about how various technologies are used to accomplish security goals and make the world a safer place. But how useful are they? We asked this week’s Expert Panel Roundtable: What are the benefits of case studies as a marketing tool in the security industry?