• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Industry Spotlight

INDUSTRY SPOTLIGHT: Todd Research safety & security

960 640 Guest Blog

One of the oldest and most established organisations in safety and security, Todd Research has a proud history of designing, manufacturing and supplying X-ray scanners, metal detectors and blast suppression equipment across a diverse range of public and private market channels.

Todd Research was formed in January 1950 and began by designing and manufacturing equipment for the medical and veterinary sectors.

In 1973, Todd Research made a breakthrough in X-ray technology by developing the world’s first X-ray scanner specifically designed for mailroom security.

Now at the heart of our business is our Cabinet X-ray scanner offering. Since developing the world’s first mailroom X-ray scanner, we’ve expanded our product range to cover a wide range of security solutions, each designed to aid the detection of suspect devices.

With over 50 years’ experience, our mission is to use technology to develop innovative solutions and services which exceed our customer’s expectations. To achieve sustainable year on year growth through providing quality and innovative products and services. Alongside our market-leading range of security and safety products, we also offer a full suite of services. From threat assessment and management, to health and safety compliance, we go the extra mile to ensure that our customers always have the support they need.

www.toddresearch.co.uk

INDUSTRY SPOTLIGHT: Centralized, multi-site door access control made simple

960 640 Stuart O'Brien

Problem: Most access control systems are site-centric, driven by local databases of staff permissions, so when it comes to trying to oversee or manage building access for sites in different locations, sharing and synchronising access information requires additional appliances and significantly increases system complexity.

Enterprise-class solutions for physical access management require substantial up-front investment and still typically rely on installing dedicated sync-servers at each site to duplicate data across locations.

Solution: Leverage existing enterprise-wide IT access control infrastructure that’s designed to deliver centralized visibility and control, in real-time, across all networked sites. Simply add controlled doors to the network – just like connecting a PC – and have staff-access similarly managed.

The EdgeConnector physical access system addresses door access control in exactly this way – radically simplifying the solution and making it limitlessly scalable, covering all sites, all connected doors, and all users, automatically.

Companies often expand to new sites through acquisition, making it likely that different access control systems are used at each location. Integrating unalike systems to provide organization-wide physical access management then becomes a far greater challenge, requiring ether the rip-out and replacement of a legacy system or comparably expensive development of bridging systems. 

EdgeConnector works with existing credentials and readers (that use the industry standard Wiegand interface) avoiding the need to change much of the hardware for legacy systems. EdgeConnector also works with a range of compatible wired and wireless door controllers – avoiding the need to swap-out these devices in some cases, although installation typically only requires a single network cable supporting PoE+ for wired door control and PoE for wireless door control.

IP network based door access systems can provide real-time control and economical scalability, EdgeConnector takes this further by making use of the existing centralized staff database used for IT-access (typically Microsoft Active Directory) to handle door access permissions. This approach streamlines the infrastructure required, which in-turn facilitates streamlined access administration processes. Taking the the critical process of staff off-boarding as an example – it’s possible to ensure all door access privileges, for all premises, as well as all IT-access permissions,  for an individual are rescinded in just one step.

Unifying IT and physical access infrastructure is consistent with the trend over recent years for IT teams to be involved in the selection and integration of physical access control systems. An HID published survey1found that well over 70% of organizations expect IT departments to influence physical security technology decisions and to integrate physical access controls into the wider IT ecosystem.

IT teams have their own interests in being involved – taking a holistic approach to an organization’s security avoids the risk of physical access, and physical access systems, providing a ‘weak link’ in an otherwise robust cyber-security strategy. By ensuring all elements of critical infrastructure, including door access controls, are properly secured through standard support practises, organizations can avert issues arising from siloed infrastructure that may otherwise avoiding regular scrutiny.

Summary

Building access control systems using contactless identity credentials, such as RFID cards, fobs or mobile phones, are commonly used in all but the smallest of organizations. By being able to easily manage who has permission to use what doors and when, together with the ability to quickly revoke access for lost credentials and former staff, access control systems provide organizations with the control they need without impeding or inconveniencing their personnel. However, the issue that frequently comes-up is the complexity involved in trying to extend a physical access control system to cover sites in different locations.

EdgeConnector makes use of the power of existing IT-access controls, and the scalability of IP-network infrastructures, to minimising the cost and capital expenditure required to control access through connected doors, car barriers and other controlled opening, across all sites and for all staff.

For more information on centralized, multi-site physical access control management contact EdgeConnector:

www.edgeconnector.com

+44 (0)1428 685 861

1https://www.hidglobal.com/doclib/files/resource_files/the_rising_role_of_it_in_physical_access_control_-_final.pdf

INDUSTRY SPOTLIGHT: Simpler, stronger access control through identity driven security

960 640 Stuart O'Brien

Physical and IT security work seamlessly together with EdgeConnector door access control software; delivering streamlined permissions administration, a simplified infrastructure that gives central oversight across all sites as standard, as well as cyber-physical protection capabilities that support information security and compliance.

Security professionals can now leverage the power and flexibility of an IT network’s existing access management infrastructure, to protect people and premises, in addition to data. EdgeConnector’s unique approach to physical access management aligns door access control with IT-access control; both driven by a single shared directory of users, identities and permissions (typically using Windows® Active Directory). This radically simplified system architecture provides significant benefits over traditional models:

Streamlined administration –data duplication and separate workflows can be dispensed with, so for critical processes like staff off-boarding, it’s possible to ensure all access privileges, to all premises and for all IT network resources, are rescinded in just one step. Role-based security models can combine door and IT access rights, maintaining consistency between the physical and logical access granted to staff whenever they change job function.

Organisational fit– the rationalised, standards-based infrastructure is inherently scalable and easier for IT teams to support, giving Security teams the flexibility to manage the protection of the organisation as needs change. EdgeConnector’s dedicated physical access administration console provides authorised users with comprehensivecontrol and monitoring tools.  Alternatively, physical access rights can be incorporated into wider security permissions profiles, for allocation to staff through an existing Identity and Access Management platform. 

Central oversight– monitoring physical access across all locations and managing multi-site permissions for personnel are standard features with EdgeConnector, without any need for the complexities of installing additional infrastructure to share physical access information between sites.

Real-time control– changes to physical permissions take immediate effect at all doors, thanks to the online architecture.

SIEM by design– cyber-physical control capabilities can automatically prevent access exceptions that would otherwise require manned monitoring of alerts from additional Security Information and Event Management systems. User-location based controls can easily be applied, restricting digital access to sensitive data to within secure areas. Example usage includes: denial of access to patient medical records, or customer payment card processing, or financial trading applications unless authorised users are in nominated locations, blocking of Wi-Fi access outdoors, and prevention of privileged access to critical server administration functions from outside the data centre.

Straightforward installation– by making use of the existing user directory and IT network infrastructure, minimal effort is required to connect and control any number of doors at any number of sites. Compatible door control hardware from Assa Abloy, Axis and HID can all be used on any standard IP network, including VPN, WAN and Cloud configurations. 

EdgeConnector’s standards-based approach extends to the credential used for door access. As well as mobile phone and biometric options an extensive range of contactless card standards can be used, including existing cards and readers if desired. To protect against the risk from card-cloning, an easy-to-use tool for managing bespoke RFID encryption keys allows organisations to securely encode popular cards for themselves. 

For more information, visit www.edgeconnector.com or call +44 (0)1428 685 861

INDUSTRY SPOTLIGHT: One ID for all access – Secure, convenient & manageable

960 640 Stuart O'Brien

Hybrid smartcards are the most secure and cost-effective solution for providing staff with just one credential for all identity and access applications – making life easier for employees and strengthening security by enforcing desired behaviours. 

Organisations typically have many different  systems that require user identity verification in addition to building access control, such as secure logon to the IT network, the release of documents from printers and cashless canteen vending.

Making it possible for each staff member to use just one ID for all these identity and access applications not only makes life easier for them, which aids their productivity, but also strengthens security across the organisation by enforcing behaviours that ensure protective measures are not circumvented (such as by the loan of door access cards to colleagues, or by leaving logged-on computers unattended).

Furthermore, having just one user identity database for all applications, enterprise-wide, avoids wasteful resource duplication and significantly reduces overall costs.

Why smartcards

Hybrid smartcards can combine a separate contactless RFID interface chip with a contact chip in the same card body. This enables the best choice of standards-based contact and contactless technologies to be selected for an organisation’s specific requirements.

Contactless applications, including building access, can make use of up-to-date technologies, including DESFire, iCLASS and SEOS, which support mutual authentication with card readers before transferring encrypted identification information. It’s also possible for multiple RFID chips to be incorporated, in order to support migration from insecure legacy technologies, or to accommodate completely separate physical access control systems.

Contact smartcard chips are ideally suited to PKI-based 2-factor authentication (2FA) security applications, such as network logon, disk encryption, email encryption and digital signatures. They provide the ‘gold-standard’ in security by utilising private keys that are generated and stored securely in the chip, protected against external access, and never shared. The chip hardware from established manufacturers includes design features that prevent keys from being extracted, even if probed by an electron microscope, and so achieve certification to the highest international standards, such as EAL 5+ and FIPS 140-2.

The actual security of any digital credential ultimately depends on how well its encryption keys are protected. As mentioned already, contact smartcard chips have been certified to the highest security standards. Mobile devices support 2FA by hosting various app and cloud-based implementations of cryptographic algorithms; software-based solutions are at greater risk from malware attack and the security of encryption keys depends very much on the particular mobile device and OS in question.

Mobile device based credentials appear to offer a convenient alternative to having to issue each staff member with smartcards, they do however introduce the burden of managing and maintaining multiple apps and device platforms, a task that becomes even more complex as these proliferate over time.

Issuing employees with smartcards commonly supports wider site security requirements, as they can be printed on for use as an easily recognisable company ID, bearing a photo of the user and worn on a lanyard.

While mobile credentials solutions for an ever widening range of identity and access applications have become increasingly available, their adoption is currently limited by their much greater cost in comparison to well-established smartcard solutions.

Security benefits of converged credentials

Process

Combining the forms of identification required for both logical access and physical access, into a single ‘converged credential’, facilitates streamlined management and administration for critical process like staff on-boarding and off-boarding.

Card Management Systems (CMS’s) help organisations deploy and manage smartcards quickly, efficiently and securely. Hybrid cards can be managed easily with CMS tools that connect to enterprise directories, card printers, certificate authorities, and more.

People

Staff always tend to find the most expedient ways of getting their work done, even if short-cuts may result in security vulnerabilities. Issuing each staff member with a single card for door access as well as IT-access (amongst other uses) naturally compels them to always carry their ID-cards with them at all times, strengthening overall security by:

  • Ensuring credentials with photo-ID are consistently worn by staff moving around a site.
  • Quashing the practise of lending door access cards to colleagues.
  • Automatically logging-off or locking computers whenever left unattended by users, who have to remove their ID card to pick-up a coffee or collect a document from a printer for example.

Technology

Hybrid smartcards allow organisation to mix-&-match established standard contactless and contact technologies to fit their precise needs; providing the flexibility to integrate with an extensive range of identity and access applications using just one ID card.

In addition, fully-online and integrated door access control systems can be used to ensure that users can only log on to their PC, or access other IT resources, if they have badged through a door, thus eliminating most ‘pass-back’ and ‘tailgating’ issues with building access cards.

For more information on converged identity and access management solutions contact Dot Origin:

www.dotorigin.com/smart-card-based-solutions/converged-access/

+44 (0)1428 685 861

INDUSTRY SPOTLIGHT: Secure your RFID access controls against card cloning

960 639 Stuart O'Brien

All security professionals need to be aware of RFID cloning vulnerabilities present in common door access control systems, and how to protect against them.

Some of the most widely used RFID access cards simply do not include any capability to prevent them from being read (and hence copied) inappropriately, and other common card-types have flawed security features that also allow them to be cloned using low-cost, hand-held card-copying kits.

It is possible, although rather impractical, to protect these cards with shielded cases that require the card to be extracted each time they need to be presented to a door access reader. There is also a risk from spoof-cards (purchased online without needing an original to copy), that will be read by standard door access readers.

Unfortunately, having cards and readers that are based on up-to-date secure RFID technology standards doesn’t automatically guarantee greater security; providers of physical access control systems often don’t make customers aware of the options available for configuring cards and readers, preferring to control that for their own benefit (simplifying deployment and maintaining card supply revenues).

To prevent card-cloning and spoofing, organisations need to make sure they are actually using the features that allow all their cards to be uniquely and securely encoded, so that cards can’t be read by any other readers, and their readers are configured to recognise only correctly encoded cards.

To secure RFID access controls, organisations ultimately need to have control over the encryption keys that are used to encode their access cards and configure their readers. Organisations don’t share their IT-admin passwords with third parties – so why should they be reliant on any number of individuals in a supply chain for access cards to protect their RFID encryption keys?

Key-ID Encoder is a cost-effective and easy-to-use solution for secure RFID card encoding. The Key-ID software makes it straightforward to create unique encryption keys, which are stored securely, and used to encode any RFID credentials that use NXP’s standard DESFire EV1 or EV2 chips.

Cards and fobs can be sourced freely and then encoded using the Key-ID kit, which includes a desktop reader/writer that connects via USB to any suitable Windows PC running the software. The reader/writer supplied also supports the use of a SAM (secure access module) to safeguard encryption keys. Enrolment of newly encoded cards into an access control system can be automated with the help of an additional software utility available from the same company.

Key-ID Encoder has been developed by Dot Origin Ltd, who specialise in identity, security and proximity solutions, using established security principles and based on industry standards.

For more information, visit www.key-id.com/encoder or call Dot Origin on +44 (0)1428 685 861.

INDUSTRY SPOTLIGHT: Simpler, stronger access control through identity driven security

960 640 Stuart O'Brien

Physical and IT security work seamlessly together with EdgeConnector door access control software; delivering streamlined permissions administration, a simplified infrastructure that gives central oversight across all sites as standard, as well as cyber-physical protection capabilities that support information security and compliance.

Security professionals can now leverage the power and flexibility of an IT network’s existing access management infrastructure, to protect people and premises, in addition to data. EdgeConnector’s unique approach to physical access management aligns door access control with IT-access control; both driven by a single shared directory of users, identities and permissions (typically using Windows® Active Directory). This radically simplified system architecture provides significant benefits over traditional models:

Streamlined administration –data duplication and separate workflows can be dispensed with, so for critical processes like staff off-boarding, it’s possible to ensure all access privileges, to all premises and for all IT network resources, are rescinded in just one step. Role-based security models can combine door and IT access rights, maintaining consistency between the physical and logical access granted to staff whenever they change job function.

Organisational fit– the rationalised, standards-based infrastructure is inherently scalable and easier for IT teams to support, giving Security teams the flexibility to manage the protection of the organisation as needs change. EdgeConnector’s dedicated physical access administration console provides authorised users with comprehensivecontrol and monitoring tools.  Alternatively, physical access rights can be incorporated into wider security permissions profiles, for allocation to staff through an existing Identity and Access Management platform.

Central oversight– monitoring physical access across all locations and managing multi-site permissions for personnel are standard features with EdgeConnector, without any need for the complexities of installing additional infrastructure to share physical access information between sites.

Real-time control– changes to physical permissions take immediate effect at all doors, thanks to the online architecture.

SIEM by design– cyber-physical control capabilities can automatically prevent access exceptions that would otherwise require manned monitoring of alerts from additional Security Information and Event Management systems. User-location based controls can easily be applied, restricting digital access to sensitive data to within secure areas. Example usage includes: denial of access to patient medical records, or customer payment card processing, or financial trading applications unless authorised users are in nominated locations, blocking of Wi-Fi access outdoors, and prevention of privileged access to critical server administration functions from outside the data centre.

Straightforward installation– by making use of the existing user directory and IT network infrastructure, minimal effort is required to connect and control any number of doors at any number of sites. Compatible door control hardware from Assa Abloy, Axis and HID can all be used on any standard IP network, including VPN, WAN and Cloud scenarios. .

EdgeConnector’s standards-based approach extends to the credential used for door access. As well as mobile phone and biometric options an extensive range of contactless card standards can be used, including existing cards and readers if desired. To protect against the risk from card-cloning, an easy-to-use tool for managing bespoke RFID encryption keys allows organisations to securely encode popular cards for themselves.

For more information, visit www.edgeconnector.comor call +44 (0)1428 685 861

INDUSTRY SPOTLIGHT: Wannacry – A wake up call to review your information security

960 719 Stuart O'Brien

The Wannacry ransomware virus that hit the world last month demonstrated just how vulnerable our systems and information is to hostile attacks. Estimated to have hit in 99 countries across the globe, the attack on the NHS alone was deemed to have been the largest cyber-attack in its history and the impact was severe. Appointments and operations were cancelled and doctors warned that the infiltration could have cost lives.

Whilst the stakes in business may not be as high, last month’s attacks do offer us a wake-up call and highlight the need for more robust information security systems. The single greatest asset held by most companies is their information.  Its protection is key to the success of any business, particularly in highly competitive markets where new designs, technological advance, customer information and intellectual property have significant commercial value. However you store the information you hold dear and whatever its format, whether it’s on your servers, in your filing cabinets or even the spoken word, now is the time to take proactive action to protect it and so deter terrorists, criminals and others before damage can be done.

Much can be done to detect attempts to gain information about you or to steal your proprietary information in preparation for more serious attacks. In most cases, there are tell-tale signs which, if dealt with immediately, can prevent the loss of information and reduce the subsequent risk of action against you.  In general terms this means deploying an appropriate method of surveillance to look for indications that something is wrong.

Esoteric’s specialism is the pro-active protection of client information and assets by countering attempted or actual attacks. These may involve theft of assets, sensitive company information, copyright or intellectual property to achieve competitor advantage, to counterfeit goods, to commit fraud or other crime, or to benefit from corrupt or improper activity.

If you have concerns about the integrity of your information, call Esoteric in confidence today on 01483 740423 or visit our website on www.esotericltd.com.

Esoteric

INDUSTRY SPOTLIGHT: Reduce risk of insider threat with counter-eavesdropping solutions

960 640 Stuart O'Brien

In a recent survey by Vormetric a whopping 89% of respondents said they felt their company was at risk from insider attack, with 34% saying they felt very or extremely vulnerable.

Senior management are most concerned by the potential for damage, caused either maliciously or through neglect, by trusted employees. This anxiety is supported by the Ponemon Institute who reported that 62% of employees have access to company data they shouldn’t.

To help reduce risk to exposure companies might want to consider:

  • Who specifically requires access to particular information and what for (can the information they require be found from another source)
  • What controls are in place to limit access to only those who need it to carry out their job roles
  • How to identify unauthorised access
  • What information is of value to others

In order to be productive companies need to give employees freedom to work without impediment. Balancing access to information whilst protecting what’s confidential can be achieved through the introduction of simple security systems, including the evaluation of risk from electronic eavesdropping – now the highest growth area of insider attack.

Having a proactive Technical Surveillance Counter Measures (TSCM) program in place, demonstrates a best practice approach which will reassure board members, clients and stakeholders. As well as locating and identifying hostile electronic surveillance devices, an effective TSCM program is designed to detect technical security hazards, physical security weaknesses or security policy and procedural inadequacies that would allow premises to be technically or physically penetrated.

For further information on how to keep your company’s confidential information confidential, call Esoteric on 01483 740423. Or email mail@esotericltd.com

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.

Industry Spotlight: Are CCTV images too low quality to identify criminals?

800 450 Jack Wynn

No organisation wants to breach the Data Protection Act (DPA) because doing so would have serious consequences for their business: fines, bad publicity and even criminal sanctions. However, many do not realise that the Act also applies to the CCTV systems they may use to secure their premises, as well as protect tenants or staff members.

Businesses typically install CCTV to protect staff and their assets. Nonetheless, according to our recent survey, many worry that the images they are collecting are not actually good enough to identify perpetrators should criminal activity take place. This leaves them wide open to breaching the DPA, which states that data recorded with the purpose of identifying individuals performing criminal activities must be of sufficient quality to do so, otherwise its capture is unjustified.

For a CCTV system to serve its purpose, i.e. to deter crime and protect people while meeting the demands of the DPA, the recordings must be of sufficient quality to identify individuals performing criminal activity and be easily accessible by the police, with the right credentials to be used as evidence, such as accurate timestamping.  

Only footage relating to the purpose of the CCTV system should be recorded, so it is important to be able to schedule recording periods, redact areas of a camera ‘s view to prevent collateral intrusion and ideally to trigger recording by way of an event such as motion detection. Any recordings taken must be stored securely to prevent unauthorised access and hacking; this means using encryption wherever possible.

All concerns around the effectiveness of CCTV, from image quality, secure access and image sharing to accurate time-stamping, can easily be addressed through integration with the Internet of Things (IoT). Cloud based solutions enable users to record and store high definition images and video footage securely. Data can be fully encrypted and time stamped, then stored securely with access available through an authorised web-enabled device. Such systems are designed to handle large volumes of data and are also highly scalable to accommodate any future growth of a business such as new locations and the need for increased security. 

Using the cloud makes sharing of images easy within a highly-secure, proven technology platform, thus crowdsourcing a community which can help to piece together any suspicious activity. Some can also be retrofitted to existing systems without the need to replace cameras or cabling, enabling users to take advantage of the IoT with minimum additional cost.

Not only does this make the data much safer but it is also easier to use, giving users secure, encrypted storage for high quality images, accurate time and date stamping and immediate access to their data if it is needed by the police – helping to ensure that even older analogue systems comply with the DPA and providing peace of mind that their physical assets and their people are protected.

CCTV may seem like an unlikely area for concern, and the data it collects may seem very innocuous in comparison with other personal data. However, with the potential of heavy fines and even criminal sanctions applying to any breach of data protection regulations, organisations need to ensure that they take the quality and security of their CCTV extremely seriously.

Words by James Wickes, CEO and co-founder of Cloudview

  • 1
  • 2