Security Integrators, Customers Need to Team Up for Better Cyber Security

By Eric Kantner

Security integrators and their clients are constantly sharing information, as most integrators today have remote access to their customers’ systems so they can provide necessary maintenance and updates.

Because of this inter-related nature of doing business, it’s imperative that both parties be on guard against cyber security breaches since a threat to one partner could certainly affect the other.

For all the ease and ability that the Internet provides for sharing data and conducting transactions, it also serves as a constant temptation to outsiders to gain access to personal and business-related information and systems.

And it points out to all parties involved that threats can come in many forms and through many channels. So it isn’t just a matter of adding a firewall and calling it a day, but rather there needs to be ongoing vigilance to ensure your data is fully protected.

So what are some of the steps both integrators and clients should undertake to ensure a cyber-secure environment?

•Secure your customer’s data: Access to your customer’s sensitive data should be limited, and all customer data should be encrypted, especially when stored on laptops and mobile devices. If one or both parties are involved in handling credit card transactions, which can be a target for information thieves, make certain that the software used for transactions meets PCI (payment card industry) standards. And if a third-party handles this for you, review their PCI compliance as well, as PCI-DSS compliance is crucial.

•Conduct regular system checks for vulnerabilities: Undergoing a one-time system check is like going to the doctor when you’re 20 and assuming you’re good for the rest of your life. Ideally, systems should be audited regularly, testing for and patching software problems, scanning for internal and external viruses and shoring up operating systems and passwords as needed.

•Get your employees on board. While the integrator, his customer and the two IT departments may agree on stringent cyber-security principles, if employees aren’t made aware of the steps needed to secure data, it could be a moot point. So be sure to set up rules about computer and smartphone usage as it relates to potential problems such as clicking on unfamiliar links, accessing questionable websites and sharing company information online.

•Realize that not all problems are computer related: Client information on paper that is left unsecured is also open to theft or misuse. Integrators should secure documents that could put passwords, personal information or business data into the wrong hands.

When both integrators and clients take a hard look at their cyber-security measures, all parties involved can rest assured that the systems they are both accessing are as secure as possible.

Remote security goes wherever it’s needed

By Bill Romano

Threats can happen anywhere, even in those areas where roads and power lines are scarce.

Construction sites, mining operations and other areas where power is non-existent or spotty at best are still targets for thieves and saboteurs. In those instances, integrators and their clients are looking to deploy security measures that can operate without a traditional power source or connectivity.

On a construction site, where power may still be under development but contractors want to protect their investment in supplies as well as ensure that no one is trespassing at the structure, options such as battery-powered, wireless video systems can give an adequate picture of the site that can be viewed by the developer or transmitted to a central station for more traditional monitoring.

In most instances, setting up remote surveillance to monitor critical operations whether it’s a field of grapes in California, a remote mining operation or valuable property and resources in the desert, requires a custom solution developed through a partnership with the integrator, the end user and the technology provider because of the unique nature of these less conventional locales and the need to operate in extreme conditions.

While video surveillance leads the list of needs for securing remote sites, access control capabilities and asset tracking are also considerations. Heavy equipment at a construction site that is equipped with a tracking system, for instance, can inform the owner if machinery is moved after hours or leaves a designated area.

As the business world expands to tap into assets in all corners of the United States, remote security capabilities are rising to the occasion, offering the reassurance that you can still know what’s going on, even if you can’t be there.

Free Yourself of Data Clutter – Consider the Cloud

by Joseph Liguori

Don’t we all wish we had more room? Anyone who has moved knows the frustration of having to sort through years of clutter and then make the decision about what to do with it — keep it, sell it, put it in storage?

In the physical security world, managing data is a bit like tackling the stuff in our own homes. Every door in an access control plan, every badge issued and scanned and every camera in a surveillance system generates usable, archiveable data. The data may be critical for use at this very moment, or companies may want to have it at the ready in case they need to search it to see a particular incident or put together reports on activity patterns.

Integrators have helped out their clients by becoming keepers of the data. For the end user, the benefit is that instead of investing in high-cost, space-hogging servers and handling some of the administrative duties behind their access control systems, they have handed off this task to integrators who store and manage the data, based on their needs.

This scenario frees the client from having to invest in and manage the servers on site, while still being able to perform some functions locally, such as determining which doors to open and close, or who should be granted access to a particular location. For the end user, it because both a cost- and a time-saving proposition.

While this becomes a win for both parties, the integrator must now invest in and maintain a large number of servers or storage devices. This can be simplified if all that information is moved to the cloud.

Cloud-based managed access control unclutters, if you will, the integrators’ facility and puts the data that was stored locally into the third-party data centers that are designed specifically to handle huge amounts of data.

With a cloud-based system, both the end user and the integrator are beneficiaries of a more efficient storage scenario. The integrator retains the role of data keeper, but rather than having to invest in and physically maintain the servers associated with the access control or video surveillance systems, he becomes the conduit between his client’s data and the third-party provider. The end user is still able to perform the tasks that he wants control over, but the information resides not at his facility or his integrators, but within the cloud. Companies such as Amazon, Microsoft Cisco, Google and IBM have all become cloud-based storage providers.

An advantage of cloud-based access control is that the amount of storage space isn’t restricted by the number or size of servers purchased, but rather is based on the amount of data used, so it can fluidly increase or decrease as needs change — and costs therefore can be based on actually usage even as it fluctuates.

This is true whether someone is storing transaction data from their access control system or video from hundreds of network video recorders (NVRs). In the latter case, instead of configuring NVRs to store data from video back ups, that information can be exported to a cloud-based platform.

And like the access control data, end users still have control over their cloud-stored video information, with the ability to adjust frame rates and determine storage requirements for one camera or a group of them.

Additionally, there is redundancy in the cloud, which greatly reduces the chance for lost data or images.

Just as businesses have sprung up to store our personal clutter, cloud-based data management is freeing up end users and integrators so they can focus on what they do best.

Physical security plays key role in the fight against drug diversion

By Sam Auciello, Pasek Corp.

Drug diversion — the theft and use of drugs intended for patients by staff, visitors and others — has become a real issue for healthcare institutions, especially as the problem with prescription drug abuse rises.

It’s a multi-billion dollar problem, with drugs such as methadone, oxycodone, fentanyl and propofol among those being stolen from hospitals and other healthcare facilities.

Headlines in recent years have told of hospital workers such as nurses and technicians getting into what was once thought of as a secure environment – locked dosing machines – and accessing medications and substituting benign alternatives such as saline solution to mask the theft.

Fortunately, drugdiversion committees have been created within hospitals, working in conjunction with security staff members, to institute policies and procedures along with additional physical security measures to increase the security to safeguard controlled substances.

So where should a hospital or healthcare start to provide complete protection and security for their prescription medication? Taking a concentric circles approach to security, the pharmacy, from which the drugs are distributed, is the most likely source for the highest level of protection. At the pharmacy, a hospital can place limitations on who has access and implement several layers of security such as dual authentication biometric access control and cameras positioned in key areas where drugs are stored, prepared for distribution and returned or discarded.

Working out from there, hospitals have set up means to secure drug cabinets, either through standard lock-and-key protocols or more advanced methods such as fingerprint or badge-related access control. RFID technology on portable dispensing machines also allows for security to track the movement of the drugs through hallways and into various rooms. By being able to follow movement and access, healthcare facilities can create an audit trail in the event that something untoward occurs.

In addition to creating appropriate policies and procedures and instituting physical security measures, the hospital security director should review this information with their security systems integratorand healthcare staff to ensure everyone can be on the same page regarding the safe handling, distribution and monitoring of controlled substances.

Working as team, hospital personnel, security and their integrators can develop the right surveillance and access control plans to help enforce drug diversion best practices.

Today’s Lesson: Know Your Security System

By J. Matthew Ladd

Teachers have their lesson plans and students have their homework. The goal with both is to be prepared — either for a day in the classroom for educators, or for that upcoming quiz or test for scholars.

But school districts that have recently spent thousands of dollars on security system installations — many of which were sent out from bid last year and then were put in during the summer months in time for classes to resume in September — need to educate themselves as well.

With all that the latest surveillance and access control technology offers to school security personnel, too often these systems are rushed into place to coincide with the new school year. As a result, training becomes an afterthought.

Taking the time to familiarize yourself with the features of each system means you’ll get the most out of it. While the project may have met your first day of school deadline, it’s incumbent on security personnel to spend time getting to know the inner workings of the cameras, recorders, analytics, card readers and the like.

Fortunately, you have an excellent tutor available — your integrator. We can walk you through everything you need to know about your new school security system as well as help train your staff on its nuances.

Sometimes it’s as simple as making sure all the features are completely operational: Are all the cameras turned on, are the readers working properly? In other cases, it’s sharing the capabilities of your new system with local law enforcement so they can best respond to an event at a school, should something happen.

You may also want to seek input from your integrator on setting up system rules and procedures for responding to particular types of situations so you can offer the best security coverage possible.

Today’s systems are fully featured and can provide a plethora of information before and during a crisis as well as forensically. If you do a little homework now, we can help you learn how to maximize your system.

Taking Dual-Factor Authentication to the Next Level

By Dave Sweeney

A recent survey about logical access control pointed out that in most people’s minds, passwords are passé. An overwhelming 84 percent of those surveyed supported eliminating passwords, while 76 percent of respondents felt an alternative form of verification would make their data more secure.

In the physical security realm, we are increasingly seeing a movement toward something beyond single factor authentication, such as an access card or a key code alone. Many companies have combined the two, but just like passwords that can be shared liberally, codes have a way of getting passed around too.

So how does one up the level of protection beyond the single form of authentication? Dual-factor authentication is usually focused on something you HAVE (a card) and something you KNOW (a code), but there is also something you ARE — a biometric.

A few things are working in favor of biometrics these days. First, the technology has improved and the cost has come down. While far from the least expensive form of authentication, those who opt for biometrics now can feel confident that it will perform as needed.

Second, biometrics are increasingly being integrated into existing security systems. In the early years, a fingerprint reader or palm scanner was a stand-alone product that required its own database.

Another benefit is that aside from the uniqueness of biometrics — making it nearly impossible to steal it from someone else — this authentication factor is always with you. Unlike a card that can be misplaced, or a code that is forgotten, your iris, palm, finger or retina goes where you do.

This can translate into both time and cost savings if lost cards are an issue, which can be an issue with students where cards serve as access into buildings and payment for foodservice. This is why some institutions are opting for biometrics over cards.

It’s important for end users to consult with their integrator about how best to incorporate an additional factor like biometrics into a dual or multi-factor authentication program. Is it something reserved for high-security areas, or do you incorporate it at the main entrance, knowing that once you’re confident about who has entered, you can go with more standard access procedures on inside doors?

And what about the environment in which the biometric is used? A fingerprint scanner that requires people to touch a unit may not be the best choice in a hospital, nursing home or daycare center where germs are a concern.

Biometrics continue to migrate into the mainstream. A perfect example is the finger scan used to unlock your smartphone or computer. Why not consider biometrics as another tool in a dual-factor physical security authentication program?

Surveillance, Access Control – There’s an App for That

By Matthew Ladd

An app may not be the deciding factor when a customer purchases new security technology, but having a mobile application associated with it that can be tapped into anytime, anywhere certainly doesn’t hurt.

What has become common in everyday life is now ubiquitous in the security realm as well. With a smartphone or tablet always in hand, it stands to reason that practical mobile applications would be developed that go hand-in-hand with security systems.

Today there are apps that allow for remote access to cameras, life safety and access control systems, providing the ability to view incidents, lock and unlock doors and much more.

Mobile applications bring a new level of efficiency to necessary tasks, such as allowing you to use your phone to take a photo, enroll a person and then create an access control badge, rather than having someone go to a particular office to undergo the process.

And apps can prove critical in breaking situations like the evacuation of a building. Using a mobile app in conjunction with RFID badging, it’s now possible to access a checklist of employees or students and determine who has exited the building and to which muster point they’ve gone.

So it’s easy to see that apps have become a true benefit for security, and that the level of sophistication and robustness continues to rise.

But as with any technology residing on a mobile device, cybersecurity is always a concern. Although measures are in place to safeguard the information accessible via apps from hackers, whenever there is connectivity outside of a controlled environment, like on a smartphone or tablet away from the office, it’s important to make sure there are added layers of authentication so not just anyone can access and control an app.

And it’s also important to note that apps work best when you are fully aware of their capabilities. Your integrator is the go-to person for advice and information on how to make the most of the applications associated with your security system and software. If you know how to use them correctly, apps can do anything that previously kept you tied to a console.

By working with your integrator, you can ensure that the burgeoning assortment of mobile apps are just what you need to conduct video tours, provide remote access to a building or to oversee events as they happen.

Retail Security: Benefiting from Advancements in Analytics and IP Cameras

By Chris Wetzel

Whether it is through employee theft or shoplifting, unexplained inventory loss is a major concern among retailers and one of the key reasons in-store surveillance is a priority.

Fortunately, advancements in IP camera technology and analytics are able to address the unique concerns of retailers in the battle against shrinkage along with overall improvements in camera response time and picture quality.

Tracking a potential shoplifter through a store is now made easier by more strategic positioning of cameras and built-in intelligence that allows security personnel to clearly identify and track a suspicious individual. Even with multiple cameras in play, it is possible to follow an individual through various fields of view, while also zooming in to capture a clearer facial image.

After the event, the use of analytics within the video management platform can help pinpoint the pertinent footage, reducing the amount of time spent reviewing recorded video to get to the usable data. Once recovered, the event can be shared with management, others within the security department or law enforcement, if necessary.

Analytics that provide security personnel with key information — such as heat mapping that shows movement within the store or dwell and linger data that indicates if someone is standing in one spot for a prolonged period — are additional tools in the fight against shrinkage. By setting parameters within the analytics, retailers can get alerts when certain suspicious behaviors occur, such as someone lingering outside a storage room, or a group of people congregating in a remote corner of the store.

These same heat mapping and dwell and linger analytics can also be deployed to assist retailers in making decisions about staffing busy areas or realigning security personnel during peak shopping periods, which can further combat shrink.

An added benefit to retailers via their security systems is the ability to integrate point of sale data with video so they can check out suspicious transactions like no-sale activity either as it occurs or record it for later review. Having a combination of POS data and corresponding video can provide hard evidence when making a case against employee theft.

These latest developments in security technology now provide retailers with important tools to manage shrinkage-related threats posed by both internal and external forces.

Internet of Things: What IoT Means to Security Professionals

By Bill Hogan

The value of connectivity is what’s driving the Internet of Things (IoT) — that concept of gathering actionable information via recognizable devices that reside on an Internet-based network.

The physical security industry has operated in this fashion long before the IoT became the latest buzz phrase. Sensors that detected motion in a room or readers that scanned cards were passing along information via the Internet so security directors could determine what was going on in a building or who was entering through a particular doorway.

Because security has been at the forefront of this movement, integrators have the opportunity to take a lead role as businesses look for ways to leverage IoT technology, especially as it relates to building automation.

The convergence of physical security and building automation is all around us these days. The same card that an employee uses to access his office can be just as easily programmed to turn on the heat as he comes through the door. Or sensors that detect an intruder can also determine when a room is empty and can turn off the lights, close the blinds or turn down the thermostat.

Home automation is another area where networked systems that drive the security side can also be leveraged in the BIoT environment. Think about the ease with which a consumer, using the backbone of her security system, can lock or unlock her front door, turn on the porch light or check on her kids and pets.

Increasingly, equipment is being networked to become part of the Internet of Things. And not only for the purpose of making living and working easier, but also to gather information to anticipate or prevent a problem. Sensors in the home of an elderly relative will be able to monitor movement and send an alert if, for instance, the front door hasn’t been opened in 24 hours or the bathroom hasn’t been accessed.

A seemingly dumb device, like a door latch, now can be easily configured with a relay to bring it onto the Internet and into the networked world.

With the steady movement toward BIoT technology, the question as integrators that we are asking themselves is: Where is my business in relationship to what is happening? Am I a leader or a follower? And do I have the tools at hand to take advantage of this burgeoning part of the industry?

A report from Memoori — a market research organization focused on smart building technologies — shows that the global market for Building IoT will surpass $85 billion in 2020 from the already robust $23 billion spent on BIoT in 2014.

This clearly illustrates that the BIoT trend isn’t going away and it behooves everyone in the physical security marketplace, from the integrator to the end user customer, to determine how they can harness the power of the Internet to bring efficiencies and benefits to their systems.

Say Yes to Access Control: Affordable Options Have Become a Reality

By Bill Hogan
Access control is now affordable even for your smallest locations.

Whether you are running a small business office, doctors office, coffee shop or retail store, it’s important to ensure that you protect staff and assets. While for some this may mean simply locking the front door at night with a key, the introduction of new technology at a lower price points now means that every business can afford the cost of access control today.

For example, in recent years manufacturers have introduced more technologies in support of the small access control market, with systems designed for the one to four door customer. This means that for property managers they can save both time and money by implementing access control.

With a card-based system, the small business can use a proximity card and reader system that allows them to issue an access control card to employees. This can be an ideal approach for a business with multiple locations where they want someone to have access to more than one location. Using a proximity card to access the building also cuts down on re-key costs when an employee leaves.

Another cost effective option is to install a keypad system on the exterior of an office door. When an office manager enters his pin number, it can unlock the door for the day and also provide a report on the open and close times of that location. This information can be accessed remotelyby the retail manager to lock and unlock the door, for example.

In addition, with a keypad-based system the administratorof the system can issue multiple pin numbers to employees, so that each person has a unique pin. That pin number can be easily deactivated if the employee no longer works at that location.

Whichever approach you decide to take there are many access control systems from which to choose from that are technologically advanced yet affordable. Installing an access control system is s an investment worth making in your business.