Like most other segments of the business world, technology has become ingrained in enterprise security operations. With that increased use of technology comes a new set of risks. The challenge is to ‘‘get ahead,’’ to digest all things happening around you and distill them to form a clear course forward. The best way to do this is to examine how the technology will be adopted and how the use of technology will then change the behavior of people. All of which is highly unpredictable.
Sogeti, as a business technology company, has a pragmatic view on technology and the trends that are important. The trends were composed by polling a group of Sogeti experts who in turn based their input on their view of the industry as well as direct conversations with our clients and partners. According to Sogeti, the most important trends for security enterprise executives include:
1. Mobile, Mobile, Everywhere. Anywhere, at Any Time, on Any Device
Mobility is all about being productive whenever and wherever employees need to be, on the device that suits them best. Whether it is a company-provided device or their own, they should be able to get things done, communicate and collaborate securely with people inside and outside their organization, both local and global. That means increased and diligent data security policies for your enterprise.
2. Augmented Reality
Augmented Reality is a live, direct or indirect, view of a physical, real-world environment whose elements are augmented by computer-
generated sensory input such as sound, video, graphics or GPS data – from the ‘‘character marker’’ to the Google Glass. It remains to be seen how this trend will affect surveillance policies.
3. Big Data
The term Big Data stands for awareness and new generation of technologies and architectures designed to economically extract value from large volumes of a wide variety of data, enabling high-velocity capture, discovery and/or analysis. Big Data is not about specific client tools or software, Sogeti says, but rather, managing information data sources, composed by structured, unstructured and new types of data (video, plain text, etc.) and make it available to a broad set of target applications and business intelligence solutions. How can you use Big Data in 2014 to reveal patterns and get ahead of risk?
4. Cloud Computing
By now, everybody has heard of Cloud Computing as a model for enabling convenient, on-demand network access to a pay-per-use shared pool of configurable computing services (e.g., communication services, servers, storage, applications and business services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The expected adoption of Cloud is enormous, Sogeti says, and a new way of software design will appear: integrate services from different sources into a single application. In addition, the rise of Cloud disaster recovery as a service solution will offer highly available and resilient services to enterprises. Real time analytics, and Big Data will strengthen Cloud usage and storage of data. Cloud for devices will be in charge of “hosting” mobile and machine-to-machine interactions to cope with the increasing volume of data produced by new connected devices.
5. Jericho Style Security
Jericho Style Security is a concept that puts security closer to the information and data (‘‘access to specific data’’). It reduces the sole reliance on peripheral or fence security (‘‘access to the system’’). As a result, it brings a more granular and flexible security approach that frees the business and is better adapted to face the security challenges brought by the age of Cloud Computing, digital collaboration and mobility. New developments like use of Cloud services, mobile devices, Web services or BYOD require new solutions for CSOs to a more balanced risk/freedom approach.
6. Reducing Costs By Improving Quality
Sounds elementary, but according to Sogeti, it’s often lost because of that element. Quality measures across the entire enterprise increase the business value by delivering higher ROI.
A quality focus in all security enterprise phases involving all parties enables projects to reach the expected business objectives. Therefore, testing alone is no longer sufficient to address quality challenges completely. A more complete quality approach across the entire Application Lifecycle is the new approach that can make the difference. Testing or quality are no longer restricted to the test team; they are a shared and business responsibility.
7. 3D Printing
For the past 30 years we have heard of 3D printing, but 2013 was a turning point as this technology is finally becoming accessible. 3D printers produce objects in different materials (plastics, steel, etc.), and they enable people to make or fix their own objects instead of just replacing them when they are broken or outdated. 3D printing also improves companies’ capabilities to control the product lifecycle from its conception to its prototyping and soon to its mass production. Yet, 3D printing brings its own new set of risk management challenges. According to an APreport, a law that banned undetectable firearms expiring in December has caused federal agents to focus attention on guns made entirely out of plastic. 3D industrial printers that can create plastic models and prototypes now can make guns that can’t be picked up by metal detectors.
8. The Internet of Things
The Internet of Things is based on the vision that connecting physical things to the
Internet makes possible to access remote sensor data and to control the physical world from a distance. This new capability can dramatically streamline how we secure, manufacture, distribute, manage and recycle our goods. It can also transform the way we perform everyday activities by giving applications current and detailed knowledge about physical events and risk management.
Integrates Stronger Audio Capabilities with Surveillance
When audio detection has been typically integrated with security video, audio quality is often poor due to outdated encoding technologies. When attempting to pick up sound cues other than the human voice, such as breaking glass, gunshots or footsteps, this newly enhanced SD camera range includes high-quality audio. Advanced Audio Coding (AAC) embedded in the cameras helps you add another sensory layer to your surveillance efforts.
Find out more at www.indigovision.com
Provides Simple-to-Install Surveillance for Small-Scale Projects
Designed for small retail, office or residential surveillance situations, often where it is not feasible to install Ethernet cables, this network camera features wireless connection capabilities, plus 720p HDTV video quality and a one-click camera connection. With support for Wi-Fi Protected Setup (WPS), easy hosted video connection and edge recording to a network attached storage (NAS) device, the camera is built for hosted video solutions. It also features a push-button for automatic WLAN pairing, which saves installation time.
Find out more at www.axis.com
Keeps Track of Contract Guards
Contract guard services are becoming more popular in the industry, but you need a reliable method of guard tour accountability. The GuardTrax GT2 guard tour reporting, accountability and management solution provides active RFIS capability and a swappable battery for 24/7 functionality, which reduces the number of systems you would need to buy. This handheld device integrates to a Web-based reporting and mapping interface, and provides GPS, active and passive RFID, geo-fencing, real-time alerts, no motion alerts, customizable event codes and business-use-only cellphone.
Find out more at www.guardtrax.com
Ultra Low Profile MicroDome™ Camera
MicroDome™ultra low profile multi-megapixel cameras are designed for applications where both high-resolution and a small footprint are required. The cameras are available in resolutions of 1.3-megapixels (MP), 1080p, 3MP and 5MP, with Wide Dynamic Range (WDR) up to 100dB at full resolution available at resolutions of 1080p and 3MP. Indoor models with an innovative in-ceiling mount are being released first, and will soon be followed by indoor/outdoor surface-mount models. The in-ceiling configurations have three spring arms at the top of the camera that easily fit through the small installation hole and then expand to hold the camera into place. The installer only needs to slide the camera through the hole and secure the magnetized mounting ring with a single screw. By combining long and short exposures in the same field-of-view, WDR maximizes the amount of detail in both bright and dark areas of a scene.
Find out more at www.ArecontVision.com
HD Micro Dome
Avigilon’s HD Micro Dome camera, available in 1 MP and 2 MP resolutions, is a small high-definition dome camera, enabling a cost-effective transition to HD video surveillance and all the advantages of the Avigilon Control Center software. This camera operates on Avigilon’s H3 platform with enhanced HDSM features to intelligently manage both storage and bandwidth. With a horizontal angle of view of 88 degrees, the HD Micro Dome camera can cover an entire room from a single location while providing image detail. Featuring an IP66 rating and 30 images per second at full resolution, camera delivers a versatile solution for monitoring activities in a variety of environments including retail, commercial and indoor or outdoor building entrances and hallways.
Find out more at Avigilon.com
Network Video Recorders
Salient Systems’ PowerProtect line of hybrid Network Video Recorders supports directly connected analog cameras as well as IP cameras simultaneously using CompleteView Video Management Software. Combined with a Transition Plan, video surveillance consumers can migrate from existing analog cameras to IP cameras over time without purchasing third-party encoder hardware or repurchasing camera software licenses. The PowerProtect platform offers higher performance and greater reliability extending the limits of operational capabilities for video surveillance systems.
Find out more at www.salientsys.com
CCTV Components and Edge Devices
IQinVision Alliance-pro and 7-Series cameras are designed as a platform for the future. Such edge devices empower customers to more easily and cost-effectively build onto their security systems as technology continues to advance. These powerful WDR cameras are capable of advanced functionality on the edge: on-camera analytics, on-camera storage, recording directly to NAS, and integration with software such as exacqVision Edge, a video management system that records directly to the on-camera storage. DTS allows for a more scalable, robust and cost effective video recording system. With DTS, the server resides in the camera. Storage can also be located on the camera – all while consuming less than 8W power.
Find out more at www.iqeye.com
5 Tips for Mobile App Security
As the number of mobile devices continues to grow and companies develop unique apps to engage with employees and customers, security remains a major concern for IT departments.
While research from the Verizon 2013 Data Breach Investigations Report shows data breaches involving mobile devices are uncommon today, experts agree these security threats will become more prevalent in the near future.
According to Jack Walsh, mobility program manager for ICSA Labs, a vendor-neutral security testing and certification organization: “With more mobile payment systems coming online, and as more devices connect to the cloud, we will begin to see an uptick in security threats to mobile devices. Add to this the bring-your-own-device and bring-your-own-app trends, and it’s easy to understand that mobile devices will be the next frontier for hackers. By layering on additional security proactively, enterprises will be in much better position to protect their assets.”
To help enterprises stay ahead of the curve, ICSA Labs offers five tips:
- Dynamic analysis is a must.If deploying security-tested mobile applications is required by your company’s IT organization, consider mobile applications that have undergone dynamic analysis. This involves testing a mobile application while it is running in a live environment including all the appropriate back-end systems with which the app normally communicates.
- Conduct due diligence when selecting a mobile application developer.Make sure the mobile app developer is legitimate, trustworthy and has a history of quality app development. Another good due diligence step is to ask app developers if they have their own testing and certification practices.
- Build an enterprise app store.If, as an enterprise, restricting certain mobile apps seems like a futile effort, build your own enterprise app store. The store should only include independently tested and approved mobile applications. Also, build and share a list of mobile apps from the enterprise app store, as well as other apps deemed secure. This can help prevent employees from downloading apps from other, possibly rogue locations.
- Develop and share broadly your mobile device policy with employees.They need to know and understand the ground rules for bringing their own devices into the work environment, and know if this practice is forbidden. Be sure to develop and clearly communicate your policies. Nothing wreaks as much havoc on an enterprise as ill-informed employees.
- Don’t fight a losing battle.Research and implement the right mobile device management solution that adequately supports the bring-your-own-device policy, so you are not swimming upstream. Enterprises should be in the driver’s seat when it comes to managing the mobile device environment. It is far easier to get ahead of the curve than to make corrections after the fact.
Mapping Out the 2014 Video Surveillance Landscape
When enterprise security professionals look to build their surveillance system, they are looking to future-proof their investment, at least for the next five to 10 years. And in order to do that, it is necessary to predict what the new trends are and whether or not they’ll stick around. Breaking out the crystal ball, however, is not necessary – you just have to study the momentum of the last five years.
According to Jeff Kessler, Managing Director of Institutional Research at Imperial Capital, security leaders should watch for the continued, increased use of managed, hosted video; a continued move toward standardized video equipment; more public-private partnership funding for Safe Cities programs; and the ongoing shift from analog to IP.
“Certain companies are on certain timelines,” says Kessler, “to eliminate the legacy side of the business. We’ve seen a spike, and there will be a fall-off in the sale of encoders, but by 2014, the peak on encoder use will already have been reached.” Over the next few years, there will be less of a need for encoders and more dependence on integrators.
“We need to build up our IT IQ,” remarks Kessler. “End users and integrators will need to be a lot smarter in their ability to understand networks in order to get the most out of them.” He also says that because of the sheer amount of information that comes with network surveillance, there will be increased pressure on IT professionals to ensure they’re prepared for surges of video as incidents occur. Conversely, security leaders have to ensure that their surveillance is not going to overwhelm the entire enterprise’s network.
However, these predictions certainly did not come out of the blue – looking back at the trends of the past five years can be instrumental in determining what’s next.
According to Kessler, the top five trends of the last five years are:
- Improvement in Megapixel Quality: “Over the last five years, we’ve gained a much better idea of what is really needed for certain situations and what is not needed – one to three megapixels seems to be the sweet spot, but that doesn’t mean that the 50- or 100-megapixel options aren’t useful in certain spaces.”
- Standardization Around Practices or Specs: The standards process, such as ONVIF or PSIA, enables more companies to work in the same space, in terms of what functions their cameras offer, Kessler says. This also enables other parts of the security industry (access control, for example) to integrate with surveillance more easily.
- Drastic Improvement at the Edge: The improvement and understanding of what works and what doesn’t at the edge, either for storage or action, is enabling the medium to move forward.
- Surges of Appliances to Integrate Video: This has been a boon for small and mid-sized enterprises – these appliances provide a very good way to integrate the entire security process, which enables the end user to operate and manage the system without complicated know-how.
- Storage Analytics: This has proved to be a major way of increasing ROI and making money, says Kessler. These analytics often provide diagnostic functions that keep surveillance devices operating at their best, and they also provide end users with the most actionable data from their video.
In 2014, Kessler sees the continuation of sequestration playing a large part in government surveillance issues – “A lack of funding for large Department of Defense projects will force a push for more public-private partnership funding for Safe Cities programs, where the local or federal government will match or exceed any private contributions to the project’s fund. Cities would be unable to fund this alone, and a partnership leads to less pushback from the community.”
Managed, hosted video is also not going away anytime soon – Kessler sees a higher demand for four- to five-camera setups for thousands of stores, such as large retail chains. However, a contingent within the security industry believes that this is not a cost-effective way of doing business, and that it will impede absolute growth of small systems. Expect that debate to continue moving forward.
The sophistication of new systems can be intimidating, as “sophisticated”is often considered shorthand for “complicated.”But partnerships between integrators and manufacturers are driving the production of solutions-based surveillance systems tailored to the needs of the entire enterprise, not just the security department.
“The end user isn’t just the security director anymore,” says Kessler. “The system has to be accessible and valuable for IT, the CEO, the CFO, COO, and more. So the manufacturer is providing services, education and sophisticated camera systems, not just the camera but storage, software and analytics, to the integrator, who educates the end user on how to use the system to their best advantage. This partnership from all three parties creates more sophisticated equipment that can be used more easily.”
And for future-proofing, Kessler has a few notions about what the surveillance landscape will look like in 2020:
- There will be very few analog users left, excepting small businesses with no reason or capital to switch.
- You will see vastly improved capabilities to measure the health of the system.
- The overall relationship metrics between frames-per-second, latency, megapixel clarity and other factors will improve dramatically.
- Expect the ability of video to integrate data with other parts of the security system: “Video is the key part of the system that gives you tremendous amounts of data,” Kessler says. “I expect the goal of having integrated, actionable data to be realized by 2020. This is a template for a store owner, for example, to understand where products are and how to make the store more effective.” This could also enable manufacturing companies to improve consistency, audits and investigations.
- There will be a real answer to how much video is stored or used remotely, and how much should be kept on-site.
Expect increasing amounts of video and access in the Cloud as more trust grows in Cloud-based services.