Category: Feature

How accurately do face recognition software tools identify people of varied sex, age and racial background? According to a new study by the National Institute of Standards and Technology (NIST), the answer depends on the algorithm at the heart of the system, the application that uses it and the data it’s fed – but the majority of face recognition algorithms exhibit demographic differentials. A differential means that an algorithm’s ability to match two images of the same person varies from one demographic group to another. Results captured in the report, Face Recognition Vendor Test (FRVT) Part 3: Demographic Effects (NISTIR 8280), are intended to inform policymakers and to help software developers better understand the performance of their algorithms. Face recognition technology has inspired public debate in part because of the need to understand the effect of demographics on face recognition algorithms. “While it is usually incorrect to make statements across algorithms, we found empirical evidence for the existence of demographic differentials in the majority of the face recognition algorithms we studied,” said Patrick Grother, a NIST Computer Scientist and the Report’s Primary Author, “While we do not explore what might cause these differentials, this data will be valuable to policymakers, developers and end users in thinking about the limitations and appropriate use of these algorithms.” The study was conducted through NIST’s Face Recognition Vendor Test (FRVT) program, which evaluates face recognition algorithms submitted by industry and academic developers on their ability to perform different tasks. While NIST does not test the finalized commercial products that make use of these algorithms, the program has revealed rapid developments in the burgeoning field. The NIST study evaluated 189 software algorithms from 99 developers – a majority of the industry. It focuses on how well each individual algorithm performs one of two different tasks that are among face recognition’s most common applications. The first task, confirming a photo matches a different photo of the same person in a database, is known as ‘one-to-one’ matching and is commonly used for verification work, such as unlocking a smartphone or checking a passport. The second, determining whether the person in the photo has any match in a database, is known as ‘one-to-many’ matching and can be used for identification of a person of interest. To evaluate each algorithm’s performance on its task, the team measured the two classes of error the software can make – false positives and false negatives. A false positive means that the software wrongly considered photos of two different individuals to show the same person, while a false negative means the software failed to match two photos that, in fact, do show the same person. Making these distinctions is important because the class of error and the search type can carry vastly different consequences depending on the real-world application. “In a one-to-one search, a false negative might be merely an inconvenience – you can’t get into your phone, but the issue can usually be remediated by a second attempt,” Grother said, “But a false positive in a one-tomany search puts an incorrect match on a list of candidates that warrant further scrutiny.” What sets the publication apart from most other face recognition research is its concern with each algorithm’s performance when considering demographic factors. For one-to-one matching, only a few previous studies explore demographic effects; for one-to-many matching, none have. To evaluate the algorithms, the NIST team used four collections of photographs containing 18.27 million images of 8.49 million people. All came from operational databases provided by the State Department, the Department of Homeland Security and the FBI. The team did not use any images ‘scraped’ directly from internet sources such as social media or from video surveillance. The photos in the databases included metadata information indicating the subject’s age, sex, and either race or country of birth. Not only did the team measure each algorithm’s false positives and false negatives for both search types, but it also determined how much these error rates varied among the tags. In other words, how comparatively well did the algorithm perform on images of people from different groups? Tests showed a wide range in accuracy across developers, with the most accurate algorithms producing many fewer errors. While the study’s focus was on individual algorithms, Grother pointed out five broader findings: For one-to-one matching, the team saw higher rates of false positives for Asian and African American faces relative to images of Caucasians. The differentials often ranged from a factor of 10 to 100 times, depending on the individual algorithm. False positives might present a security concern to the system owner, as they may allow access to impostors. Among U.S.-developed algorithms, there were similar high rates of false positives in one-to-one matching for Asians, African Americans and native groups (which include Native American, American Indian, Alaskan Indian and Pacific Islanders). The American Indian demographic had the highest rates of false positives. However, a notable exception was for some algorithms developed in Asian countries. There was no such dramatic difference in false positives in oneto-one matching between Asian and Caucasian faces for algorithms developed in Asia. While Grother reiterated that the NIST study does not explore the relationship between cause and effect, one possible connection, and area for research, is the relationship between an algorithm’s performance and the data used to train it. “These results are an encouraging sign that more diverse training data may produce more equitable outcomes, should it be possible for developers to use such data,” he said. For one-to-many matching, the team saw higher rates of false positives for African American females. Differentials in false positives in one-to-many matching are particularly important because the consequences could include false accusations. (In this case, the test did not use the entire set of photos, but only one FBI database containing 1.6 million domestic mugshots.) However, not all algorithms give this high rate of false positives across demographics in one-to-many matching, and those that are the most equitable also rank among the most accurate. This last…

Microsleep, distraction, a seatbelt left undone – many things that happen inside a vehicle can have far-reaching consequences. To avert critical driving situations and possibly also accidents, it is planned that cars will in the future use their sensors not simply to monitor the road but also the driver and other passengers. For this purpose, Bosch has developed a new interior monitoring system featuring cameras and artificial intelligence (AI). “If the car knows what its driver and occupants are doing, driving will become safer and more convenient,” said Harald Kroeger, a member of the Robert Bosch GmbH board of management. The Bosch system may go into production in 2022. In that year, the EU will make safety technology that for example warns drivers of drowsiness and distraction a standard feature in new vehicles. The EU Commission expects that, by 2038, their new safety requirements for vehicles will save more than 25,000 lives and help prevent at least 140,000 severe injuries. By keeping an eye on what is happening inside the car, it is hoped that a fundamental problem of self-driving cars will be solved. If responsibility for driving is to be transferred to the driver again following an automated drive on the freeway, say, the car needs to be sure that the driver is neither sleeping, nor reading the newspaper, nor writing e-mails on their smartphone. A smart camera constantly monitors the driver At 50 kph, a vehicle will cover 42 meters completely unsupervised if the driver dozes off or looks at their smartphone for just three seconds. Many people underestimate the associated risk. International studies state that nearly one in ten accidents are caused by distraction or drowsiness. This has prompted Bosch to develop an interior monitoring system that detects and alerts to this danger and provides driving assistance. A camera integrated in the steering wheel detects when drivers’ eyelids are getting heavy, when they are distracted, and when they turn their head toward their passenger or the rear seats. Thanks to AI, the system draws the right conclusions from this information – it warns inattentive drivers, recommends a break if they are getting tired, or even reduces the speed of the vehicles – depending on the automaker’s wishes, and also on legal requirements. “Cameras and AI will turn the vehicle into a life-saver,” Kroeger continued, To achieve this, Bosch engineers have used intelligent image-processing algorithms and machine learning to teach the system to understand what the person in the driving seat is actually doing. To take the example of driver drowsiness, the system is trained using recordings of real driving situations, and on the basis of recordings of eyelid position and eyeblink rate, learns how tired the driver really is. This allows it to give an alert that is appropriate to the situation, and to use the driver assistance systems to intervene. Warning systems that sound the alert in the case of distraction and drowsiness will be so important in the future that NCAP, the European New Car Assessment Program, will include them in the roadmap for the Euro NCAP assessment for vehicle safety by 2025. On the subject of monitoring, only the software in the vehicle itself evaluates the information provided by the interior monitoring system – the information is neither saved nor passed on to third parties. Like a relay race: Responsibility for steering passes from car to driver and back At the latest when cars start driving automatically, it is obvious how important it is that they understand their drivers. Once driving is automated, cars will drive along free ways without driver intervention. However, they will also have to be able to hand back control to their drivers – in tricky situations such as construction zones, or when the exit ramp is drawing near. Drivers have to be able to safely take the wheel again at any time during the automated driving phase, and the camera makes sure they don’t fall asleep. If their eyes remain closed for a prolonged period, an alarm is sounded. The system also interprets camera recordings to establish what drivers are currently doing, and how ready they are to respond. The transfer of driving responsibility is then timed accordingly. “Bosch driver observation will be essential for safe automated driving,” Kroeger commented. When the car keeps its camera eyes open But the new Bosch system keeps its eye not only on the driver, but also on all the other passengers, whether next to or behind the driver. For this purpose, a camera mounted above or below the rear-view mirror monitors the entire passenger compartment. It notices whether children on the rear seats have carelessly unfastened their seat belts, and warns the driver. If someone sitting in the back is leaning too far forward, at an angle, or with their feet up on the seat next to them, the airbags and belt tensioner will not be able to protect them properly in an accident. The interior monitoring camera can tell what position they are sitting in and set the airbags and belt tensioner to ensure the best possible protection. The interior monitoring system also prevents the passenger seat airbag from being deployed if a baby’s carrycot is on the seat. On the subject of children, it is a sad fact that parked vehicles can be a death trap for them. In the United States in 2018, they claimed the lives of more than 50 children (source: KidsAndCars. org), either because they had been left in the car for a short while or had clambered in unnoticed. The new Bosch system can recognize this danger and warn parents in a flash by sending a message to their smartphones. In an emergency, it also can alert the emergency services. As the Hot Cars Act currently being debated in the United States shows, legislators are interested in technology solutions to address this challenge. A camera for more convenience The new Bosch system also means more driving convenience. The interior monitoring camera can tell who…

Surveillance and security in traditional sense is now moving forward – in leaps and bounds. Gone are the days when people were using analog cameras. Analogs are rapidly being replaced by digital cameras which enable video analytics to perform on an incoming digital stream. Also, between 2005 and 2010, there was a massive push to standardize the interface between the camera, and the software that talks to it over an ethernet cable. ONVIF – the Open Network Video Interface Forum – meant to provide and promote standardized interfaces for effective interoperability of IP-based physical security products, laid these standards. (Though many camera manufacturers claim that they are ONVIF compliant – one must check onvif.org to confirm). That development disrupted the stranglehold of camera manufacturers with their partners and allowed many other players to enter into the market as proprietary protocols were no longer required. Most of the terabytes of stored video is useless as it does not carry any useful information. Manual searches need to be conducted to find the relevant information one is looking for. This turns out to be a time-consuming process, as well as by the time information is found it might be out of date. This is where video analytics comes in fray which helps to some degree by looking for only relevant information – thereby saving time and resources. (https://www.securitylinkindia.com/feature/2019/09/11/actionable-video-intelligence/). Even though video analytics saves a considerable amount of time, it still does not avoid the manual process involved in looking at video instead of data. Now at this point – artificial intelligence and machine learning are meant to come in. Artificial intelligence builds a model based on a few initial parameters that are input by the user. Without getting into the details, it quickly builds a neural network and tells the confidence level of each object found in the video frame. This is a highly mathematical process involving convolution, calculus, probability and statistics. Based on the confidence level of each object found in the frame, one can fine tune the neural network by changing the input parameters. This fine tuning is called Machine Learning by which the neural network raises the confidence levels above 95% for each object found. We have done this in our ‘intrudX’ product whereby object confidence levels go from as low as 60% to as high as 98%. One can now put the neural network in training mode telling it the target end result a user wants. The machine can self-learn by varying hundreds of input parameters till the end target is met, and at this stage the user gets the model what he has been expecting. He now continues to use this highly accurate model to build his applications to solve problems specific to their market vertical. So, what have AI/ ML done? They eliminated the requirement of video examination – now, only the extracted data from the video stream is examined. This is a far more intelligent way of examining video streams in a far more efficient way – allowing the end user to build multiple intelligent applications on top of this. This is the ‘wave’ of the future as multiple petabytes of data cannot be examined after this fact. With the number of cameras exponentially increasing all across the globe, the best way to process video is on the fly – in real time – as it saves time, money and resources across the board. However, some time and money have to be invested for a particular use case to fine tune the neural network model. Once this process and methodology are mastered, one can use it for other use cases as well. In our case, some of ‘intrudX’ models took up just 30 minutes to bring up the confidence level above 95%, while in other cases it has taken even a week. Factors that affect the training period are: Lighting, Number of objects in the frame, and Complexity of the shape of the object.     A couple of used cases are described hereunder to make this concept clear. USED CASE I Implementing standard operating procedure (SOP) While defining SOP for a drug testing methodology in a pharmaceutical laboratory – following are the requirements: Capturing and time stamping when an employee enters and exits the laboratory. Measuring the procedure when the drug testing starts. Identifying colored flasks and test tubes, and their movement from one step to the next. Identifying the microscopes and other medical instruments used in the measurement and how they are being used. Flagging the deviation, if any, from SOP and report it to the administrators. Obviously, one can use identifying objects in the video stream and determine whether the SOP is being followed or no. This can be used by the laboratory management team to improve overall efficiency of the laboratory and its’ employee performance without looking at the video streams. USED CASE II Measuring queue lengths While measuring queue lengths at bank counters, airport check-in lines, hospitals etc – requirements are as follows: Determine queue lengths to fix arrival and service rates. Queue lengths will increase if service time is greater than the person’s arrival time. Flag these so the service efficiency can be improved Summary The neural network model has over 25 million pre-defined objects in the database which have been developed using artificial intelligence techniques. In a typical end user case a very small subset of these 25 million predefined objects is required. New objects are continuously being added to the database. The model also allows itself to be put in training mode based on what the end user really wants.     ‘intrudX’ Object Classification Engine takes advantage of this feature and provides interfaces so that end user case applications can be developed rapidly and be put to use. We provide extracted data, interface to the ML neural network model, as well as application development services for the customer. By- Paresh Borkar, Founder & MD, intrudX Security Solutions, LLC  

An access control system (ACS) is an ultra-critical component in the chain of electronic security – however in India, even many large organizations do not give access control the credit that is due. This article enumerates ten must-have features that any modern access control system should possess. While designing security systems, we are especially attracted to projects which consist of access control systems (ACS) – because only the discerning customer considers access control as a ‘security requirement’ rather than a ‘time & attendance’ requirement. In many premises, the convenience of recording attendance is given precedence to the necessity of preventing unauthorized entry at all times. This leads to the continued use of obsolete access control technology, making the entire campus vulnerable to intrusion, albeit unknowingly. Due to the lack of clear understanding of and expectation from an ACS, vendors often make the most of the situation, installing systems that have gaping loopholes. The entry and movement of persons and/ or vehicles in a campus is of the utmost criticality for any security manager and a sound ACS must be the first step towards managing the same. Surveillance cameras may be the most visible element within security systems; however, they are reactive (mostly used after an incident has happened) – whereas an ACS has the ability to prevent that very incident. Since all security systems are now IP or IP based, ACSs have also gravitated towards Internet Protocol. This is a great news for both the security and network administrators; however, it does open up possible vulnerabilities, especially if there is an intersection of the data and security networks. Security managers have to be tuned into the IT security demands of their organizations and have to ensure that their ACS over IP poses no risks of virtual intrusion. Access control is a complex domain using multiple technologies – cards, readers, controllers, software, and the IT elements. Hence, it is best left to experts – however, here I lay down ten techno-functional parameters that must be considered when one decides to implement or upgrade to, a state-of-the-art ACS. While broadly any ACS can be judged by its adherence to these parameters, there are site-specific conditions that one must look into, to increase the efficacy. 1. Integration Integrability with other systems is the first parameter to consider while designing an ACS. The first integration point for any ACS should be with the fire/ smoke detection system. This is mandated by law. Unfortunately, ‘mandated by law’ is not a very strong phrase in India! This has led to tragic accidents in many organizations, retail environments and homes, but the learning is still not evident. Further, organizations do not have a clear standard operative procedure (SOP) in terms of the modalities and eventualities of such integration. Another integration point that can unlock the true potential of security systems is between video surveillance and access control. Though, modern video surveillance systems do have standard integration protocols with ACS (and vice versa) – these protocols must be harnessed to deliver better situational awareness. Many other integration touch points with ACSs are already being practiced – such as the one with T&A and ERP systems (which we will not delve into). However, one element of tight integration to be considered is with visitor management systems. As I never fail to repeat, the visitor management system really manages all the unknowns in your campus – and hence seamless integration of the visitor management system with the ACS is strongly required. Without intruding into the privacy of the visitor, a visitor management system should be able to clearly define what is expected of the visitor in your campus and what is the protocol when those expectations are not fulfilled. Ultimately, it is the campus! 2. Card vs. biometric Frankly there is no comparison at all – biometric ACSs are more secure, reliable and authentic than mere card based ACSs. However, this is a decision that involves change management and process re-engineering, which at times is difficult to achieve in brown-field projects. If card based ACS is to be used, multi technology smart card readers should be considered. It’s surprising to know that many organizations are still using proximity cards and readers, which have been proven to be eminently hackable. The decision of the card itself is an important one as it literally is the key to your premises. Smart contactless card platforms such as MiFare, DesFIRE and iCLass SE offer significantly higher security and encryption standards. 3. Card formats Organisations must ensure that they get completely involved in the important job of defining specific access card-bit formats. We have noticed that for the sake of manageability, security managers leave the task of card bit format definition to vendors, without perceiving the risk of vendor lock-in. 4. Information security Since ACSs have now become completely IP based, they have to be essentially treated as IT systems – and all the information security standards that the organization adheres to, have to be satisfied. Access data has to be treated with highest confidentiality standards. ACSs must quickly adopt the IP v6 protocol and use high encryption standards (min 128bit AES). Similarly, the IT elements such as the operating system, databases, processing and storage should all conform to the latest available versions to guarantee better support and security. 5. Reporting, alarms & alerts An ACS cannot be treated as a static system – it must have the capability to evolve as per the organisation’s growth. The software becomes critical in this sense, and hence it should have the ability to scale up, to be customized, and to be tuned to the growth requirements. This includes demands for varying report requirements that security managers will have for administrative management. Similarly, workflow based alerts and alarms are now a necessary feature for large campuses with a vertical security hierarchy. 6. Anti-duplication Biometric ACSs are the best to negate any chances for false entry. Even biometric ACSs do require de-duplication to ensure complete identification. Card based…

A Day in the Busy Life of A Traveler in 2020 At 5:30 a morning, her smartphone alarm drags Elise from a deep sleep, and into another busy day. The device unlocks when she looks at it with eyes barely open. At a shake of her head, the phone goes to ‘snooze.’ Two snooze cycles later, Elise stumbles to the kitchen where the coffee maker lights up with recognition to brew her favorite coffee. The radio, following suit, tunes to her favorite news program. Grabbing her briefcase, Elise heads out the door and into her car, where recognition software adjusts the driver’s seat position, switches on the radio and adjusts the volume. After a quick visit to the gym, she heads to work. A kiosk recognizes Elise and opens the gate with no fob or key card. Just like the gym earlier, another camera at the entrance identifies Elise and opens the door. Once inside, she takes an elevator that automatically whisks her to her seventh floor office which unlocks at her approach. At lunch, she moves rapidly through the automated cafeteria checkout. Food and beverages are scanned, and Elise uses facial payment to pay the tab with just a glance. Soon after, she’s on her way to the airport for a flight that will take her to meet clients in Tokyo the next day. The Eyes Have It – Creating an Easy & Personalized Airport Experience Today’s airports have become a painful experience for travelers. In 2020, that’s no longer the case. Once at the airport, Elise checks-in at the kiosk that identifies her through a face scan. Besides checking her in and giving her flight information, the kiosk also ensures Elise is not on a security watch list. She moves to the bag drop site, where another scan matches her bag with her ticket. Next, thanks to face recognition, she easily passes through the security checkpoint, what years earlier had been the most frustrating step in a system of ‘chokepoints.’ Now entering the main terminal, a nearby kiosk recognizes her and displays personalized gate and boarding information. Elise smiles, knowing she has time to relax, grab dinner and shop before the long flight. While shopping for the sweater she forgot at home, a store associate informs her of current promotions that might interest her based on her purchase history and opt-in loyalty program. The Case for Face Recognition Technology Elise’s story takes place in 2020, but the advanced face recognition solutions enabling that future are here today. They create a seamless, frictionless experience for everyday citizens like Elise as they make their way through their day – especially for travelers navigating increasingly busy airports. For businesses undergoing a digital transformation, face recognition technologies can drive increased revenues, simplify transactions, improve operational efficiency and create a paperless environment – all of which, again, improves the customer experience. At the same time, solutions combining surveillance cameras with face recognition software can elevate the level of public safety and security, not just in airports, but throughout society. Enterprises and government agencies can ensure only authorized personnel have access to their facilities, while retailers and entertainment venues can secure their facilities and protect customers. Airports are the melting pot where all these benefits come into play. In 2017 airlines world-wide carried more than 4 billion passengers, and demand for air travel is expected to double over the next 20 years. This will be a challenge for airports, which have to efficiently move people from one point to another, quickly and seamlessly. At the same time, 46 percent of passengers in 2017 still used the main ticket counters when they check in – and had their IDs checked manually – even though self-service options were available. Another 15 percent checked in through kiosks, most of which scan the ID, not the traveler. Queue management is a nightmare. In Europe’s busiest airports, wait times are often disrupted by staff shortages, time of year, or threat levels. At times, they are measured in hours rather than minutes, adding the stress of missed flights, rebooking and long layovers for travelers. Face recognition technology can sharply reduce those wait times, creating a frictionless experience for travelers from home to their final destination. It’s not just an issue of the travelers’ convenience and comfort, but also their safety. Airports are beset by threats, from terrorism to weapons being hidden in baggage. To keep passengers safe, security personnel require accurate verification of the identity of the person picking up the ticket, checking the bag, moving through the security checkpoint and boarding the plane. Face recognition technology is also used to take the accurate identifications and compare them to worldwide watch lists, even alerting security personnel to ensure the safety of passengers. In addition, it ensures accurate and fast verification for biometric air entry and air exit programs, speeding not only airplane boarding but also the customs and immigration processes. In this way, it not only ensures the security of every country and its citizens, it makes these processes fast and hassle-free for travelers. Touching Down After a StressFree, Relaxing Flight As the plane nears its destination, Elise wakes up and stretches. She orders a beverage and pays – naturally – using the on-board facial payment system. Relaxed, she deplanes in Tokyo and once again finds a frictionless process through the airport. Elise moves into the queue for immigration and customs, where her identity is quickly and accurately verified, enabling her to speed through the line. She now moves to the baggage claim carousel to get her luggage. Despite best efforts by the airlines, bags can be mishandled or stolen. In 2017, 22.7 million bags were mishandled worldwide, and 22 percent of all those were damaged or stolen. Spotting her bag, Elise feels assured it hasn’t been tampered with. Face recognition solutions can match travelers with their bags. The solutions can also monitor baggage claim areas to identify people damaging or stealing luggage, reducing thefts and increasing safety and…

While deciding amongst a public, private or hybrid cloud offerings, any organization considers the involved security risks as one of the most important parameters. The prefix ‘Public’ alone can make some people think that public cloud is not as secure as a hybrid, or a private offering. But is that really true – or is the public cloud secure enough for your organization’s data? Let’s try to analyze this question and arrive at an answer post validation of some facts. However, before we do the analysis let’s give a brief intro to the public cloud so that this assessment becomes meaningful even for someone with no technical background on cloud computing. Introduction to public cloud The concept of offering cloud computing as a public utility is not new. It was first mooted in the 1960s by JCR Licklider as an ‘intergalactic computer network,’ which laid the foundations of grid computing, an early forerunner of the cloud. However, it was wasn’t until the 1990s when the internet started to offer significant bandwidth that the idea actually started seeing the light of the day. One of the first milestones was the arrival of salesforce.com in 1999 which pioneered the concept of delivering enterprise applications via a simple website. In 2002, Amazon created a suite of cloud based infra services including storage and compute as a captive arm of Amazon e-commerce. Later by 2006 Amazon Web Services (AWS) was introduced as a commercial web service, with the launch of their compute service Elastic Compute (EC2) that allowed small companies to rent computers on the cloud to run their own applications. Soon enough other players entered the market as public cloud service providers prominent being IBM Cloud (2011), Google Cloud (2011), Microsoft Azure (2012), and many others. Public cloud computing is defined as computing services offered by third party providers over the public internet making them available to anyone who wants to use them. A public cloud is built on a fully virtualized environment which supports a multi-tenant architecture enabling users to share computing resources – thus bringing economies of scale and lowering costs. A user pays only for what they use just like a public utility service such as electricity or piped gas. This no capex opex only model was the major attraction which initially attracted a lot of customers to the public cloud. Over the years as the technology has evolved, most public cloud service providers have upped their game This no capex opex only model was the major attraction which initially attracted a lot of customers to the public cloud. Over the years as the technology has evolved, most public cloud service providers have upped their game. Is that a valid concern, or just a bogey? This article tries to address the query. Security concerns in the public cloud Loss of governance The idea of migrating applications hosted on premise to the public cloud is quite disconcerting to many users. The concerns largely are around the under mentioned areas. Data loss/ leakage. Misuse or leakage of data especially with other tenants in the cloud. Access control. When a business operates in an exclusively on-premise IT infrastructure, governance is controlled and executed within a ring-fenced environment. In the cloud, the boundaries are suddenly gone and this instils a sense of unease. The customers are not sure of if unauthorised access is prevented, or even if the cloud providers claim so how can they be assured of it. Incident response. How is this going to be managed? DDoS protection. What is the protection from a distributed-denial-of-service attack? Compliance Data sovereignty. In many cases regulation demands that the data stay within a country or a region. How can a customer be assured of the same when the cloud service provider host their infra in their global data centers. Compliance to certifications/ audits. Many organizations may be holding security related or other global certifications e.g., ISO 27001 etc., but how can they be assured in the public cloud? Privacy Misuse of data. There are concerns about the customer data being used by the cloud service providers analytics, marketing, and/ or shared with any 3rd parties? Data ownership. Who owns the data on the cloud? Malicious insider. A malicious insider is an employee of the cloud service provider who abuses his or her position for information gain or for other nefarious purposes such as a disgruntled employee. How does one prevent that? Transparency Visibility. Do I have control over my data, where is it stored? Who can access it in the cloud provider team? Deletion. When I delete my data in the cloud, is it truly and completely deleted? How cloud providers have responded to the security concerns Institutional frameworks The Cloud Security Alliance (CSA) was formed in Dec 2008 with the aim to securing cloud computing. It is a not-for-profit organization with a ‘mission to promote use of best practices for providing security assurance for cloud computing.’ Over the years it has come up with several security guidelines and standards to assure public cloud security, prominent amongst them is the 2010 Cloud Controls Matrix (CCM) which is a baseline set of security controls to help enterprises assess the risk associated with a cloud computing provider. It provides guidance in 16 security domains including application security, identity and access management, mobile security, encryption and key management, and data center operations. In 2013, it launched the STAR (Security Trust and Assurance Registry) certification. STAR has 3 levels of certifications. It encompasses key principles of transparency, rigorous auditing and harmonization of standards. STAR level 2 certification provides multiple benefits including indications of best practices and validation of security posture in the cloud offerings. All major cloud providers conform to these standards and that has greatly helped them build assurance in the minds of the customers. Shared responsibility model of security Security and compliance is a shared responsibility between the cloud provider and the customer. This shared model can help relieve the customer’s operational burden as the cloud…

Internet has undoubtedly been one of the most significant developments in humanity’s technological journey since the industrial revolution. Rapid advances in telecommunication, especially wireless coupled with software application development, has led to the proliferation of internet to almost all facets of human activity. The ‘Internet of Things’ or ‘IoT’ amalgamates the strengths of network, wireless, miniaturised hardware, software, and cloud to create an even greater medium that pushes the frontiers of day-to-day usage of technology in a multitude of facets of human life. Simply put, the IoT is a computing concept of physical objects being connected to the internet, being able to identify themselves to other devices, and being able to intelligently exchange data through a variety of media. IoT thus creates an ecosystem wherein just about anything, and not just present-day devices such as laptops, smart phones, tablets, wearable digital devices etc., can be connected and can communicate in an intelligent manner. The result thus is a physical world transforming into a gigantic digital information system with application in manufacturing, R&D, smart cities, smart homes, smart campuses, critical infrastructure, transportation, computing, agriculture, defence, security & surveillance, or in any other sector. This has led to the emergence of new applications and business models. However, the IoT, like all digital technologies that make it up, is fraught with vulnerabilities and potential risks. Growth of IoT We see connected devices increasing in our life day by day. By qualified estimates, at present (2019) there are approximately 7 billion inter-connected devices. This number is expected to increase to about 29 billion by 2022, of which approximately 18 billion will be related to IoT. Between 2016 and 2022, IoT devices are appreciated to increase at a CAGR of 21 percent, driven by new use cases, miniaturization of hardware, increase in computing power, ICT (4G/ 5G), lowering data cost, low energy consumption etc. It is expected to be 50 billion connected devices by 2025 with a total of 100 billion connections in public utilities, transportation, manufacturing, healthcare, finance, agriculture, personal and domestic devices, and in other industries. Corporate security has been one of the early adopters of IoT. Corporate security in the age of IoT The greatest challenge to corporate security during the past decade has been cybercrime – primarily distributed-denial-of-service (DDoS), malware, ransomware and data breach/ theft. Ransomware damage costs exceeded $5 billion in 2017 alone, 15 times the cost in 2015. It has been qualified that cybercrime costed the world $3 trillion in 2015, and that this figure would increase to $6 trillion annually by 2021 with a major attack vector being targeting to IoT. Gartner has predicted that by 2020, approximately 25% of all attacks on enterprises will target IoT. Accordingly, global spending on cybersecurity products and services are predicted to exceed $1 trillion cumulatively over 2017 to 2021, with a 12-15 percent year-over-year cybersecurity market growth through 2021. This may, however, not suffice to protect the new way of life through IoT. Mitigating vulnerabilities of IoT A typical IoT architecture is depicted below. It is easy to infer that each stage or layer of the architecture can be exploited by nefarious-intentioned attackers. Vulnerabilities could cause, for example, an attacker taking control of a visitor management system, or disrupting a supply chain, locking down a manufacturing facility, or shutting down a critical utility of a city or campus, or even scarier scenarios. Mitigating the principal technical vulnerabilities would entail the following: Strengthen the network: Protection and security of the network connecting IoT devices to back-end systems on the internet is critical. However, IoT network security is more challenging than traditional network security as there is a wider range of communication protocols, standards and device capabilities – all of which pose significant issues and increased complexity. Key capabilities would include traditional endpoint security features such as anti-virus, anti-malware, firewalls, and intrusion prevention and detection systems. IoT device authentication: Unlike regular enterprise networks where the authentication process involves a human entering an access credential, most IoT authentication scenarios (such as embedded sensors) are machine-to-machine based, without any human intervention. Therefore, designers/ users must have the ability to authenticate an IoT device including managing multiple users of a single device (such as a connected car), ranging from simple static password/ Pins to multi-factor authentication, digital certificates, biometrics etc. Encryption key life-cycle management: Encrypting data at rest and in transit between IoT edge devices and back-end systems using standard cryptographic algorithms help maintain data integrity and prevent data sniffing by hackers. The wide range of IoT devices and hardware profiles limits standard encryption processes and protocols. Further, all IoT encryption must be accompanied by equivalent full encryption key lifecycle management processes, since poor key management will reduce overall security. Robust IoT PKI: The hardware specs for IoT devices manufactured by different OEMs may limit or prevent their ability to utilize public key infrastructure (PKI). Notwithstanding, digital certificate, and cryptographic key, and life-cycle capabilities including public/ private key generation, distribution, management and revocation are essential. Towards this, digital certificates could be securely loaded onto IoT devices at the time of manufacturing, and then activated/ enabled by third-party PKI software suites. Alternately, the certificates could be installed post manufacture. AI, ML in IoT: IoT security analytics will increasingly be required to detect IoT-specific attacks and intrusions that are not identified by traditional network security solutions such as firewalls. Here, machine learning, artificial intelligence and big data could provide predictive modelling and anomaly detection while collecting, aggregating, monitoring and normalizing data from IoT devices so as to provide actionable alerts on specific activities, or when activities fall outside established policies. API security: API security will be essential for protecting the integrity of data transiting between edge devices and back-end systems to ensure that only authorized devices, developers and apps are communicating with APIs, as well as for detecting potential threats and attacks against specific APIs. Looking ahead More devices are being IoT enabled – means more complex is the IoT ecosystem. Further, more data is being collected…

NICE Actimize’s next-generation SURVEIL-X solution fundamentally changes surveillance detection to help FSOs detect all forms of risky behavior and better comply with global regulations. Traditional surveillance technology is adept at detecting obvious market abuse, but it doesn’t commonly address the ‘unknowns.’ That’s why regulators around the globe are adopting next generation surveillance technology in growing numbers, and advising financial services organizations (FSOs) to do the same. To meet this demand, NICE Actimize has introduced SURVEIL-X, the industry’s first AI-powered, cloud-native, true holistic trade-related surveillance solution that detects all forms of risky behavior to ensure compliance with key global regulations including MIFID II, Dodd-Frank, Regulation Best Interest and others, while also protecting FSOs from previously undetectable risks that could result in fines and reputational damage. NICE Actimize’s SURVEIL-X revolutionizes surveillance by providing complete surveillance coverage with both AI-powered and traditional expert rule-based analytics, and advanced visualization tools, all on a cloud-native platform that drives down total cost of ownership. Utilizing the latest AI technologies, SURVEIL-X uses a fundamentally different, advanced surveillance methodology, enabling for far greater and more comprehensive risk detection. Taking a situational approach to surveillance, SURVEIL-X intelligently discovers all facets around market manipulation actions, pieces them together without manual intervention and delivers a single alert to compliance for review to increase the probability of finding true risk and delivering clear understanding of the risk discovered. SURVEIL-X offers unparalleled risk coverage for buyand sell-side firms, insurance companies, crypto exchanges, regulators and more, by enabling accurate detection and rapid thorough investigation of market abuse, inappropriate sales practices, conduct risk and otherwise undetectable compliance risks to insulate firms from fines and reputational damage. Chris Wooten, Executive Vice President, NICE stated, “For financial services organizations, surveillance capabilities have become a compliance necessity for detecting known regulatory risks. The only problem is that risk is a moving target, and the things you don’t know or uncover can also hurt your firm. With SURVEIL-X’s complete surveillance coverage, AI-powered analytics and anomaly detection, and its other next-generation surveillance capabilities, FSOs can move out ahead of the curve and insulate themselves from reputational damage and fines.” Complete surveillance coverage Where much of the current surveillance technology is limited by its ability to generate an alert using only one data set (i.e., trades or eCommunications or voice communications), SURVEIL-X looks for connected actions across sources and generates a single alert with all the applicable data for compliance to review. This expands the surveillance detection capabilities far beyond what is typically available today. SURVEIL-X holistic surveillance removes data silos to provide comprehensive surveillance coverage for trade-related regulatory needs. It can connect to, ingest and analyze data from 150+ real-time data sources, including traditional market information, behavioral data derived from analytics, and various communication platforms. By analyzing surveillance data together in one platform, SURVEIL-X is redefining compliance processes to help FSOs cut through the clutter and identify true risks. X-Sight Cloud Platform-as-a-Service As a cloud-native solution powered by X-Sight, SURVEIL-X’s future-proof platform enables FSOs to benefit from faster deployment, reduced infrastructure, operational, training and maintenance costs, hassle free upgrades, seamless scalability, and improved resiliency and security – so they can stay a step ahead of new regulations. FSOs can also take advantage of the X-Sight marketplace, which lowers integration barriers and shortens time-to-use for dozens of integrated third-party solutions. AI-powered analytics Traditional surveillance methods that use lexicon, rules and threshold breaches may work for detecting obvious issues but are limiting. NICE Actimize SURVEIL-X takes detection to a whole new level by leveraging AI-powered analytics including machine learning, anomaly detection, smart classification, advanced speech and behavioral analytics, and Natural Language Understanding to reduce false positives by up to 90 percent. SURVEIL-X’s AI-powered analytics go far beyond looking at single events, formulas and simple thresholds, to analyze and correlate communications, trade and other data sources, so one can identify true risks and understand the intent behind actions taken. With traditional prescriptive detection methods that focus on known risks, regulated employees can easily fly below the radar or change their behavior to avert detection. SURVEIL-X’s anomaly detection uses unsupervised machine learning to bring attention to previously undetectable suspicious behaviors. Centralized case management with story visualization SURVEIL-X’s data-rich, visual alerting capabilities within NICE Actimize’s award-winning ActOne case manager provide a comprehensive graphical representation of any risk that is detected. This may include important details on why an alert was created, leveraging risk factors across communications, trades and more, demonstrating the content and context of the event as well as the conclusion as to why risk is inherent in the alert. All of this is shown within a detailed timeline of events so analysts can receive a detailed understanding of risk, and the full sequence of actions exactly as they happened.  

Traditional CCTV systems use a set of cameras and a local network to connect these cameras to a video management software. The video management system typically runs on a network video recorder (NVR) or a digital video recorder (DVR). The fundamental difference between the two – NVR records IP cameras while DVR records analog cameras connected via coaxial cables, hence a DVR system would not require a network but connect cameras to the DVR as point to point connections. In traditional CCTV system, monitoring is done by using a central monitoring system where human beings would watch multiple screens to make security-based decisions and take appropriate actions. With the technology advancement to IP, most of the earlier DVR systems have been replaced by NVR systems. This is because the IP cameras can be controlled remotely, and more importantly, they produce a digital video stream. The video stream could be in a raw or compressed form to save bandwidth as well asstorage space. Both network bandwidth and storage space are of premium significance and hence they need to be optimized for cost considerations. Analog video streams cannot be processed by software unless they are converted into a digital stream, and in the conversion process from analog to digital video, detail, color and resolution are lost from the original analog video stream. Many deployments use this technique to process video because it is cheaper than replacing the existing system with an IP system. This is a trade-off between cost and losing key video data that could have been otherwise processed accurately to build a superior video surveillance system. Any green field project should implement an IP system as the flexibility, long term costs and future scalability of the system are at stake. For the corporate business and high security installations such as nuclear power stations, hydro-electric power generators, airports, highway monitoring systems etc., an NVR based system is no longer an option because of its limited ability to scale. If the software processing engine is a server-based system then the scaling of the surveillance system is easily solved. A server gives one the option of building a custom solution based on the project requirements by including other surveillance and security software and hardware components besides cameras. These can be integrated into the VMS easily to build a comprehensive surveillance and security system. The other security components are access control systems, radar, signage, facial recognition, fire alarms etc. By now one must realize that an NVR based surveillance system is incapable of providing all the features to build a comprehensive surveillance and security system. Software components that make a comprehensive Actionable Video Intelligence System The following diagram illustrates the various security and surveillance components that are built around a central VMS software that runs on the main server. The key points to note are as follows: A central VMS component. A VMS that runs on a separate client-server. A VMS client software that runs on a separate client workstation. The above three components are well integrated with each other. An optional video analytics module that is tightly coupled with the main VMS, which analyzes each video frame from a camera and executes programmed video analytics. This constitutes the basis of actionable video intelligence (AVI). The ability to integrate other security software components into the main VMS software core. This is accomplished using application programming interfaces (API) and a software development kit (SDK). Popular video analytics algorithms Following is a capture of some popular video analytics algorithms: Motion detection Seamless integration of motion detection results available from cameras. Motion detection processing from application. Independent motion detection settings for every camera. ‘Motion detected’ and ‘No motion’ alarms to indicate start of motion and end of motion. Advanced motion detection algorithm with high accuracy and low resource utilization. ● Record on motion. Motion detection meta-data overlay on videos with configuration for overlay level – no overlay, only motion indicator, motion grids, full overlay. Option to exclude motion detection alarms from alarms database entries. Video analytics Video analytics on IR cameras and thermal cameras. Support for video analytics on PTZ cameras, while the camera is in ‘home’ position. Video analytics is automatically disabled when camera moves from the home position and video analytics is automatically started when camera is moved back to home position. Seamless integration of video analytics module as video analytics is not a separate software application. No manual synchronization and maintenance is needed. Dedicated video analytics screen to display analyzed videos from multiple cameras, with analytics meta-data overlay.Quick access to video analytics settings for each camera. Independent video analytics settings for every camera. Easy to manage, tightly integrated simple user interface. Enhanced algorithms which need only few parameters to be configured to get good results from video analytics in most of the deployment situations. Advanced parameters are available to handle special situations. Local or remote processing of video analytics. Availability of wide range of standard analytics features. Intrusion detection Wrong direction movement detection. Line crossing/ trip-wire. Camera tamper/ scene change detection. Crowd detection Un-attended object detection. Queue length detection. Asset protection. Loitering detection. Tailgating detection. Object stopped detection. People counting, Vehicles counting. Object trace/ travel path. Object speed calculation. Digital auto-tracking. Vibration removal. Flexible architecture to quickly support customized video analytics features. Option of project specific combined analytics on data generated by multiple external devices and video streams. Option to use 3rd party video analytics libraries using their SDKs. VMS integration techniques There are several challenges when it comes to integrating several diverse security components with one another such as integrating several diverse software stacks e.g., ALPR, FR, PIDS (including radar/ thermal cameras), ACS, IVAS, VMS, and others. VMS integration needs following points to take into consideration such as: Assess integration cost Integration is an expensive and time-consuming process. Establish performance and functionality metrics for all vendors. Establish due diligence process to assess impact to first deployment. Ensure seamless integration of all security components The integrated system should work seamlessly. No change to…