Category: White Paper
Maximizing the Value of Data Privacy Investments
Most organizations have invested, and continue to invest in people, processes, technology and policies to meet customer privacy requirements and avoid significant fines and other penalties. In addition, data breaches continue to expose the personal information of millions of people, and therefore organizations are concerned about the products they buy, services they use, people they employ, and with whom they partner and generally do business with. As a result, customers are asking more questions during the buying cycle about how their data is captured, used, transferred, shared, stored, and destroyed. In last year’s study (Cisco 2018 Privacy Maturity Benchmark Study), Cisco introduced data and insights regarding how these privacy concerns were negatively impacting the buying cycle and timelines. This year’s research updates those findings and explores the benefits associated with privacy investment. Cisco’s Data Privacy Benchmark Study utilizes data from Cisco’s Annual Cybersecurity Benchmark Study, a double blind survey completed by more than 3200 security professionals in 18 countries and across all major industries and geographic regions. Many of the privacy specific questions were addressed to more than 2900 respondents who were familiar with the privacy processes at their organizations. Participants were asked about their readiness for GDPR, any delays in the sales cycle due to customer data privacy concerns, losses from data breaches, and their current practices related to maximizing the value of their data. The findings from this study provide strong evidence that organizations are benefitting from their privacy investments beyond compliance. Organizations that are ready for GDPR are experiencing shorter delays in their sales cycle related to customers’ data privacy concerns than those that are not ready for GDPR. GDPR ready organizations have also experienced fewer data breaches, and when breaches have occurred, fewer records were impacted and system downtime was shorter. As a result, the total cost of data breaches was less than what organizations not ready for GDPR experienced. Even though companies have focused their efforts on meeting privacy regulations and requirements, nearly all companies say they are receiving other business benefits from these investments beyond compliance. These privacy-related benefits are providing competitive advantages to organizations, and this study can help guide investment decisions as organizations work to mature their privacy processes. The Results GDPR readiness Among all respondents in the Data Privacy Benchmark Study, 59% indicated that they are meeting all or most of GDPR’s requirements today. Another 29% said they expect to be GDPR ready within a year, leaving 9% who said it would take more than a year to get ready. While GDPR applies to businesses located in the EU or to the processing of personal data collected about individuals located in the EU, it is interesting that only 3% of the respondents in our global survey indicated that they did not believe GDPR applied to their organization. By country, the level of GDPR readiness ranged from 42% to 76%. Not surprisingly, the European countries in the survey (Spain, Italy, UK, France, Germany) were generally on the higher end of the range. Respondents were asked to identify the most significant challenges their organizations faced in getting ready for GDPR. The top responses were data security, internal training, evolving regulations, and privacy by design requirements. Sales delays due to privacy Respondents were asked whether they are experiencing delays in their sales cycles due to customers’ data privacy concerns. 87% of respondents said they do have sales delays, whether from existing customers or prospects. This is significantly higher than the 66% of respondents who reported sales delays in last year’s survey and is likely due to the increased awareness of the importance of data privacy, GDPR becoming enforceable, and the emergence of other privacy laws and requirements. Data privacy has become a board-level issue for many organizations, and customers are making sure their vendors and business partners have adequate answers to their privacy concerns before doing business together. When asked about the length of the delay, the estimates varied widely. The average delay for sales to existing customers was 3.9 weeks, and over 94% of organizations reported delays between 0 and 10 weeks. Nonetheless, there were some organizations reporting delays up to 25 to 50 weeks or more. Note that the average delay for sales to prospects was 4.7 weeks, perhaps reflecting the longer timeframes needed to adequately address privacy concerns in a new potential customer relationship. These average delays for both existing customers and prospects are significantly shorter than the average of 7.8 weeks reported in last year’s survey, perhaps reflecting the fact that firms have become better equipped over the last year to answer customer’s privacy concerns. By country, the distribution of sales delays for existing customers ranged from 2.2 weeks to 5.5 weeks. Longer delays can usually be found where privacy requirements are high or in a state of transition, as organizations work to adapt to the concerns raised by their customers. Sales delays, at a minimum, cause revenue to be deferred for some period of time. This can lead to missed revenue targets, impacting compensation, funding decisions, and investor relations. In addition, delayed sales can often turn into lost sales, for instance, when delays cause a potential customer to buy a competitor’s product or not buy the product or service at all. Respondents were also asked to identify the reasons for any privacy-related sales delays at their organizations. The top responses included the need to investigate specific customer requests, translating privacy information into the customer’s language, educating the customer about the company’s privacy practices or processes, or having to redesign the product to meet the customer’s privacy requirements. Business benefits of privacy investments Organizations that have invested in getting ready for GDPR have done so primarily to avoid the significant fines and other penalties associated with not meeting the regulation. However, as the research indicates, there are other significant business benefits associated with these privacy investments. In looking at the sales delays due to privacy issues, the average delay for selling to existing customers was 3.9 weeks. However, those…
India Risk Review 2019
Security needs collaboration at individual, organizational, industrial, national and global levels. Networking and knowledge sharing are the key drivers for mitigating challenges in today’s security environment. India faces varied business risks – from public protests to floods, causing damage to life, property and businesses. In 2018, protests and civil unrests saw a wave of new-age student protests, populist issues protests, unrest against private organizations and even identity-based violence. Vigilante violence aimed at religious minorities and marginalized communities allegedly carried out by right-wing groups became an increasing threat in India in 2018. In addition to civil unrests, natural disasters led to severe destruction of infrastructure and life in 2018. Reportedly, close to 600 people were killed in Kerala and Assam after the floods in 2018. The country also witnessed instances of high air pollution, cloudbursts, and landslides in several states. Weather phenomena like dust storms, floods and multiple flight cancellations due to dense fog have led to concerns over the infrastructural ability of the country to handle natural disasters. 2019 will be critical for security professionals due to the Lok Sabha elections scheduled to be held in the months of April-May. As we move into 2019, security professionals are likely to face dynamic and more evolving security threats worldwide. Terrorism and geopolitical stress, along with other traditional security threats, will remain an area of concern along with non-traditional threats in both the physical and cyber realms. Overall business climate for 2019 India’s economic growth has progressed in the last two years. This can be attributed to numerous reforms adopted by the government making India the world’s fastest growing economy, accounting for about 15% of the global growth in 2018. With the implementation of the Goods and Services Tax (GST), and with an increasing amount of investments by the Foreign Direct Investment (FDI), the International Monetary Fund (IMF) has predicted a growth rate of over 7.5% post-March 2019. Along with this rise, India was also ranked higher in the Ease of Doing Business (EoDB) ranking, and the third largest start-up base in the world with over 4,750 technology start-ups. With respect to banking operations in the country, the central government along with the Reserve Bank of India (RBI), has taken major steps to improve the banks’ recognition of bad assets and to recapitalize public sector banks. The Government of India has also decided to invest INR 2.11 trillion (USD 32.9 billion) to recapitalise public sector banks over the next two years. In 2019, two initiatives driven by the Centre namely the ‘Make in India’ and ‘Digital India’ would be playing a pivotal role in India’s economic growth. Under the Make in India initiative, the Indian government is aiming to accelerate the growth rate to 25% of the gross domestic product (GDP) from the current 17%. Under the regulatory framework, all Indian states are on reform and fast growth trajectory, creating favourable conditions for investments and a benign supportive regulatory framework. For achieving these goals, businesses in India are likely to face major hurdles from all the sectors, and India will also have to work strategically to meet the fiscal deficit target for the year. Top business risks Economic Risks Strong economic growth in a few countries has created an imbalance for the emerging markets and has put pressure on their currencies. India has been no exception to this trend with the rupee coming under economic stress and the crude oil bill on the rise. The country’s current account deficit is widening and it is expected to continue growing larger over the next few months. Meanwhile, India has made progress in the Ease of Doing Business (EoDB) index and the skill development sector. India’s world-beating economic growth is running up against some big risks like high oil prices, emerging market stress as the era of easy money draws to a close, and policy paralysis in the run-up to the 2019 general election. However, the economist intelligence unit forecasts India’s growth to be at 7.4%, throughout 2019. The next government will take charge in a less than ideal economic environment and will have significant challenges to take the economy back into the stable zone, let alone a double-digit growth rate. The Indian economy is at an interesting stage. In the last few years, structural reforms like GST implementation, demonetisation, insolvency laws, auctioning of public resources, digitisation, expansion of the tax base have created short-term pains in terms of disruptions and high compliance cost. The long-term benefits of these reforms are likely to accrue in 2019 and beyond. The Indian economy looks well-poised for 2019 with low inflation, fairly-valued rupee, under-control fiscal and current account deficits, and transparency in the banking system. Oil price movement will continue to play a crucial role in performance of the Indian economy. The forex reserves of the country at nearly USD400 billion also provides adequate buffer to external sector vulnerabilities. Environment Risks I n 2018, India witnessed a series of extreme weather phenomena like floods, dust storms, air pollution, cloudbursts and landslides in several states. The Global Climate Risk Index of 2018 ranks India as the 12th most vulnerable country in the world to climate change impacts. In 2018, Mumbai, Chennai, Kerala and Delhi-NCR witnessed heavy rainfall and waterlogging, which disrupted business operations. Floods also led to over a thousand fatalities in several states including Uttar Pradesh, Rajasthan, Assam, West Bengal, Kerala and Karnataka. Kerala witnessed one of the worst floods in South Asia in 2018, where over 1.4 million people took shelter in relief camps and there were close to 500 casualties. Due to the rise in temperature, dust storms were reported in multiple north Indian states. In 2019, the weather situation is likely to worsen due to global warming and drastically changing climatic conditions. Although, the United Nations backed fund has approved USD43.4 million for enhancing climate resilience for citizens in coastal states of Andhra Pradesh, Maharashtra and Odisha, India lacks the adequate implementation infrastructure. Rainfall, floods and dust storms are likely to continue into 2019…
The Top Trends of 2019
From the potential of 5G to the power of AI and more, our connected lives are being shaped by the growth of transformative technologies. Powerful on their own, these transformative technologies are now converging to change fundamentally how we interact with the world, how we do business, and even how we communicate with each other. As this convergence continues, formerly separate industries are intersecting in new ways, with new opportunities (and challenges) emerging. Evolution of transformative technologies: Market and technology capabilities continuously drive innovation Transformative technologies enable shifts in how enterprises function and how individuals live everyday life. As technologies become smarter and more sophisticated, and as markets evolve, transformation can begin in new industries. The rate at which we see these technologies take hold has grown rapidly in recent years. Major trends for 2019 Trend 1: Video Everywhere Video’s increasing ubiquity is forcing significant industry change as a growing number of players vie for consumer attention and revenue, and businesses adapt to cope with the rising demand. Driving forces for Video Everywhere trend include the rise of online offerings and platforms, including those from powerful new market entrants; increasing penetration of mobile connected devices capable of capturing and displaying video; advances in network and transmission technologies for sharing it; and the resultant explosion of user-generated content and social video. The trend affects not only media sectors such as TV, home entertainment, social media and games, which are at its heart, but other industries including security, education and healthcare as well that are becoming increasingly reliant on video technology. However, the Video Everywhere trend poses certain challenges that need to be resolved. Infrastructure, network capacity, and user experience Challenge: Current generation network infrastructure is not equipped to support the rapid rise in video traffic. Solution: Next-generation network investment is essential for supporting a reliable, high-quality user experience for a mass user base. 5G will be transformative for video, introducing the massive mobile broadband that will enable streaming of professional video and user-generated content at scale. Content and monetization Challenge: Service providers, broadcasters and platforms competing for a share of video revenues need the right mix of quality content, an expensive commodity that can be difficult to effectively monetize for a good return on investment. Solution: Investment in programming, whether exclusive or acquired, should be proportionate to a video provider’s ambitions and serve clear strategic objectives. Content services, features, and video-specific network access can all be monetized to varying degrees, but video can also serve bigger-picture goals. For telcos and bigtech firms, in particular, it attracts users to a bundle of services that collectively drive revenue and EBIDTA growth and boost customer stickiness. Video should therefore be positioned as a primary tool for elevating the overall value proposition. Privacy and data protection Challenge: Increasing video capture in daily life – whether from smartphones, wearable devices, drones, or satellites – will result in more and more images of private citizens being gathered, stored, and potentially shared. Advances in artificial intelligence and machine learning, meanwhile, are enabling facial-recognition-based identification, potentially putting people’s privacy at risk. Solution: Governments and regulators must play a key role in protecting citizens, putting the appropriate policy, legislation, and tools in place to prevent breaches of privacy and data protection. Strategies of consolidated media and telco players to take shape in 2019 Fuelled in part by a fear of the threat posed by the likes of Netflix, Amazon, Google, Facebook, and Apple, a spate of significant M&A activity in the media and telecoms industries has seen key players merge and expand. The impact of major deals involving AT&T and Time Warner, Disney and Fox, Vodafone and Liberty Global, and Comcast and Sky, respectively, will begin to become apparent in 2019, as the strategies of newly enlarged industry leaders take shape. Trend 2: The Edge The Edge broadly refers to processing traditionally performed in a cloud environment that is now being run closer to either the sensor data or the human-machine interface. It is changing the way networks are being deployed and devices are being built, plus enabling new revenue streams as compute resources are available closer to the end consumer. Driving forces for the Edge trend include – the top edge application is video content delivery; real-time or low er latency for time-critical workloads or safety applications; resiliency for situations where the network connection is not optimal or offline; data aggregation and the ability to filter in order to balance storage, networking, and compute; and security and privacy functionality centralized and enhanced – particularly in the IoT domain where end nodes might not be capable. The trend affects service providers, cloud providers, and IoT companies that are particularly centered in the edge discussion. The edge also impacts the entire value chain from semiconductor providers through OEMs to segments like media, security and gaming. The evolution of edge The emerging edge is a new and powerful set of locations for handling applications, and the edge can be anywhere. For example, a connected car is an edge on wheels. With so many target locations possible, some edge solutions will be built to handle less data for fewer users while others will be large and handle massive datasets for many users, including data centers distributed around a metropolitan area. New low-power, specialized chips will power edge devices, and while many people equate the edge with 5G, the edge and edge apps exist today, yet there have been very few 5G deployments to date. As the IoT universe expands to include more devices – some 20 billion units, according to IHS Markit estimates – the sheer scale of data generated in the future will render the current paradigm of a centralized cloud untenable. IoT edge processing saves upstream traffic and bandwidth by turning huge amounts of raw data into immediately usable decisions and directives to feed back to objects and devices downstream, and a much reduced and refined set of data to send upstream to data lakes and other decision-making systems. Barriers…
Digital Policing Smart Policing for Public Safety
Law enforcement and intelligence agencies are always facing complex and constantly evolving crimes and incidents, which are multi-channel, having dynamic data sources from which evidences are acquired. New technologies give rise to new crimes. Crime and criminal activities are getting advanced day by day, creating an urgent and constant need to upgrade the existing ways of policing. To decrease the rate of crime, to increase the rate of response and to improve the investigation, countries around the world have started moving towards the adoption of digital technologies such as mobile workforce, data collation, data analysis and multiple interaction channels for citizens. Advancement of crime & criminal activities is increasing day by day which has led to an imperative need to upgrade the ways of old-school policing. Traditional methods of policing are now being replaced by smart policing methods. To decrease the rate of crime and increase the rate of response and investigation, countries around the world have started moving towards the adoption of digital technologies in law enforcement. These introductions of technologies and smart policing will allow the law enforcement agencies to proactively tackle the anti-social elements which are looking to harm the serenity of the society. Technologies such as artificial intelligence, predictive analytics, robotics, facial recognition, intelligent traffic management, information systems and databases, machine learning etc., are being utilized to provide an edge to our current policing solutions. These technologies will help our law enforcement agencies to tackle the crimes & criminals on the frontline as well as in providing swift response to any form of emergencies. -Uday Kumar Verma Secretary General, ASSOCHAM Across the world, cities that have been able to successfully adopt digital methods of policing have been consistent on the three key pillars of adopting digital policing – Collaboration, Training and Investment. Collaboration Not only internally but also with external agencies and service providers, collaboration is one of the most important step towards improved policing. Globally, law enforcement agencies are collaborating with new technology providers and are assisting them in developing a user-friendly solution for the agency. For instance, around 18 police departments in UK have been assisting one of the leading global companies to develop the mobile platform for police department. The same desktop experience has now been transferred on Android making processes faster and easier for police personnel. Public law and order is very essential to ensure the safety of citizens. India’s policing sector has significantly improved by the adoption of new technologies and digitization of internal processes. The government’s proactive approach to accelerate the adoption of new technologies is transforming the way traditional methods of policing work. ‘S.M.A.R.T’ Policing is experiencing great progress in shaping a better India. At State level, there is a very positive outlook towards the new age policing adoption. Delhi, Kerala, Gujarat and Punjab are some of the areas where the adoption of technologies has been significant. Globally, NEC has a vast experience in displaying capabilities in advanced technologies and solutions such as biometrics (face recognition, finger print, iris, etc.), video analytics and big data analytics, providing faster and one of the most accurate capabilities in handling poor quality images and videos. NEC Technologies India Private Limited (NECTI) has been collaborating successfully as the knowledge partner with Associated Chambers of Commerce of India (ASSOCHAM) since more than two years now. NECTI is delighted to present the knowledge report for the National Seminar cum Expo on Digital Policing. -Anil Gupta Chairman, NEC Technologies India Private Limited Training Every police officer and member of police staff involved directly with the public should be capable to respond to crimes with digital solutions. Hence, bringing such skillsets to every police offer requires essential training. One such case was adopted for 43 Home Officers in England and Wales, wherein College of Policing and the Metropolitan Police Service collaborated to provide cyber-crime training course. Investment Governments across the world are investing significant amount of sums in integrating digital technologies to extend their readiness with regards to digital policing. For example, UK government is providing Euro 100 million towards the transformation of British police forces via ‘The Police Transformation Fund.’ The fund will be used towards tackling cybercrimes and forensics. INDIAN SCENARIO India is at the advent of digitizing traditional services in numerous sectors ranging from healthcare to public safety. Continuing this positive outlook towards modernization, Honorable Prime Minister Narendra Modi, in 2014, devised a new term called ‘S.M.A.R.T’ policing, which means Strict and Sensitive, Modern and Mobile, Alert and Accountable, Reliable and Responsive, Tech-savvy and Trained policing. There have been a number developments in similar initiatives launched at national level which constantly aim to improve the state of digital policing in India. The following are the major Nationwide initiatives by the Indian government: National Intelligence Grid (NATGRID) • Ministry of Home Affairs • Budget Allocated: INR 1002.97 Cr NATGRID has been developed to leverage IT to connect approved law enforcement agencies with designated data provider in order to enhance India’s counter terrorism capability. An amount of INR 346.05 Cr. has been sanctioned for the construction of NATGRID facilities such as data centers and business continuity planning (BCP), and it is expected that NATGRID will develop the integrated database available to specialized forces of all states. NIRBHAYA FUND • Ministry of Women and Child Development • Budget Allocated: INR 2,919.55 Cr. In view of the violence against women and girls which impedes women empowerment by restricting their mobility and is therefore recognized as women rights violation, the Government has set up Nirbhaya Fund. The Fund is aimed to be utilized for projects for women security and safety like surveillance, mapping, street lighting, safer public transport, improved policing etc. Municipal Corporations and Police Commissionerate of the respective cities are working to bring forth a development plan for each city. The government has chosen 8 major cities namely Mumbai, Ahmedabad, Bengaluru, Lucknow, Delhi, Chennai, Kolkata and Hyderabad for the development of infrastructure and to make the cities safer for women. DIGITAL POLICE PORTAL • Ministry of Home…
Make Your Network Edge Intelligent and Meet Tomorrow’s Needs Today
In the new digital business reality, the network edge has never been more important. Often overlooked, the network edge is the cornerstone that determines whether digital success is realized or lost. Today the network is critical in enabling change in virtually all organizations as they take their digital transformation journey. This journey will help organizations innovate faster, reduce cost and complexity, and lower risk. It translates into the ability to increase agility, improve employee productivity, better engage with customers, and protect key intellectual property and assets. The network edge is sometimes deployed with the belief that all network solutions are essentially the same. This isn’t true, because new digital business requires vast intelligence at the edge. Cisco delivers solutions and strategic functionality to achieve business success. We deliver a new network architecture that starts with the end user and continues to where applications are hosted, with a focus on: Enabling faster innovation through better experiences and highly granular insights across users, devices, applications and threats. Lowering cost and complexity to simply establish policy and manage change at scale while reducing hardware and software churn across wired, wireless, and WAN. Reducing risk with complete threat visibility and protection for internal and external risks across wired, wireless, and WAN. The network edge has a pivotal role to play in this transformation and carries perhaps the broadest set of responsibilities when compared to the core and to data center networks. As shown in Figure 1, when comparing the various layers of the network, the network edge has a broad responsibility in the campus. This is also true for the branch. The Role of the Network Edge Digital transformation makes the network edge more important than ever before. Consider everything that happens at the edge of the network: It’s the first line of defense The edge is where policy is applied and validated, without limiting your ability to access the things you need. If access is not properly managed, then your business can be susceptible to infiltration or threat proliferation, and the criticality grows as the threat landscape increases. The device, firmware, and even the operating system are all points of compromise. It’s the conduit that delivers heavily invested applications The network edge is where prioritization occurs. A poor experience at the edge will slow application adoption, reducing return on investment. It’s a strategic gateway to the widely distributed organizations to connect Providing a seamless experience to your employees, partners, and customers – wherever they happen to be – is most important. A second-class network will deliver deviating levels of services to key audiences. It is the bridge between the organization and their customers If you’re a part of a retail or hospitality business, subpar access will stunt your ability to connect with customers on a personal level and negatively impact your brand. It is built to power and support growing IoT device demands The network edge adapts the physical environment by moving virtually all industries into the digital age by improving operations and lowering costs. Without the right functionality at the edge, organizations can be left behind in terms of cost reduction and operational efficiencies. It is the optimal place to understand what is happening with the business In a distributed network, only the edge sees all the data traffic, by harvesting data and analytics from the edge. Data about users, applications, devices, and threats businesses can derive insights that truly help in making better decisions to support employees, reduce risk and cost, and deliver information to the targeted audience. Without the right level of consistent granularity, this data becomes skewed and untrusted. Is Commoditization of the Edge a Good Thing? Many organizations are being tasked with becoming digital-first to deliver faster innovation, better experience, and higher security. However, refreshing the network to meet these demands is a daunting task because the network foundation established today will need to support the business in the coming years. Choosing a networking vendor is a critical decision that will dictate whether you keep innovating and saying yes to the business or slow down while struggling with poor capabilities. With digital transformation, no one really knows what the future holds, but one thing is clear – the demand on your network will grow exponentially. Whether it’s IoT, the cloud, sophisticated security threats, or even augmented reality, digital transformation will change how you operate and serve the business. What is good enough today, will not be acceptable in the near future – and it all starts with the network. You have to innovate faster, reduce cost and complexity, and control risk. Organizations that are truly digital ready know that as they drive toward these changes they can’t compromise on what matters. What is the Risk? It takes only one bad experience to render your latest innovation useless I nside your business, it’s all about innovation. But at the edge, where your apps meet the real world and where new IoT devices will drive fundamental business change, inconsistent connectivity and slow performance could turn off users for good. This affects device performance and cuts off the insights you need to stay competitive. With Cisco, insight is in your DNA – not only insight into the network that improves performance, but also real-time consumer insights that create more personalized experiences. It takes only one ‘no’ to ruin your reputation Your world is moving fast, and if you can’t keep up you will be discarded, essentially making you a fourth utility. Adding to this complexity is that resources and budgets are slim. Configuring and reconfiguring your network branch by branch and device by device can turn a ‘simple’ update into a TCO sinkhole. With Cisco, automation is in your DNA. This allows you to automate and manage your entire network – wired or wireless at your campus, through the WAN, and in your branches – as a single entity from a single place. It takes only one incident to become everyone’s problem We don’t need to tell you what network…
The Proxim Advantage Video Security via Wireless
Wide operating temperature range Security is not just a concern in temperate climates. The Middle East with day time temperatures reaching 50°C, and other areas such as Russia or Canada going as low as -40 degrees C, the wireless network has to be able to survive these brutal temperature ranges. Tsunami® products are rated for -40 to +60 degrees C operation. For those environments that are more temperate there are version of Tsunami® that support -30 to 55°C temperature ranges. Beyond these core, fundamental requirements for any wireless network carrying mission critical video traffic Proxim offers additional support. Small form factor Video camera deployments are meant in most cases to be unobtrusive, able to blend into existing surroundings. The Tsunami® 800 series of products offer a unit that is only 4.96×8.62×2.58 in (126×219 x 65.5 mm) in dimensions, and includes an integrated antenna to limit the overall subscriber unit profile. PoE out Given that for every subscriber unit there will be a camera attached, Proxim offers a second PoE port on the subscriber units that can deliver up to 25 watts of power to third party devices such as video cameras. This feature means deploying the camera does not require additional cable runs, the camera is plugged into the Tsunami® unit for both power and connectivity. Wireless video case studies Proxim has been delivering to customers high end, carrier class Tsunami® systems for many years. Video security has always been a major application for the Tsunami® line given how it meets and exceeds the demanding feature a specification set required by the video security application. A select group of typical deployments are described here. Dubai Investment Park Spread over 2300 hectares, Dubai Investments Park required a high-speed, cost-effective network to enable video security for intrusion detection and monitoring purposes. Over 40HD closed-circuit television (CCTV) cameras, 6 fixed ALPR cameras and automatic license plate recognition were deployed. The Proxim Tsunami® MP-8200 solution was installed across the residential zone of the park aggregating live feeds to a central monitoring station. The result: The video surveillance network covers over 25% of the entire park area and required 15 days to perform the whole installation. Allentown PA As part of the city’s re-vitalization project, Allentown, PA – USA deployed security cameras to capture license plates at significant distances at night as well as monitor critical locations around the clock. The video solution they chose used high definition PTZ cameras requiring 4Mbps of continuous bandwidth per camera. The local integrator, Communication Systems Inc (CSi), installed more than 300 Sony cameras, 175 of which are connected using wireless. Tsunami® was used as the wireless network component for Allentown. The result: The citywide surveillance network helped reduce crime by 20%. Statue of Liberty When Hurricane Sandy hit the greater Metro New York area, one of the areas hardest hit was the island in the middle of the harbor with the Statue of Liberty. As part of the renovation following the devastation, the Statue surveillance and security system needed to migrate from analog CCTV to the latest in digital video technology. The Park decided to deploy 160 IP cameras with HD resolution. The cameras had the ability to operate in extreme low light, with an undistorted 200 degree FOV and operated at 6 megapixel resolution. The result: The entire park/ island is now covered with HD video surveillance using Proxim Tsunami® radios as the network backbone. Tenerife Spain tram In Tenerife Spain they have a tram used for local mass transportation. The requirement was to provide complete CCTV coverage at speeds up to 100Km/h along 80Km of winding track which goes through the city and through tunnels. Proxim Tsunami® BSUs were deployed along the track in the proper locations and multiple SU’s were deployed in each train to backhaul each camera and provide 4Mbps of continuous connectivity. The result: The Tenerife Tram surveillance solution team was able to effortlessly and quickly deploy the surveillance cameras on board the moving trams and backhaul the video traffic using Proxim’s wireless mobility solution. The resultant network cost-effectively delivered connectivity along the track and within the tram, with the entire network being managed with Proxim’s ProximVision Advanced system. Summary Video security is increasingly becoming a fact of life. Places like downtown London have 100% coverage and many cities such as New York are moving in that direction. It is clear that to protect and monitor public domains such as sidewalks, parks, transportation systems, and the like, a wireless network will be part of the solution. Of critical import in selecting the mission-critical wireless network system, are the abilities of the system to survive the harsh environment both physical and radio frequency, provide guaranteed QoS via WORP® over a secured connection, and be able to deliver high bandwidth connectivity not just to light poles but on moving platforms as well. Proxim’s FastConnect™ is the best and possibly the only cost effective QoS assured mobility solution available. For a mission critical applications such as video security, when performance matters Proxim delivers. 1 || 2 || 3 || 4 || NEXT-> || ALL
Survey Highlights Needs for Intelligent Video Surveillance Solutions
Pelco by Schneider Electric recently surveyed 489 end-users within the surveillance industry about their surveillance needs and where they see the industry headed. The survey analyzed how end-users view their current surveillance systems and the expectations they have for emerging technologies. Key findings The study revealed significant and valuable insights into the current state of the video surveillance market, and how users rate their existing systems and market offerings in terms of meeting their business needs. Here are five of the top findings of the study: One-third of end-users believe that integration between disparate systems is their most significant security challenge today. Forty-four percent of end-users believe their current surveillance technology isn’t sufficient for 2020. One in every three end-users thinks artificial intelligence will make the most significant impact on the surveillance industry by 2020. Sixty-four percent of end-users plan to prioritize predictive analytics in the next few years. Over half of those surveyed say they use their surveillance system to meet current business challenges, but haven’t seen it reach its full potential. Many surveillance systems aren’t meeting current needs While parts of the security market may develop over a more extended period, the technology of video surveillance has been rapidly changing for at least the last ten years and shows no indication of slowing down. These technical advances mean that new capabilities are regularly introduced into the market to improve overall system performance and/or to provide specific solutions to current surveillance challenges. For this discussion, we will consider systems that have been installed within the last five years using the avaliable technology at the time of installation to be ‘current,’ while knowing that even within the most recent two years many new features and functionalities have become available. Systems installed more than five years ago may continue to function and meet some business purposes, but due to this rapid rate of enhancements, they can no longer be considered current. Half of surveillance systems are out of date By this measure, the survey reveals that half (49%) of existing surveillance system installations are functionally out of date because they were installed more than five years ago. A significant portion of these (19% of the total) were installed more than ten years ago – a lifetime in terms of available camera technology. The quick pace of technology systems is evident in security managers concerns. Of the respondents, 33% reported that their biggest technology challenge is their equipment becoming outdated. The fraction was higher for users with older systems, installed 10 or more years ago, at 44%. The next biggest technology challenge was integrating surveillance cameras with the rest of the security systems, reported by 29% of respondents (slightly higher for respondents with newer systems – 33%). Other technical challenges lagged behind these two. Integration remains a broad challenge Respondents gave a clear message when they were asked to identify their biggest security challenge – the top answer at 34% was ‘integration between disparate systems,’ and this concern was consistent across all end-user categories. This answer is interesting because the concept of integrating security systems is somewhat new. In the past, an organization’s video surveillance system stood apart from the access control system, parking lot gates, time and attendance system, and others. As these systems have undergone technology improvements, and the data and intelligence of these systems become more available for integration using internal networks as well as cloud-based services, the potential for integration has emerged and increased. The high recognition of this potential and its characterization as a challenge indicates a high market readiness for improved integration techniques, products and services. Surveillance trends for 2020 While it is always a challenge to predict the future, budget cycles and organizational planning do encourage security managers to think about how to prepare for the future. Part of that process is evaluating current and emerging technologies to determine which are most likely to address future challenges. Given the high change rate of technology mentioned earlier, it is not surprising that more than two-thirds of the study respondents (68%) are not convinced that their current security technology will be sufficient to address their needs in 2020, which is barely two years away. Users want predictive analytics One thing the end-user respondents are sure about the future is that predictive analytics will be a priority. A full 64% reported they would be prioritizing these technologies going forward, and 35% said it would be a high priority. During the last year, panoramic cameras and predictive analytics were the top two security trend topics that caught the attention of end-user respondents – with 50% and 38% respectively. Other topics caught the attention of 29% or fewer respondents. IoT and AI moving mainstream Study respondents also think that some emerging technologies that were not explicitly designed for security will nonetheless become relevant to the security market shortly. In particular, 54% of the end-users believe that the Internet of Things, or IoT, will be mainstream surveillance technology by 2020, and one third (33%) say that Artificial Intelligence, or AI, will make the most significant impact on the surveillance industry by 2020. Close behind, 32% say automation will make the most significant impact. Together, these results again indicate a willingness on the part of end-user respondents to accept and incorporate emerging technologies into their security programs, and they are optimistic about the development, testing and deployment timetables. Surveillance: More than security Security end-users have heard and understood stories about companies using video surveillance footage for additional business purposes. For example, it’s known that national retailers use video cameras in their stores not only to combat theft and fraud but also to gauge the effectiveness of marketing programs and in-store product displays. Respondents in this study appear to have incorporated these ideas into their security system expectations, even if the results haven’t come as of yet. Security end-users have heard and understood stories about companies using video surveillance footage for additional business purposes. For example, it’s known that national retailers use…
Safe Cities: Collaborative Monitoring
Cities across the world are constantly changing and evolving faster than at any point in their history. They have become more congested, and criminal activities have soared leading to the destruction of public assets. Compounding the problems, terrorism has become a major concern that presents communities and neighbourhoods with new security problems. Faced with a wealth of challenges, which are often elusive, cities are expected to manage and control the change to allow their communities to have a standard of living that meets modern day expectations. The terror attacks around the world reveal that most attacks are highly precise and well-coordinated, and targeted at high footfall areas to create a psychological impact along with monetary losses. Most of the citizens today are well aware of the risks and are in a state of constant anxiety about their safety and security. Hence, public safety has emerged as an important function for governments across the world. Accordingly, the federal and state government departments responsible for internal affairs and homeland security continuously assess and monitor the internal security situation, issue appropriate advisories, share intelligence inputs, extend manpower support, and offer guidance and expertise to the state governments for the maintenance of security. This also helps in establishing infrastructure for safe cities by capitalising on features from the following distinct categories of surveillance systems: Citywide police surveillance using Internet protocol (IP) based cameras, and Citywide community surveillance including private and institutional surveillance for collaborative monitoring. While the first system is becoming a standard solution for implementation to achieve the safe city vision, the latter is also gaining momentum to involve citizens and private and public institutions in collaborative monitoring. The following sections elaborate on the concept of collaborative monitoring. “Today, cities face a wide range of threats, ranging from terrorism and civil unrest to kidnapping and murder. To reduce the impact of these threats, it is critical for the authorities to capture real-time information on what is happening in and around the city. Therefore, there is a growing requirement for utilising the new and emerging technologies to make our cities safer. Given this background, one of the most user-friendly technologies that can play a crucial role is the extensive use of closed-circuit television (CCTV) cameras, which play a vital part in ensuring day-to-day surveillance, crime prevention and monitoring of illegal or suspicious activities. In addition to close supervision, CCTV cameras allow post-incident analysis and collection of indisputable legal evidence. While the government and legal authorities are also encouraging both public entities/ groups and individuals to adopt such progressive technologies, mapping each and every nook and corner of a city without seeking the help of its people is impossible. This formed the basis of a unique community policing initiative called ‘collaborative monitoring.’ As the very phrase suggests, collaborative monitoring is a unique tool, wherein the security and law enforcement agency takes advantage of the extensive network of surveillance cameras deployed by communities across the city as well as the cameras of other private and government establishments on a need basis. It is an extremely prudent enabler for the police department, as while they strengthen their bond with the communities, they can use any information or footage gathered from these security cameras to support investigation and the prosecution of criminals. The advantage provided by leveraging the extensive network of external cameras ensures enhanced crime monitoring through a cost-effective, widespread and scalabe model” – Neel Ratan India Government Leader and Regional Managing Partner, North PwC India What is collaborative monitoring? A key enabler for a safe city is the aspect of collaborative monitoring. In cities, where every government and private establishment has realised the necessity to secure its infrastructure and establish surveillance, monitoring and incident response systems, it is important that the data gathered by these agencies is shared among them. In such cities, CCTV-based surveillance systems are being deployed by federal as well as state government agencies at places like bus stands, metros, railway stations, airports, and other critical infrastructure spots and public places. These collaborative monitoring systems can conveniently share their data in real time with security agencies of the city. Similarly, live feeds from CCTV systems deployed by private establishments such as malls, hospitals, business parks and entertainment houses can be provided to the security and law enforcement agencies, which can make effective use of the information. Leveraging the extensive network of external cameras ensures additional eyes are monitoring crime. In addition, the higher penetration of cameras helps in lowering costs. Why collaborative monitoring? In her famous work ‘Participation and Democratic Theory,’ Carole Pateman, the renowned political theorist, advocated a greater role for common people in democratic selfrule and argued that development projects are more effective when beneficiaries have a role in the way projects are chosen, planned, implemented and evaluated. Giving citizens a role in initiatives designed for their benefit is considered to be an ideal way to ensure the sustainability and success of any project. Many cities across the world have surveillance systems deployed by multiple public and private establishments. These cities are using the collaborative framework to receive video feeds from these systems to ensure real-time responses and as an invaluable source of crime detection and evidence for the law enforcement departments. For an instance, the British Security Industry Authority (BSIA) estimated that there are up to 4.9 million CCTV cameras in the UK including 7,50,000 in ‘sensitive locations’ such as schools, hospitals and care homes. This translates to one camera for every 14 people in the UK. The collaborative framework shall help to meet the following objectives: Safety and security. Improved responsiveness. Effective policing Improved management Ensuring safety and security in fragile settings remains the key objective of law enforcement agencies, in addition to crisis management during serious incidents. The strategic objectives include the following in the given table: PwC’s framework for collaborative monitoring The entire ecosystem of cameras available to law enforcement agencies becomes significant when in addition to the law enforcement cameras, these agencies also…
The Convergence of Physical & Logical Access
For many security professionals, recent high-profile data breaches have shifted attention to external cyber threats. Despite this newfound focus, the Institute for Critical Infrastructure Technology reports that more than half of all cybersecurity incidents can be traced to insiders with legitimate access to corporate facilities and networks. Another survey from the Ponemon Institute reveals that the majority of respondents are more concerned by outside threats than those that originate internally. While external threats are very real, working to confront internal vulnerabilities can prevent incidents from happening in the first place. By addressing both physical and logical access in a more unified approach, organizations can reduce their risk for a costly breach while also improving user experience and operational efficiency. This idea is frequently referred to by the industry buzzword of ‘convergence.’ From a technical standpoint, convergence is defined as “the merging of distinct technologies, industries, or devices into a unified whole.” In terms of access control, convergence can be viewed as “the merging of physical and logical access control technologies to provide a more unified and simplified approach to identity management.” “Convergence means a simplified approach,” said Sheila Loy, Director of Healthcare Industry, Identity and Access Management at HID Global, “That can mean many different things, but it’s essentially making it easier for the user to get both digital access and door access. That usually comes in the form of a card or a mobile device – something that can do both.” While the notion of convergence is nothing new, this approach to security is becoming an increasingly viable way to mitigate threats. To explore this further, ASIS International recently partnered with HID Global to survey security professionals regarding their experience and related plans on convergence projects. The data in this paper is based on the responses of 745 ASIS International members who have direct responsibilities in physical and/ or information security. The benefits of convergence: Improved user experience, operational efficiency and security Security administrators are looking for solutions that are easy, convenient and fast. By introducing solutions that better blend physical access control (PACS) with logical access control (LACS), organizations of all types will enjoy three key benefits including: 1) positive user experience, 2) enhanced administrative experience, and 3) improved security. Positive user experience Oftentimes, the weakest link in even the strongest of security systems lies within the end user. If interactions with security technologies are confusing or cumbersome, employees will take shortcuts that introduce unnecessary vulnerabilities. Converged PACS and LACS solutions help reduce this risk by boosting convenience, particularly by requiring employees to only carry one card or mobile device. This type of solution also eliminates the need to constantly refresh passwords. In today’s world, most end-users wear an ID badge to access facilities, which is a form factor they are accustomed to using. Even more, many employees either use a user name and password or a one-time password fob or token to access networks. While this approach may provide an additional layer of security, it is prohibitive in terms of convenience. Alternatively, providing a single form factor for both physical and logical access creates a more streamlined user experience, which ultimately increases user adoption to desired security policies. “Building occupants who have entitlements to both physical areas and logical applications will see an enhancement in their experience,” said Brandon Arcement, Director of Product Marketing at HID Global, “Convergence results in greater employee efficiency and a more pleasant work environment for building occupants. It’s easier for employees to carry one card or one mobile device to access both systems, rather than having to carry a card for the door as well as a fob for the computer or having to remember passwords.” In terms of logical or network access, one major pain point for end users is the need to remember and frequently reset their passwords. When ASIS International members were asked, “How access to network and logical applications is done today,” a resounding 85% of respondents indicated that they use a user name and password. 85% of respondents also indicate that they have an organizational policy regarding the creation of passwords such as requiring numbers or special characters. Not only is this inconvenient for users and administrators, it presents another common security risk – employees writing their passwords on notes left visible on their desk. Enhanced administrative experience Converged access control solutions provide an improved administrative experience. When survey respondents were asked to rank a series of benefits of PACS and LACS convergence, the top response was ‘easier to manage employee credentials,’ followed by ‘one card for multiple applications.’ These top responses reflect two key angles within an improved administrative experience. First, many applications used to manage credentials are now web-based with secure, simple access for administrators. This allows security teams to issue, modify, or revoke credentials away from the office or during off-hours. The second angle is the ability to deploy a converged ‘high value’ form factor that allows for multiple applications. For example, using one card for multiple uses reduces costs for additional or replacement cards, as well as reduces the time required to produce multiple credentials for individual applications. According to survey data, the value of leveraging smartcards for applications beyond physical access is more than theoretical – 73% of respondents agree that they have interest in using smart cards for applications beyond traditional physical access control. Finally, more converged access control solutions provide security administrators with more visibility into audit data. This makes achieving compliance easier, thus reducing the potential for associated fines and damaged reputations. Improved security The most important benefit of any technology is improved security. Innovative technologies for physical access include contact and contactless cards with encryption that adds additional layers of security upon entering doors, elevators or parking garages. Meanwhile, digital certificates loaded onto that same smart card can ensure trusted login to networks and applications, as well as encrypt e-mails and digitally sign documents. Converged solutions improve security in three key areas: Increased adoption rate of converged…
Security Considerations for Code Signing
Recent security-related incidents indicate the need for a secure software supply chain to protect software products (also referred to as code) during the development, build, distribution, and maintenance phases. Of particular concern is provisioning and updating software that plays a critical role in platform security. A wide range of software products including firmware, operating systems, mobile applications, and application container images must be distributed and updated in a secure and automatic way to prevent forgery and tampering. An effective and common method of protecting software is to apply a digital signature to the code. Digitally signing code provides both data integrity to prove that the code was not modified, and source authentication to identify who was in control of the code at the time it was signed. When the recipient verifies the signature, he is assured that the code came from the source that signed it, and that it has not been modified in transit. “NIST plans to develop further guidance to help organizations evaluating, deploying or managing code signing systems. The high-level recommendations described in this document are expected to form the basis for more detailed recommended practices for code signing” This white paper targets software developers and product vendors who are implementing a code signing system or reviewing the security of an existing system, with the goal of achieving improved security and customer confidence in code authenticity and integrity. System integrators and administrators who are concerned about the trustworthiness of the applications that are installed and run on their systems will learn the properties they should expect from a code signing solution to protect their software supply chain. This white paper describes features and architectural relationships of typical code signing solutions that are widely deployed today. It defines code signing use cases and identifies some security problems that can arise when applying code signing solutions to those use cases. Finally, it provides recommendations for avoiding those problems, and resources for more information. Properly applied, these recommendations will help to ensure that the software supply chain is resistant to attack. NIST plans to develop further guidance to help organizations evaluating, deploying or managing code signing systems. The high-level recommendations described in this document are expected to form the basis for more detailed recommended practices for code signing. The basics of code signing This section provides high-level technical details about how this process works. There are multiple roles in the process: developer, signer and verifier. Developer The developer is the entity responsible for writing, building, and/ or submitting the code that will be signed. This entity maintains a secure development environment, including the source code repository, and will submit code to the signer after it has completed the organization’s software development and testing processes. Signer The signer is the entity responsible for managing the keys used to sign software. This role may be performed by the same organization that developed or built the software, or by an independent party in a position to vouch for the source of the code. The signer generates the code signing private/ public key pair on a device that is sufficiently protected, as the security of this process relies upon the protection of the private key. In many cases, the signer then provides the public key to a certification authority (CA) through a certificate signing request. The CA will confirm the signer’s identity and provides a signed certificate that ties the signer to the provided public key. Anyone can use the public key associated with this certificate to validate the authenticity and integrity of code signed with this key pair. If no CA is used, the public key must instead be distributed using a trusted, out-of-band mechanism. The signer ensures through technical and procedural controls that only authorized code is signed. When code is submitted by developers for signing, the signer verifies their identities and their authority to request a signature. The signer may also take additional steps to verify the code is trustworthy. Ultimately, two or more trusted agents of the code signing system may be needed to approve the request and generate a digital signature. In some cases, the signed code may also be provided to a time stamp authority to indicate when the code was signed. Verifier The verifier is responsible for validating signatures on signed code. The verifier may be a software component provided by the same developer as the signed code (e.g., for a signed firmware update), or it may be a shared component provided by the platform (e.g., the operating system). Architectural components The code signing architecture is composed of a set of logical components that are responsible for different aspects of the code signing process. The code signing/ verifying architecture represented in Figure 1 potentially has four distinct components: the code signing system (CSS), the certification authority (CA), the time stamp authority (TSA), and the verifier(s). Code signing system (CSS) The first component, the CSS, receives code submitted for signing, authenticates and authorizes the submitter, and generates the signature. To generate these signatures the CSS has one or more private signing keys, which need to be carefully protected from extraction or unauthorized use. Certification authority (CA) Typically, a CSS utilizes a CA to enable authenticating the identities of signers. CAs issue certificates to signers in accordance with certificate policies, which specify the security controls and practices the CA follows when issuing certificates, and impose requirements on the subjects of the certificates. NIST Interagency Report 7924 is a reference certificate policy that specifies most of the requirements for a CA that issues code signing certificates. There are also industry groups such as the CA/ Browser Forum and the CA Security Council, that have published requirements documents for the issuance of code signing certificates. Time stamp authority (TSA) Some code signing architectures use a TSA to demonstrate when a particular piece of code was signed. When a TSA is used, signatures are sent to the TSA which applies its own signature and signing time to the package….