Security Business

JUL 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link:

Contents of this Issue


Page 102 of 108

S42 ACCESS CONTROL Trends And Technology | JULY/AUGUST 2019 With advanced AI and learning-based access control systems evolving in the market, Carter is confident the access control environment can now provide the missing link between data and pro-active analytics. He adds: “doing that has made the IT people interested because they see it now more as security information, not just physical control.” Security versus Convenience The vpnMentor team calculates after reviewing data going back as far as April of this year when The Pyramid Hotel Group’s servers were either being set up, reconfigured or subject to standard maintenance, indications are that the server was compromised and left open for attack. While records show that Pyramid Hotel Group was quick to rectify the vulnerability, the fact remains that the hospitality sector is not subjected to the same stringent regulatory cyber-risk pressures as others like finance and banking, and therefore may not be as proactive in their security approach. Security consultant, Distinguished Fellow at the Ponemon Institute and former CSO of Boston Scientific, Lynn Mattice, is vehement that breaches like this are not acceptable and can no longer be ignored. “With so many cyber breaches having occurred over the last decade and the extensive news coverage they have received, corporate leadership no longer can claim ignorance about their responsibilities relative to maintaining the security over their IT software, hardware and networks.” Mattice claims. “Failure to maintain effective security controls over the intellectual capital of their enterprises in today’s hyper-connected cyber world rises to the level of gross negligence and is a breach of the fiduciary responsibility of corporate executives and their boards of directors.” For Carter, the breach of the Pyramid Hotel Group and its impact on the access control system was the perfect storm. “There is always an exciting push out there to say, ‘I am using open-source systems, open source data’ - databases like the one that was used. It was improper configuration and procedural approaches to utilization of technology that was certainly at fault. But even with the technologies that are there, even if you create something that works, so to speak, as an open source that can be implemented and utilized, people that are creating that should, by default, put them in lockdown situations not open to the public,” admonishes Carter. “When you have a wide-open system, you lock down your perimeter and you work back from there. Then you determine who has procedural access to it, or physical access to it, or data access to it. I think so many locations start with wide open because they consider it to be convenient. When you do that and you walk away and you leave it that way, and you’re using a third party company to install it that might not be up to speed on the latest approaches to protect information, then this is the kind of the thing that can happen. The technology that they used is convenient. It is open. It is all those things, but it is not necessarily designed for the environment that they utilized it for.” About the Author: Steve Lasky is the Editorial Director of Endeavor’s SecurityInfoWatch Security Media, which includes print publications Security Technology Executive, Security Business, Locksmith Ledger Int’l, and the world’s most trafficked security web portal He is a 32-year veteran of the security industry and a 27-year member of ASIS. He can be reached at The hard truth is that many physical security departments rely on an IT department to protect hard data or information… YOUR #1 SECURITY MEDIA RESOURCE • Print • Digital • Mobile • Social Powered by, 1-800-547-7377 Ext. 2702

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Business - JUL 2019