Posts

Sound Intelligence from SPG Controls resonates with our European partners

Digital Audio Verification to manage Alarm Events

Another addition to SPG Control’s product line provides encrypted two-way VOIP data for alarm verification, intercom and public address. Our latest Audio Listen-In Module provides connectivity to our S1000 Smart Controller through an encrypted OSDP bus. Digital audio is then delivered from the S1000 over wifi, ethernet or 4G to our central ARCO software platform or via Industry standard protocols to commercial security monitoring stations.

Two leading French monitoring companies have just successfully completed testing of our digital audio products in anticipation of several new projects. ESI and Azuresoft have been working alongside our European distributor, JMP Controls, based in Paris. Pascal Creff, CEO, said, “I’m delighted with the new capability and industry-leading audio quality available from SPG Controls Audio Listen-In Module. I expect to be able to offer improved alarm management and risk reduction to my growing portfolio of customers.”

 

 

 

 

Up to 8 microphones and 8 speakers can be attached to an S1000. Audio playback is possible using SIP (IP telephony), RTP streams or can be sent direct-to-browser. Our technology remains compatible with any central station monitoring provider, with audio control possible via DTMF commands or through Industry-standard contact ID reverse commands. Audio feeds may be triggered by alarm events governed by our “rules engine,” pre-alarm audio is also available. Pre-recorded messages may be stored within the S1000 Smart Controller and can be enunciated when triggered by specific circumstances.

Contact us to learn more about how SPG Controls applies the science of sound to help your business.

How to Improve Mobile App Security

Mobile Application Security Improvement

Mobile App security issue

With the increasing popularity of Mobile Devices, almost everybody uses mobile applications, but hardly anyone thinks of their data security while using them! At the same time, when developing system applications, there’s a tendency to focus on Site security rather than on the Application. Security is taken for granted, relying on the backend, where there may also be vulnerabilities.
A poorly protected mobile application can be a serious threat to an entire system. Mobile devices are where we store and work on critical data such as in payments, access, for medical and banking information, almost certainly for personal data, etc.

The problem of mobile application security is, especially concerning in various Android systems. Mainly because as it’s an open system, it is more vulnerable to data breaches at the operational level than Apple iOS (which is a closed system). Android is very fragmented, new versions of the system are deployed to customers’ devices very slowly, which directly impacts the improvement of the entire system’s security. It does not mean your Apple iOS system is completely safe – there are threats related to storing data or web server communication (a Man in the Middle attack) which may make your application vulnerable.

To add perspective to the problem, let’s consider the following examples;

Data and device interception

A Mobile App security breach can be related to several issues, from storing users’ data without encryption in the localised database (which was the case of a popular communication app in 2011) to session token change (a problem for a well-known marketplace application in 2016). The mobile app switched sessions to a different user’s token, most probably collected from deep links. This, through a fake marketplace site, made way for the potential theft of other users’ account data, such as user ID, profile photo, phone numbers, date of birth, access logs, and much other private information.

There are also several examples where an entire device has been compromised through a system vulnerability. Back in 2017, there was a significant security loophole discovered in a Bluetooth driver called BlueBorn; this allowed attackers to obtain complete control of a mobile phone by remotely executing code. In 2018, another issue was discovered; in order to control device modems, an Android firmware used AT commands (dating back to the 1980s). Manipulating these commands allowed hackers to gain control of the entire mobile device. Luckily, you don’t have to worry about BlueBorn issues anymore – it is already fixed on the majority of Android devices running 6.0 or greater and in iOS 10 and greater.

Such vulnerabilities can be used for a variety of reasons, for example, to create false certificates to obtain the data streaming out of your mobile app or install malware to obtain user data. These issues were rather quickly fixed at the operational level, but the question remains as to the extent of the breach. Normally, system loopholes unfortunately result in users waiting for an upgrade and ensuring app security personally.

Ensuring Mobile Application Protection

Ensuring mobile protection is an ongoing process, A most common methodology is to follow a standard security practice; more are now being adapted;.

Standard security practices may include:

  • The encryption of sensitive personal data, including encryption of the local database, cache, or API communication
  • The correct cryptographic key management and user session authorisation (tokens)
  • Token validations – the assigning of one to each consecutive device separately and with different session expiration times
  • Implementation of safe communication standards, e.g. certificate pinning in the case of HTTPs

Mobile-specific security methodology may include:

  • The protection against malicious apps
    • blocking screenshots or masking
    • Masking the mobile app view in the app switcher – preventing any preview of the mobile app’s content when switching to a different app
    • securing the clipboard – so a copied password is not visible in other mobile apps
    • IPC protection (Inter-Process Communication) – a security measure applied to system components to enable communication between mobile apps and the system, such as Activities, Services, Broadcast Receivers, Content Providers
  • UI security analysis, specifically in terms of data leaks (e.g. password masking or data validation)
  • Anti-tampering
  • Android-specific:
    • Code Obfuscation – these limit reverse engineering
    • Proper handling of mobile app signatures
    • Blocking access to overlapping active mobile apps – protection against content scraping done through different apps layered on top of the active mobile app
    • managing permissions in Android apps
  • iOS-specific
    • Using App Transport Security (ATS) for all internet connections
    • Enable the File Data Protection
      All the stated methods cover just some of the risks but be aware of them! Secondly, implementation or verification may require particular expertise.

How does SPG Controls ensure the security of Mobile Applications?

Mobile security is our priority. SPG Controls will ensure our Mobile Applications adhere to industry standards and are robust and resilient to attack.

Security Review

The security review can be done in five steps:
1. SPG Controls review the project to better understand the source code, structure, and purpose of the application.
2. SPG Controls make a list of the application’s various elements responsible for introducing risk to the project.
3. SPG Controls prepare a list of the application security features that should be implemented for all elements, and then verify if all the required security features are in place.
4. After a thorough analysis, if needed, a rescue plan will be created – SPG Controls prepares the list of security protocols which should be implemented.
5. Finally, SPG Controls will maintain the security level of the Mobile Application and ensure it is in the future updates.

Secure Authorisation

Specific permissions dictate the features available to the end user. Permissions are based on asset of assigned roles (or access groups). There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard, will be able to select a role and this will define which objects can be viewed with what permissions.

API Integration

The ARCO Platform provides the ability to interface to many 3rd party systems using an Open API. The API is based on the latest Web-based Restful Architecture. All data contained within the ARCO Platform is securely exposed to the 3rd party systems. All commands, events and configuration changes are logged by ARCO including the property changes made, so there is a full Audit trail.

To know more about how SPG’s ARCO Platform and how it can help secure your assets, click here.

Cloud Blog

Advantages of Monitoring your Security Systems through the Cloud

Business of all sizes and in all geographies, are turning to cloud services. According to a survey by RightScale, both public and private cloud adoption continues to increase, year on year.

The survey shows; respondents now adopting public cloud is 92% , up from 89% in 2017, respondents now adopting private cloud is 75%, up from 72% in 2017. As a result, the overall portion of respondents using at least one public or private cloud is now 96%.

An organization operating on limited financial resources may also leverage cloud technologies to transition from a capital expense model to an operational expense pricing model. By sourcing IT services from the cloud, organizations can focus their investments on building HR capital, business growth, product development and improvements, marketing and customer support. . For a fast-growing organization, the cost component of IT infrastructure can grow exponentially. The expenses associated with deployment, management and security of a complex IT infrastructure can overwhelm and limit the agility of organizations in response to fast-changing market requirements.

The cloud is a great way to run a business since it offers many advantages.

What is cloud computing?

Cloud computing is a term used to describe the use of hardware and software delivered via a network (usually the Internet). The term comes from the use of cloud-shaped symbol that represents an abstraction of a rather complex infrastructure that enables the work of software, hardware, computation and remote services.

Simply put, cloud computing is computing based on the internet. In the past, applications or programs would run from software downloaded on a physical computer or server . Cloud computing allows access to the same kinds of applications through the internet.

Cloud computing is based on the premise that computing takes place on mulitple, often remote machines,. Data collected is stored and processed by remote servers (also called cloud servers). This means devices accessing the cloud don’t need to work as hard!
SPG Controls Cloud Services

By hosting the ARCO Solution remotely, cloud servers free up the memory and computing power of individual computers. Users can securely access cloud services using credentials received from the cloud computing provider.

The advantages include cost benefits, technology innovation and business process andsecurity improvements,. SPG believes in these five key benefits for your organization:

1. Enable productivity from anywhere

Provide a consistent work experience with desktops and apps—accessible from virtually anywhere.

Cloud computing allows mobile access to corporate data via smartphones and devices, which is a great way to ensure that no one is ever left out of the loop. Staff with busy schedules, or who live a long way away from the corporate office, can use the Manager App to keep instantly up-to-date with site status.

Resources in the cloud can be easily stored, retrieved, recovered, or processed with just a couple of clicks. Users can get access to their works on-the-go, 24/7, via any devices of their choice, in any corner of the world as long as they stay connected to the internet. On top of that, all the upgrades and updates are done automatically, off-site by service providers. This saves time and team effort in maintaining the systems, tremendously reducing the IT team workloads.

2. Maintain business continuity

Data loss is a significant concern for all organizations, along with data security. Storing your data in the cloud guarantees that data is always available, even if your equipment like laptops or PCs is damaged. Cloud-based services provide quick data recovery for all kinds of emergency scenarios — from natural disasters to power outages.

If you rely on traditional on-premises approach, all your data will be stored locally, on office computers. Despite your best efforts, computers can malfunction for various reasons — from malware and viruses to age-related hardware deterioration or as a result of user error.

SPG Controls’ Cloud Services can help you with loss prevention. The ARCO Platform is a Docker container-based system designed to be distributed, redundant and scalable The Platform can be run in a Docker Swarm container environment in a public or private cloud hosting environment, and support online or offline (air-gapped) installations.

3. Help secure Sites from cyberattacks

One of the major concerns of every business, regardless of size or industry, is the security of its data. Data breaches and other cybercrimes can devastate a company’s revenue, customer loyalty and brand positioning.

Tightly regulated industries face stringent compliance requirements associated with the security, availability and performance of datacenter technologies. Organizations handling sensitive financial, healthcare or other private information of customers are required to deploy robust mechanisms to protect customer data.

SPG Control offers many advanced security features that guarantee that data is securely stored and handled. The ARCO Platform communicates with each component using wolfSSL; the library is a lightweight SSL/TLS library targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.

All communications to the S1000 Smart Controller use HTTP over TLS and are authenticated in both directions using certificates. Certificates are validated or revoked by the ARCO Platform Integrations Layer. All communications will occur with the S1000 device acting as the TCP/HTTP client on port 443 so that no site-side firewalls need to be configured.

4. Business Future-Proofing

Different companies have different IT needs — a large enterprise of 1000+ employees won’t have the same IT requirements as a start-up. Using the cloud is an excellent solution because it enables an enterprise to efficiently — and quickly — scale up/down their IT departments, according to business demands.

The technology industry is fast-moving, agile and is responsive to changing market situations. Pioneers and industry-leading organizations lead the competition from the front and respond to market changes proactively. This agility is more easily realized when the necessary technical resources are at their disposal. Traditional technology models such as on-premise datacenters tend to limit organizations who would otherwise need to deploy new infrastructure before scaling their business.

SPG Controls Cloud Services is ideal for businesses with growing or fluctuating bandwidth demands. If your business demands increase, you can quickly increase your cloud capacity without having to invest in physical infrastructure. This agility can provide a competitive advantage

5. Continuously optimize the cost of your workloads

Many organizations rely on datacenter systems to operate at scale and are challenged with the ongoing management and security needs of complex IT infrastructure. Executives are forced to invest resources in areas focused on keeping the systems running instead of scaling business operations in broader markets or in research and development toward innovative solutions.

By using cloud infrastructure, organizations do not have to spend huge amounts of money on purchasing and maintaining equipment or in hardware, utilities, or building out a large data centre to grow their business. In addition, IT teams can be minimised as cloud providers’ staff handle cloud data centre operations.,. IDG’s 2020 Cloud Computing Survey puts some fresh data behind this paradigm shift.

SPG Controls is committed to fulfilling the SLA agreements that limit the total annual downtime, service performance levels and security measures.

Is migrating to SPG Controls Cloud Services best for you?

Not every company will migrate to the cloud, at least not yet. However, many organizations have already benefitted through positive impacts on their business.

Cloud adoption increases every year since companies realize that it offers them access to world-class enterprise technology. And, if you implement a cloud solution now, you’ll be ahead of your competitors!

If you have any questions about how to effectively adopt the cloud for your business, or how to optimize your cloud performance and reduce costs, contact us today to help you out with your performance and security needs.

Links:
https://www.flexera.com/blog/industry-trends/trend-of-cloud-computing-2020/
https://spgcontrols.com/software/
https://www.docker.com/resources/what-container
https://www.wolfssl.com/about/
https://www.idg.com/tools-for-marketers/2020-cloud-computing-study/

Top 5 Encryption Best Practices That Will Protect You

Best Encryption Practices to Protect Your Business

Growing in importance, Encryption is something that every business needs! Not only to provide better online security but to prevent data breaches and business interruption.

What is Encryption?

In its simplest form, Encryption is the process by which data is encoded to prevent that data from being easily understood by an unauthorised person.  Only the parties involved in the communication are authorised to decrypt the data. As examples, those parties can be between your browser and a website, a storage device and an individual authorised user.

Normally a message is encrypted with a key, but for demonstration purposes and in a very simple way, characters may be “shifted” to another place in the alphabet. For instance, B might become A. The word “AZS” is an encrypted form of “BAT” as the places have been shifted by one place to the left. One of the most popular shift cyphers is the ROT13, which is short for “rotate by 13 places”.

Why Use Encryption?

Encryption prevents unauthorised actors from seeing sensitive data, whether that data is static or in transit. Data is considered to be transmitting whenever it is sent to another party or endpoint. For instance,  transferring a file to another device. For the duration of the transmit, a third-party can “eavesdrop” on the communication and create an opportunity for a  man-in-the-middle attack (MITM).

A man-in-the-middle attack can alter the communication between two parties and can happen in real-time. It can alter the data that is being transmitted and received and can lead to serious complications. For instance, a patch that seems normal might end up carrying a payload of viruses and backdoors which hackers can use to gain entry and compromise an otherwise secure system. Some everyday computer users and even administrators do not often see that their systems are already compromised because the altered data will be presented just as a normal software update. Another grave consequence is that sensitive data can be taken by hackers. If a system regularly transmits bank details or credit card credentials, they could be taken by malicious actors. Some systems would also be unable to detect whether data was compromised.

What practices can be implemented to make sure that data is secure and sound?

Multiple Encryption Methods

Having layers of Encryption for data can be beneficial. They can act as a separate layer of security for each encryption method available. If one of the Encryption fails, there are other methods that can be used to slow down or even deter hackers from taking further action.

ARCO Platform communicates with each component using wolfSSL.

The wolfSSL library is a lightweight SSL/TLS library targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set. It is used in many common platforms because the wolfSSL library supports over 30 different operating environments, industry standards up to the current TLS 1.3 library and offers progressive cyphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback report dramatically better performance when using wolfSSL versus other similar implementations of TLS.

Detailed Logs and Audit Trails

System design should incorporate the creation and storage of traffic logs for every event. This should include tracking which users are logged in and from where they are logged in. This can help administrators and cybersecurity experts to identify suspicious activities. In the case of an attack, investigators can see location data which may be helpful in building better fortification strategies.

ARCO Platforms includes real-time events, reports and alarms throughout the system.

Access to real-time information will help Companies visually understand changing security and business conditions to enable better decisions. Ones based on the real-time data and collated in pre-designated reports. ARCO enables you to identify trends and measure the impact of system activities.

Set Minimal Privileges for Users

Integrated systems tend to provide a lot of user privileges. It is important to limit access to a system to the minimal privileges required by each user. The temptation is to incorporate more system privileges than are required. For instance, a guest user does not need administrator privileges.

ARCO Platform gives users a set of permissions from a set of configurable roles.

 

Roles are only allowed to access the information necessary to perform specific tasks effectively. Access can be based on several factors, such as authority, responsibility and job competency. In addition, access to ARCO Platform can be limited to specific tasks such as the ability to view, create or modify a device.

Backups

It is also important to create regular system backups. This permits authorised users to restore data in case of a disruption to service.

Get Better Security

Invest in accredited and tested products and select fully trained and experienced partners for implementation and support services. SPG Controls has the right products and track record for securing your business as well as a global network of authorised Value-Added Resellers. Contact us to know more.

 

 

Monitoring Your System Anytime Anywhere

24/7 Monitoring for Security Systems

Your Corporation’s security system should be something that can be easily monitored anytime and anywhere. Thanks to a lot of improvements in technology, it finally can!

What Are Security Systems?

Security systems help protect your place of business. They permit access, preserving privacy and establishing audit trails, they provide video recording and transmission of events, provide out of hours intruder detection and can be extended to include any number of environmental sensors enabled to control light, heat, humidity, flood, fire, power consumption and lone working. Depending on budget or demand for security, the system can be configured to suit all business types, from a single premise to a multi-location, multinational business.

Deciding what security system and security devices to purchase can be an intimidating responsibility. However, there are several sources of information from third party consultants, local expert providers and recommendations from Police Crime Prevention Units. SPG Controls would advocate the appointment of experienced and accredited companies as an installation and support partner, In addition, the enablement of remote control of your security solution is essential in today’s unique environment, where individual and remote working is an everyday occurrence.

There are some factors to consider when selecting a security system. For instance, what would best serve your Company, controlling access through the use of locking devices and readers, providing intruder detection during overnight and weekend closures, protecting remote and lone workers, protecting valuable assets from flood, fire, heat and humidity or misuse? Monitoring and recording CCTV or audio to enable verification of any event? Typically, an intruder alarm is connected to a third-party monitoring company who follow your instructions depending on the type and time of an alarm event. In today’s market, SPG Controls would recommend taking a further step forwards by enabling the control of your Company’s security systems through a mobile application, providing immediate data on your premise’s security system. Having the ability to check, verify and manage all aspects of your security solution as an authenticated user from your mobile device is essential.

Advantages of Security Systems

Security systems today have many benefits, thanks to advancements in technology. Many are now connected to IoT devices (Internet of Things) which makes them ideal for automating aspects of your Company’s security. For instance, by permitting both local and remote locking and unlocking of doors and gates.

Permitting the monitoring of your Company’s security system anytime and from anywhere. Additionally providing CCTV and audio content to enable remote verification. It’s much easier to decide on a course of action if management can see and hear what’s happening.

SPG Controls’ ARCO Enterprise Platform allows users to monitor data from thousands of remote sites. It is built with the latest web technologies for a faster and more secure experience. Support for unlimited connections also means that there is a huge potential for horizontal scalability. Every function supported is also accessible thanks to an open API. A dynamic server environment also ensures that there are unlimited redundancy and scalability

Product Specifics

SPG Controls’ S1000 Smart Controller manages access control, intruder alarms and any other applicable building management functions that can be remotely accessed by authorized users. It allows the monitoring and access of your security system whilst maintaining a secure remote connection. As an option, it can be equipped with a 4G connection as well as with Bluetooth Low Energy for setup and control. Other S1000 controllers can also be connected as slaves to expand the network in a building, compound, campus or over globally dispersed locations.

The SPG Sensor Remote Expansion Device provides analogue sensing information. These can be connected to the  S1000 controller, which processes information in real-time in order to decide the course of action based on the pre-programmed rules. The interface also has sensors for humidity and temperature, which can also be useful for facilities that have intensive cooling or warming systems.

SPG Sensor Remote Expansion Device

Contact us today to find out how an SPG Controls security system can help you protect your assets.

Securing Security Management Systems – Cybersecurity

With the global average cost of a data breach now reported as US$3.86 million Cybersecurity has never been more critical. In addition, the average time to identify and contain a data breach or the “breach lifecycle” is 280 days in 2020 and so the effects of a data breach can be costly and very disruptive!  (see IBM Security, Cost of a Data Breach Report 2020).

In this article, SPG Controls will explain why Cybersecurity needs to extend to electronic and physical security products to ensure business continuity and integrity.

data security cyber data or information privacy idea

What is Cybersecurity?

Simply put, Cybersecurity is the protection of any system that is connected to the internet, including both hardware and software. Customer and business data are usually targeted, and the resultant business interruption, loss of reputation and recovery can cause lasting damage.

For businesses, it is important to note that ” security” encompasses both physical security (as an example a lock on a server room door) and Cybersecurity (as an example protecting the servers with anti-virus software from vulnerabilities).

Cybersecurity also includes the study and implementation of various technologies that can help deter and prevent hackers from accessing unauthorised data. Cybersecurity specialists work hard to execute strategies to bolster a system and/or a network from cyberattacks. Some specialise in website security while others are more engaged in protecting hardware from external attack.

 

What Can You Do to Protect Your Business?

You can protect your business by ensuring that your security systems are certified to Industry standards and are robust and resilient to attack.

SPG Controls ARCO Platform is one of the most highly sophisticated security software platforms and can also be integrated with existing systems, meaning companies can re-use previous investments and re-utilise and re-purpose assets. ARCO  is designed to work within secure environments. Every user and device communicates with the system through encrypted channels ensuring only authenticated and authorised users and equipment is connected. This is also essential for security when remote access is required.

 

ARCO Security is implemented in three ways

 

Secure Architecture

Businesses can benefit from the ARCO ‘ ‘Platform’s Onion Architecture which can be used in the cloud, on-premises, and in hybrid environments.

The ARCO Platform has different layers for each application. This is to isolate them from each other in the event of a cyber-attack. It also paves the way for better testing and maintenance of the application.

The ARCO Platform also has a domain-driven design. The domain model contains both the business logic and rules. Business logic is separated from the view and data access layers.

 

Secure Authentication

Remote connections and access are also protected by the ARCO Platform. Each of its functionalities are deployable through microservices, which communicate via HTTPS endpoints through a Web API. WolfSSL is used in the encryption of communication between any connected devices to the ARCO Platform through the S1000 controller.

Certificate-based authentication is used to further protect unauthorised access. The certificates are validated or revoked by ARCO Platform Integration Layers. Core services are run through standard strict Web API security checkpoints.

Java Web Token is used for access token validation. Every action of a user is passed through the token to ensure security. The ARCO Platform also uses modular access policies so that each ‘ ‘role’s permissions can be further controlled.

 

Secure Authorisation

Specific permissions dictate the features available to the user. Permissions are based from a  set of roles (or access groups) assigned. There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard,  will be able to select a  role and this will define which objects can be viewed with what permissions.

What Can You Do to Protect Your Business?

To know more about how ARCO Platform and how it can help secure your assets, click here.

 

Reference sources detailed below.

Security Intelligence

IBM Security