Security by design

March 2019 Cyber Security, Integrated Solutions

Cyber threats are growing, and they are coming from every direction. Access control, CCTV, perimeter and intrusion detection solutions – because they are connected to the IT domain and to sensitive IP and data – are an attractive target. The strength of the security platforms on which they are built will thus increasingly impact the purchase decisions of users, and market positions of vendors.

The companies that will lead the security industry in future are those that understand the risk and invest in building security into the entire lifecycle of their products, from initial design concept, through product development, deployment and rapid incident response to meet evolving cybersecurity threats and the needs of evolving environments.

Marius Brits.
Marius Brits.

Opening the door

Consider the security risk that a hacked access control system may present: it opens the door to people’s credentials, identities, access card and even biometric data, not to mention sensitive video footage and other company data assets, such as personnel records. It may also open the door, physically, to company facilities. As the digital environment continues to expand and evolve, so do security threats. This means the security of these solutions must continually evolve too.

For C-level and IT/security leaders three factors are top of mind:

• Mitigating the risk of hacktivism and malicious or criminal insiders,

• Protecting data access in-transit and in-storage, and

• Exposure, liability and compliance.

Properly configured software and hardware infrastructure is vital to protect a company from cyber-attacks and ensure compliance with security controls.

Johnson Controls’ Cyber Protection Programme

At Johnson Controls, a dedicated Global Product Security team leads the Cyber Protection Programme (CPP). Many of the solutions we provide to customers, which include access control, CCTV solutions and intrusion protection, are critical to operations, directly impacting safety, security and compliance with industry regulations.

Disruption is not an option. Operational technologies often provide critical functions which, if disrupted, can impact not just operational efficiency and profits, but also result in disclosure of sensitive information.

We address this by ensuring that every Johnson Controls product that is developed meets the standards of the CPP and complies with its policies. Each product is subject to extensive testing, has the CPP software loaded and will receive regular security upgrades throughout the life of the product.

Having engineering teams trained in cybersecurity has given Johnson Controls an advantage in developing products that consider cybersecurity within its core design. Our certified cybersecurity experts (CISSP, CSSLP, CEH, CCSP, etc.) work to validate designs using the latest recognised industry standards and practices. Expert driven cybersecurity designs provide the forethought required to reduce risk.

Three pillars

Johnson Controls’ CPP is built on three pillars: secure development, deployment services and rapid response.

• Secure development: Baseline design requirements that address core cyber threat categories for elevated security. Dedicated in-house cybersecurity test labs focused on discovering and neutralising concerns before they reach customers. Extended testing, including bug bounty programs and third-party penetration testing, provides verification and validation assurance. Solution designed features that enable easier compliance with corporate policies Certified and trained experts driving design decisions.

• Deployment services: We apply a multi-pronged approach: customer education to help drive more secure installation, compliance assistance to help our customers comply with industry and organisational policies, and provision of security documentation for IT acceptance.

• Rapid response: A product that is secure today may not be secure tomorrow. Through the rapid incident response service, our cybersecurity team quickly assesses new threats and vulnerabilities and advises customers on how they may reduce their cybersecurity exposure.


Security is a shared responsibility. Every organisation is responsible and accountable for protecting the business, its shareholders and its customers. Choosing secure products that protect against evolving risk is an important part of ensuring ongoing security. This means that building security into products and software must, now and in the future, be standard core policy and protocol for vendors. One thing is sure: the strength of the security fundamentals built into products will become a key driver of product purchases and will impact the market share of solutions.

For more information contact Johnson Controls, +27 11 921 7129,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Securing perimeters of secure locations
November 2019, Axis Communications SA, Modular Communications, Hikvision South Africa, Nemtek Electric Fencing Products, Technews Publishing, Stafix , Government and Parastatal (Industry), Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
Hi-Tech Security Solutions asked a number of companies offering perimeter security solutions for their insights into protecting the boundaries of national key points.

Pwn2Own hacking contest to include industrial control systems
October 2019 , Cyber Security
As IT and OT converge under Industry 4.0 and digital transformation initiatives, security gaps are emerging in a range of popular industrial control systems.

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Intelligent analytics and the brains to match
September 2019, Bosch Building Technologies , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
What if the brains behind our security cameras could be trained to improve their cognitive ability to pay attention, learn, and problem-solve according to specific rules and situations?

AI-powered autonomous Drone-in-a-Box
September 2019 , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Organisations in the mining, energy and industrial, oil and gas, ports and terminals sectors can optimise security and business operations, whilst reducing risks and operational costs

Cybersecurity for video surveillance systems
September 2019, Mobotix , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.