Security by design

March 2019 Cyber Security, Integrated Solutions

Cyber threats are growing, and they are coming from every direction. Access control, CCTV, perimeter and intrusion detection solutions – because they are connected to the IT domain and to sensitive IP and data – are an attractive target. The strength of the security platforms on which they are built will thus increasingly impact the purchase decisions of users, and market positions of vendors.

The companies that will lead the security industry in future are those that understand the risk and invest in building security into the entire lifecycle of their products, from initial design concept, through product development, deployment and rapid incident response to meet evolving cybersecurity threats and the needs of evolving environments.

Marius Brits.
Marius Brits.

Opening the door

Consider the security risk that a hacked access control system may present: it opens the door to people’s credentials, identities, access card and even biometric data, not to mention sensitive video footage and other company data assets, such as personnel records. It may also open the door, physically, to company facilities. As the digital environment continues to expand and evolve, so do security threats. This means the security of these solutions must continually evolve too.

For C-level and IT/security leaders three factors are top of mind:

• Mitigating the risk of hacktivism and malicious or criminal insiders,

• Protecting data access in-transit and in-storage, and

• Exposure, liability and compliance.

Properly configured software and hardware infrastructure is vital to protect a company from cyber-attacks and ensure compliance with security controls.

Johnson Controls’ Cyber Protection Programme

At Johnson Controls, a dedicated Global Product Security team leads the Cyber Protection Programme (CPP). Many of the solutions we provide to customers, which include access control, CCTV solutions and intrusion protection, are critical to operations, directly impacting safety, security and compliance with industry regulations.

Disruption is not an option. Operational technologies often provide critical functions which, if disrupted, can impact not just operational efficiency and profits, but also result in disclosure of sensitive information.

We address this by ensuring that every Johnson Controls product that is developed meets the standards of the CPP and complies with its policies. Each product is subject to extensive testing, has the CPP software loaded and will receive regular security upgrades throughout the life of the product.

Having engineering teams trained in cybersecurity has given Johnson Controls an advantage in developing products that consider cybersecurity within its core design. Our certified cybersecurity experts (CISSP, CSSLP, CEH, CCSP, etc.) work to validate designs using the latest recognised industry standards and practices. Expert driven cybersecurity designs provide the forethought required to reduce risk.

Three pillars

Johnson Controls’ CPP is built on three pillars: secure development, deployment services and rapid response.

• Secure development: Baseline design requirements that address core cyber threat categories for elevated security. Dedicated in-house cybersecurity test labs focused on discovering and neutralising concerns before they reach customers. Extended testing, including bug bounty programs and third-party penetration testing, provides verification and validation assurance. Solution designed features that enable easier compliance with corporate policies Certified and trained experts driving design decisions.

• Deployment services: We apply a multi-pronged approach: customer education to help drive more secure installation, compliance assistance to help our customers comply with industry and organisational policies, and provision of security documentation for IT acceptance.

• Rapid response: A product that is secure today may not be secure tomorrow. Through the rapid incident response service, our cybersecurity team quickly assesses new threats and vulnerabilities and advises customers on how they may reduce their cybersecurity exposure.


Security is a shared responsibility. Every organisation is responsible and accountable for protecting the business, its shareholders and its customers. Choosing secure products that protect against evolving risk is an important part of ensuring ongoing security. This means that building security into products and software must, now and in the future, be standard core policy and protocol for vendors. One thing is sure: the strength of the security fundamentals built into products will become a key driver of product purchases and will impact the market share of solutions.

For more information contact Johnson Controls, +27 11 921 7129,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Social media and intelligence-led surveillance
July 2019, Leaderware , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Social media has become a major feature of most people’s lives in the last few years and they can be invaluable as a source of information for companies and security organisations.

The 4th Industrial Revolution
July 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Security Services & Risk Management, Industrial (Industry)
Most major industries have turned to and are reliant on technology to run their operations. This is a time of great promise, but also one of frightening peril.

You can’t isolate, so integrate
July 2019, Axis Communications SA , Industrial (Industry), Integrated Solutions
One of the most exciting trends to emerge from the Industry 4.0 revolution is that technologies and hardware that were originally developed for the security market are increasingly being co-opted to enhance organisational productivity.

Four essential cloud security concepts
July 2019 , Cyber Security, IT infrastructure
Security is a critical a component of any cloud environment, but to be effective, it needs to be as agile and dynamic as the cloud infrastructure being protected.

Cyber-attacks target operational technology
July 2019 , Editor's Choice, Cyber Security, Industrial (Industry)
Focus on operational technology security increasing as around 74% of OT organisations come under attack in the past year, finds a new Fortinet report.

Controlled intelligence
July 2019 , Industrial (Industry), Integrated Solutions
Connected intelligence and 5G technology are set to profoundly impact the way the industrial sector approaches quality control.

Fear of the unknown
July 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
Fear of the unknown: while there’s still interest in cryptocurrencies, just 19% locally understand how they work.

New generation password manager
July 2019 , Cyber Security
NordVPN will release two new cybersecurity solutions this year - NordLocker and NordPass.

Industrial cybersecurity delivers ROI
July 2019, Kaspersky Lab , Industrial (Industry), Cyber Security
Industrial company achieves 368% ROI with Kaspersky Industrial CyberSecurity reveals global research and advisory firm.

Change your birthday
July 2019 , Cyber Security
How unique are the PIN codes that we choose to stop cybercriminals from getting into our phones and their eyes onto our most precious accounts?