Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Security by design

March 2019 Information Security, Integrated Solutions

By Marius Brits, Johnson Controls, regional sales manager – Africa, Integrated Solutions – Fire & Security.

Cyber threats are growing, and they are coming from every direction. Access control, CCTV, perimeter and intrusion detection solutions – because they are connected to the IT domain and to sensitive IP and data – are an attractive target. The strength of the security platforms on which they are built will thus increasingly impact the purchase decisions of users, and market positions of vendors.

The companies that will lead the security industry in future are those that understand the risk and invest in building security into the entire lifecycle of their products, from initial design concept, through product development, deployment and rapid incident response to meet evolving cybersecurity threats and the needs of evolving environments.

Marius Brits.
Marius Brits.

Opening the door

Consider the security risk that a hacked access control system may present: it opens the door to people’s credentials, identities, access card and even biometric data, not to mention sensitive video footage and other company data assets, such as personnel records. It may also open the door, physically, to company facilities. As the digital environment continues to expand and evolve, so do security threats. This means the security of these solutions must continually evolve too.

For C-level and IT/security leaders three factors are top of mind:

• Mitigating the risk of hacktivism and malicious or criminal insiders,

• Protecting data access in-transit and in-storage, and

• Exposure, liability and compliance.

Properly configured software and hardware infrastructure is vital to protect a company from cyber-attacks and ensure compliance with security controls.

Johnson Controls’ Cyber Protection Programme

At Johnson Controls, a dedicated Global Product Security team leads the Cyber Protection Programme (CPP). Many of the solutions we provide to customers, which include access control, CCTV solutions and intrusion protection, are critical to operations, directly impacting safety, security and compliance with industry regulations.

Disruption is not an option. Operational technologies often provide critical functions which, if disrupted, can impact not just operational efficiency and profits, but also result in disclosure of sensitive information.

We address this by ensuring that every Johnson Controls product that is developed meets the standards of the CPP and complies with its policies. Each product is subject to extensive testing, has the CPP software loaded and will receive regular security upgrades throughout the life of the product.

Having engineering teams trained in cybersecurity has given Johnson Controls an advantage in developing products that consider cybersecurity within its core design. Our certified cybersecurity experts (CISSP, CSSLP, CEH, CCSP, etc.) work to validate designs using the latest recognised industry standards and practices. Expert driven cybersecurity designs provide the forethought required to reduce risk.

Three pillars

Johnson Controls’ CPP is built on three pillars: secure development, deployment services and rapid response.

• Secure development: Baseline design requirements that address core cyber threat categories for elevated security. Dedicated in-house cybersecurity test labs focused on discovering and neutralising concerns before they reach customers. Extended testing, including bug bounty programs and third-party penetration testing, provides verification and validation assurance. Solution designed features that enable easier compliance with corporate policies Certified and trained experts driving design decisions.

• Deployment services: We apply a multi-pronged approach: customer education to help drive more secure installation, compliance assistance to help our customers comply with industry and organisational policies, and provision of security documentation for IT acceptance.

• Rapid response: A product that is secure today may not be secure tomorrow. Through the rapid incident response service, our cybersecurity team quickly assesses new threats and vulnerabilities and advises customers on how they may reduce their cybersecurity exposure.

Future-secure

Security is a shared responsibility. Every organisation is responsible and accountable for protecting the business, its shareholders and its customers. Choosing secure products that protect against evolving risk is an important part of ensuring ongoing security. This means that building security into products and software must, now and in the future, be standard core policy and protocol for vendors. One thing is sure: the strength of the security fundamentals built into products will become a key driver of product purchases and will impact the market share of solutions.

For more information contact Johnson Controls, +27 11 921 7129, [email protected], www.johnsoncontrols.com





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

Read more...
SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Read more...
Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Future trends for electronic safety and security in mining
Fang Fences & Guards Mining (Industry) Integrated Solutions AI & Data Analytics
The mining industry is ever evolving, driven by technological advancements and the growing need for enhanced safety and security measures, with significant innovation seen in turnkey electronic security for mining operations.

Read more...
Unlocking enhanced security for mining
Mining (Industry) Integrated Solutions
In the dynamic landscape of African mining, security remains of paramount concern as threats evolve and challenges persist, and mining companies seek innovative solutions to safeguard their operations, assets, and personnel.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.