© 2024 CyberNews- Latest tech news,
product reviews, and analyses.

Tim Norris, Brivo: "the number one threat to access control is the use of insecure, non-encrypted credentials"


Cloud-based access control solutions have transformed security processes by centralizing data, utilizing advanced technologies, and providing convenient access management.

Cloud-based access control solutions leverage the power of the cloud to provide secure and convenient access management for various facilities. Combine it with a high-level VPN system, and you have a comprehensive security solution that can be managed remotely and monitored in real-time.

To learn more about the benefits of cloud-based access control and how it can help businesses protect their premises we spoke with Tim Norris, Senior Director of Product Marketing at Brivo, a company that provides cloud-based access control solutions to secure lives, assets, and facilities.

How did the idea of Brivo originate? What has the journey been like since your launch in 2002?

Brivo was the first cloud company to enter the property technology space when we launched our cloud-based platform in 2002, intending to protect lives, assets, and facilities.

Since the beginning, Brivo has been committed to delivering better security and service to the spaces we protect and developing new technologies to help solve the challenges of the times. At the time, the Cloud-as-a-Business platform was virtually unknown.

In the early days, a major part of the task was simply promoting the benefits of the cloud. People didn’t know enough about it. Brivo started from outside the security industry, which is largely why we brought different ideas to the table than what others had in both the security and the fledgling smart building industry.

And so, many of the ideas we started then came from outside the industry – more informed by other tech industries such as satellite communications, telephony, healthcare, etc.

Today, Brivo as a company and the industry as a whole has matured, and there’s much more depth in terms of product sets and customer understanding of what those product sets mean.

That’s been a welcome change.

To focus on the last three-to-four years, new investment has come into Proptech and made it clear that there’s huge value in connecting both individual buildings and entire portfolios to cloud services, mobile services, and data services. That’s been a real change in terms of how people think about what we’re doing.

Can you introduce us to your access control solutions? What are their key features?

On-premise access control solutions and the local servers they depend on have served security professionals well for many years. Demands and requirements, however, have changed over time. Data fragmentation, for example, which prevented businesses from using building security data to make better decisions in the past, is no longer an issue thanks to our access control platform, Brivo Access.

Our platform centralizes building security data and makes it useful by utilizing embedded business intelligence and machine learning functionalities. Our users are empowered to understand the usage and applications of their physical spaces – increasingly critical in today’s hybrid world of work – and improve security processes.

Our cloud-based platform also allows security professionals to manage access to and from any location, at any time, and on any device, including computers and smartphones – eliminating the need for local servers and physical on-site visits.

This isn’t just a case of time savings. Cloud-based access control solutions reduce the workloads of physical and IT security teams who are already stretched. Multi-site software upgrades can be pushed out, for example, removing the cost and time associated with delivering manual updates to hardware.

What are some of the most popular ways threat actors use to bypass various access control measures?

The number one threat to access control is the use of insecure, non-encrypted credentials. 125 KH low-frequency card readers, for example, are especially vulnerable to infiltration via unauthorized fobs and cards.

Poor lock installation practices and infrequent maintenance also pose risks. They can result in common or new vulnerabilities going unfixed that a bad actor can exploit to bypass access control measures and enter premises.

Finally, there is always a human element that is unpredictable and can only be addressed with policies and training. It’s similar to other types of security – you can have the most impenetrable system in place to defeat hackers, but it doesn’t matter if people put their password on a sticky note and attach it to their monitor.

If people share credentials or hold open doors, or even wedge a door open for convenience, that’s going to limit the effectiveness of any security system. A certain amount of training and adherence to policy is always going to be necessary, no matter how advanced the access control system is.

How did the recent global events affect your field of work? Were there any new challenges you had to adapt to?

For security and facility managers, COVID presented new and unique challenges that put them on the front line of protecting people, property, and assets and upholding health safety. Organizations that had workers on-site to perform essential services had to enforce new health-safety protocols.

Businesses with a primarily remote workforce had to monitor and manage access to an empty, and therefore vulnerable, building. For many, this meant putting greater focus on physical security, including health-safety features, to adapt to the COVID era.

The upshot of these pandemic-related challenges was that digital transformation trends were accelerated. More security and facility managers saw the value of cloud-based access control platforms. This trend has continued after the pandemic, with upticks in security professionals using these platforms to harness data to utilize building usage and deliver integrations with other security systems – particularly Identity and Access Management (IAM) systems.

What myths and misconceptions surrounding smart spaces do you notice most often? What do you think they are based on?

In a smart space, there is the age-old perception that a security solution is less reliable if it’s hosted and delivered via the cloud. This might’ve rung true in the past, but cloud systems have made progress by leaps and bounds up to today to increase uptime and reliability.

Even in the face of disruptions with cloud networks, redundancies, or the duplication of critical components, access control systems' functions are built into the access control software. This allows the system to operate even while offline, allowing people to access or leave a facility as they need. In the event of a power failure, there are also assurances in battery backup to ensure no downtime, regardless of whether the system is distributed.

Another myth lies in the supposed complexity of cloud access control applications. These applications can seem complex as the amount of data has increased exponentially within robust access controls today. Moving to the cloud often also involves new approaches, new ways of working, and technology solutions, adding to the so-called complexities.

But cloud-based access controls are meant to simplify access control and to remove the on-prem logistical complexities from storage to maintenance.While there will be shifts in working, these should be viewed as a welcome change rather than one to avoid.

What predictions do you have for the future of technology in the public safety field?

We recently surveyed 677 security professionals worldwide to identify the trends that will shape physical security in the future. We found that user experience and convenience are rapidly emerging drivers behind the adoption of new physical security solutions. This is a reflection of the ways in which the dynamics of office work have changed since the pandemic.

Today’s employees expect flexible hours, hybrid environments, multiple accommodations, and more convenience. Delivering this falls to security professionals who are able to add convenience and ensure frictionless access with modern, cloud-based solutions.

We fully expect this trend to grow in the coming months and years as changing workforce demographics bring more Millennial and Gen Z cohorts into the workplace. These workers expect frictionless access to their place of work, but they’re also mobile natives.

Workplace-experience apps will only grow in popularity as businesses look to make their workplaces better reflect the wider societal popularity of mobile-derived services.

What tips would you give those looking to secure their homes or offices and their networks?

Some of the most important pieces of security advice apply to the physical and cyber realm. For example, ensuring that all hardware and software is patched is vital to protecting IT systems or physical security apparatus from bad actors looking to break in by exploiting known vulnerabilities.

Working with reputable partners who can prove their security credentials is also key. Hardware or software that’s either inherently insecure or misconfigured poses a risk. To evaluate the cyber security of a particular access management vendor, installers or procurers can seek out audit statements to check that the vendor is making appropriate levels of investment into its cyber security.

Cybersecurity should be a critical consideration in the process of purchasing access management technology. Unsecure access management hardware or systems can be compromised and used as a foothold to hack into wider corporate networks with potentially catastrophic results.

What other aspects of our lives do you hope to see enhanced by technology in the near future?

As mentioned, with cloud-based access control solutions, there’s a fantastic opportunity to improve how we access and interact with our physical workplaces.

Centralization of identity data in the cloud, for example, can massively simplify the management of access between a business’ multiple premises – which is becoming increasingly important in the world of hybrid working.

In the future, there’s no reason why the business access experience can’t mirror the concierge experience associated with luxury hotels!

Tell us, what’s next for Brivo?

Brivo’s international expansion will continue to scale In the coming months and years. As of today, we serve over 450 customers in Europe. This number is only growing as more businesses in the region move from on-premise software to cloud-based access control systems. It’s a similar story in other regions across the globe.

Brivo will also continue to develop its ecosystem of access solutions with innovations to drive PropTech forward and help businesses further leverage cloud-based access to improve security and business decision-making through the application of building data.



Leave a Reply

Your email address will not be published. Required fields are markedmarked