Grant Powell MBCS spoke to Steven Kenny, Architecture and Engineering Program Manager, EMEA, Axis Communications, to learn why cybersecurity considerations are now so vital when it comes to the design and development of physical security devices.
In an era where physical security systems are increasingly integrated into digital networks, the importance of cybersecurity has never been greater. Network cameras and surveillance infrastructure are no longer isolated tools, but intelligent, connected devices that can either safeguard or expose an organisation’s most sensitive data.
Axis Communications, understands this shift and has made cybersecurity a cornerstone of its product philosophy when it comes to its network video technology. To discover more, Grant Powell MBCS spoke to Steven Kenny, Architecture and Engineering Program Manager for the EMEA region, at a recent Axis Open event at the Allianz Stadium, Twickenham UK. Axis Open is a regional roadshow showcasing Axis’ solutions and bringing together partners and key stakeholders.
With physical security devices increasingly connected to networks, how does Axis ensure the cybersecurity of its network cameras?
At Axis, cybersecurity is a foundational principle embedded into every stage of the product lifecycle, rather than an afterthought, or something that’s ‘bolted-on’ afterward. We take a structured approach, known as the Axis Security Development Model, which ensures that security considerations are integrated from research and development through to installation and commissioning. Every stakeholder involved in the design phase is accountable for meeting specific cybersecurity criteria aligned with industry standards such as ISO 27001. This commitment across departments ensures that cybersecurity is built into the DNA of Axis products.
When it comes to creating a security aware culture, how do you ensure that everybody is on board?
Cybersecurity is very much a shared responsibility across the business, and we support our teams with internal training and professional development programs. These initiatives build awareness of individual obligations and the broader importance of cybersecurity.
Axis has its roots firmly in IT, so we have long understood the threat landscape and embedded a ‘secure by design’ mindset into our culture. We conduct regular penetration testing and vulnerability scans, and maintain a software bill of materials to track firmware and open-source software components. Additionally, we incentivise external testing through platforms, such as Bugcrowd, which reward ethical hackers who identify vulnerabilities. This proactive approach ensures that security is continuously evaluated and improved.
How important is it that manufacturers of modern physical security systems seek to comply with cybersecurity regulations?
Compliance with cybersecurity regulations is essential, not only for legal reasons but also for maintaining trust across markets. Regulations like NIS 2 and the Cyber Resilience Act have emerged because many businesses historically failed to prioritise cybersecurity.
Axis recognises that these frameworks are not optional — they are gateways to doing business, especially in regions like the European Union. NIS 2 focuses on end-user compliance, while the Cyber Resilience Act targets product-level hardware and software requirements. We align our operations to support both our own compliance and that of our customers, many of whom are classified as essential entities under these regulations. We view compliance as a strategic imperative that enables continued growth and boosts confidence among our customers.
When it comes to your wider supply chain, how do you make sure that cybersecurity standards are upheld beyond Axis’ own internal processes?
We take a holistic view of cybersecurity, extending our vigilance beyond internal operations to our entire supply chain.
For you
Be part of something bigger, join BCS, The Chartered Institute for IT.
It’s critical that rigorous proof-of-concept testing and vendor risk assessments are conducted, helping us evidence that manufacturing environments and logistics processes are secure.
Cybersecurity is a central component of these evaluations, alongside other compliance areas such as corporate sustainability.
At Axis, we understand that every organisation is dependent on others, and that vulnerabilities in the supply chain can compromise even the most secure internal systems. By applying the same standards to our partners as we do to ourselves, we’re able to strengthen the overall resilience of our ecosystem.
For organisations looking to upgrade their surveillance infrastructure, what role does cybersecurity compliance play in future-proofing their investment?
Cybersecurity attacks represent the number one risk facing businesses, and organisations that fail to acknowledge this are falling behind. In today’s interconnected and digitally driven world, video surveillance systems are now networked devices that can pose significant risks if not properly secured.
We urge businesses to reframe how they view security systems, emphasising the importance of due diligence not only in selecting manufacturers but also in evaluating the broader implications of network connectivity. A breach in a surveillance system can lead to GDPR violations, reputational damage, and loss of intellectual property. Therefore, cybersecurity compliance is not just a technical requirement, it is a business-critical strategy for protecting data, ensuring privacy, and maintaining operational integrity.
Finally, can you tell me about the system-on-chip (SoC) Axis has developed for its products?
Organisations are demanding more from their technologies, such as data analytics and behavioural insights. But this inadvertently increases exposure to risk. At Axis, we highlight the need for alignment across IT, physical security, facilities management and procurement teams to ensure that security is considered at every stage. Most of our products now feature our own system-on-chip (SoC), which is currently the ARTPEC-9 (https://tinyurl.com/2xnjenpt). This has been developed in-house to perfectly match the requirements of modern professional video surveillance while enhancing security capabilities, enabling advanced encryption, certificate management and video integrity verification.
These innovations demonstrate Axis’ commitment to evolving its products in line with both regulatory requirements and customer expectations. Cybersecurity is not just a feature of our products, it is a philosophy that permeates every aspect of the company’s operations, partnerships, and customer engagements. For organisations seeking to upgrade their surveillance infrastructure, choosing a partner like Axis means investing in a future-proof solution built on trust, compliance and continuous innovation.
Take it further
Interested in this and similar topics? Explore BCS' books and courses:
