Steven Kenny, Industry Liaison Architecture and Engineering at Axis Communications, and Rodrigue Zbinden, CEO at Morphean, discuss the future of connected, cloud-enabled physical security systems, the business intelligence that can be drawn from them, and the obligation to meet the privacy needs of the general public.

In today’s digital age, connected cloud-based services have become part of the everyday fabric of society. Such is their integration, that we often don’t realise we’re using an AI-enabled device or service - services that send and receive information from data centres thousands of miles away in the blink of an eye.

The world of security and surveillance is also undergoing this process of digital transformation. On their way out are the legacy stand-alone CCTV systems useful only for basic level security and after-the-fact forensic documentation of an event. In their place are the robust, connected systems with built in analytics and audio capabilities, which currently cover transport hubs, warehouses, banks, retail environments and myriad other services and settings.

The general public is now very used to the presence of surveillance in their lives, together with related services that document their whereabouts, such as GPS tracking. In equal measure, news headlines that highlight concerns about the ways in which facial recognition technologies are being used1 are commonplace. There is then a tension between surveillance’s proliferation and the completeness of the debate about the ethics of digital observations.

Cloud potential for improved security

As our general mastery of cloud services and the internet of things (IoT) matures, the cloud offers enormous potential. In the security sector, cloud services make traditional security features more cost-effective and available to all. The nature of the cloud means that today, security vendors can offer modern features such as video analysis and object tracking as-a-service, giving customers the option to pay as they go and avoid large up-front capital investments in onsite technology.

“The data produced from network video surveillance systems is becoming a valuable commodity - essential for informing both security and business strategies, while delivering significant cost savings through the streamlining of related functions.” - Rodrigue Zbinden

These features are also better provisioned from the cloud: not only because the machine learning algorithms that underpin them will be constantly updating, but also because data stored locally can be accessed, removed, destroyed or tampered with in the event of, say, a burglary, much more easily than data held in the cloud. Where local hard drives are routinely wiped and recorded over, video storage in the cloud is functionally infinite and indefinite.

The merging of multiple sources of data into a single view, which cloud makes possible, means that, in addition to forensic analysis of events, real time analysis can be performed on information from connected devices and applications such as video cameras, access control systems and HR records. We are in the early stages of realising the full potential of connected systems, but it means business owners can get an even bigger return on investment from their existing physical security infrastructure by applying technology to solve other challenges.

Utilising intelligence from collected data

The same technologies that can help protect assets and staff can be used to produce real-time business intelligence and find ways to improve efficiency or customer service. Consider a busy high street retail outlet: typically, it will be fitted out with a camera network, monitored by human agents as part of the security team. There will be access control systems on the doors to staff-only areas. The camera and access control network will be separate to the IT network and on a closed local loop. Switching to IP-connected endpoints and a cloud-based analytics platform immediately offers security benefits.

When it comes to protecting staff-only areas, an integrated access control system means that security cameras can use facial recognition to provide a second factor of authentication alongside access cards, allowing entrance only when valid card and image are presented together. Taking it a step further, by allowing access to the HR database or calendaring system, access could be restricted to certain employees at particular times. The system would query attempted access by an individual recorded as being on holiday, or one that had left the company.

Machine learning and AI can already differentiate between behaviours, such as that exhibited by a person standing by an in-store ATM searching for a card, as opposed to someone loitering that might be preparing an attack. Similarly, security teams can be alerted if an individual or group of people appear to be adopting aggressive behaviours. If the human operators aren’t located on site, the same system can issue an automated audio warning over IP-connected speakers.

“The digitalisation of data means that information from a range of connected sources can be collected, analysed, and used to deliver intelligent operational insights.” - Rodrigue Zbinden

There are other advantages that the cloud approach brings for security. For example, new devices only need power - or Power over Ethernet (PoE) - and a WiFi connection to deploy. This means cover for new or temporary sites can be provisioned or turned off quickly and cost-effectively. The same platform that performs the video analysis can be used for device management; keeping technologies up-to-date with the latest security patches, too.

Acting responsibly

As the abilities of cloud-based platforms for physical security improve, it’s right and proper that the debate around ethical use of systems is vigorous and open. What’s most important is that government guidance in the area continues to evolve. The EU’s General Data Protection Regulation (GDPR) is a solid piece of legislation, but it’s not exhaustive in its provisions, and regulators are still developing a feel for where its boundaries lie.

As an industry, we need to be proactive in this debate and demonstrate that we can behave responsibly to protect personal data. Ensuring cloud platforms are GDPR-compliant requires more thought beyond merely placing signs to let people know they are on film. The ability to be transparent and to acknowledge the rights that the general public hold over their data should be factored in, right from the start.

“Security must be at the heart of our shared ambition for a smarter, safer world. It is imperative that every project is approached strategically within specific security standards and frameworks, and implemented with a secure-by-default philosophy.” - Steve Kenny

We can take steps to protect privacy when collecting image data. Business insights are derived from observing patterns in group behaviour, not by identifying individuals in that group, so the storing of an individual’s image is largely unnecessary. Axis has developed an edge solution called Privacy Shield2, which offers real-time masking of video imagery before it is processed. Where facial recognition systems are used, pattern matching should be based on irreversible numerical representations of a face: in other words, facial features are encoded and stored as a hash ready to be matched against live data, not actual photographs of faces.

Perhaps the most promising development along these lines has been the creation, in the UK, of the world’s first voluntary set of standards for surveillance cameras. This was announced by the Surveillance Camera Commission (SCC) in June3, but was drawn up in collaboration with the industry. Right now, the focus is on cybersecurity and ensuring that data transfer and devices are secure by design as default, and that networked cameras are maintained throughout the full life cycle with easy to apply firmware upgrades.

“Axis played a part in the development of the new security standard for surveillance cameras; we welcome it and also look forward to working with the Security Commissioner to take this to the next level in the future.” - Steve Kenny

These steps help to protect public privacy by reducing the risk of data breaches. It’s likely that similar codes will also be drawn up to govern the use of cameras and video footage, too - establishing industry-wide best practices for anonymisation and ethical data collection. Getting this right is fundamental: as the benefits of video-surveillance-as-a-service (VSaaS) become more apparent, and integrators better understand the value that they can offer customers, we will see increased interest and adoption in the area - just as we saw with other business critical functions.

The more widely these systems are adopted, the better the platforms themselves become as the AI and machine learning tools have more data. It’s important not just for vendors to show commitment to ethical principles, but to help educate customers about what to look for in partners. There have been too many abuses of the power of surveillance technology in the past; done right, security technology can help to create a safer workplace, increased business profits and uphold the rights of citizens to privacy in a digital world.





Steven Kenny - Industry Liaison, Architecture & Engineering at Axis Communications
Steven Kenny has spent 15 years in the security sector taking responsibility for key elements of mission critical, high profile projects across several different vertical markets. For the last five years, Steven has focused his attention on how technology can best complement day to day business operations, specifically addressing operational issues and supporting the A&E consultant community across Northern Europe. Steven is the Director of Systems, Information and Cybersecurity for ASIS International - UK Chapter, and is the UK technology advisor for TINYg (Global Terrorist Information Network)

About Axis Communications
Axis enables a smarter and safer world by creating network solutions that provide insights for improving security and new ways of doing business. As the industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, and audio systems. Axis has more than 3,000 dedicated employees in over 50 countries and collaborates with partners worldwide to deliver customer solutions. Founded in 1984, Axis is a Sweden-based company listed on the NASDAQ Stockholm under the ticker AXIS. Axis website 

Rodrigue Zbinden - Founder, CEO and Chairman of the Board, Morphean SA
Rodrigue Zbinden studied at the School of Engineering of Freiburg, where he gained his Bachelor of Engineering in 1999. In September 2000, he co-founded Softcom Technologies SA, a leading Swiss company specialising in service platforms, cloud solutions and mobile applications, and a pioneer in the new 4.0 industry in Switzerland. In 2009, after having obtained an MBA, Rodrigue founded Morphean SA, a spin-off of Softcom Technologies SA, and focused on the development of a very innovative solution for hosted video surveillance while relying on forward thinking concepts such as machine learning, predictive analytics, IoT (Internet of Things) or big data.

About Morphean SA 
Morphean is a Swiss technology company with a strong presence in more than 12 countries worldwide. Founded in 2009 and with over 60 partners across Europe, the secure Morphean platform informs decision making and drives efficiencies for all organisations by generating unique and actionable insights from a multitude of data sources. With expertise across retail, transport & facilities management, among others, the company is recognised as a leader in secure service platform delivery through the use of cloud and AI technologies. The platform helps firms prepare for the future by keeping their ‘Eyes Wide Open’ to the intelligence gathered from a variety of network connected devices.