Why Migrating to Our Latest Platform is Important.

By Feenics Blog, Feenics News No Comments
Moving Forward With Keep By Feenics

If you’re an existing Feenics customer then it’s likely you’ve heard the terms “V2” or “V3”, so what’s the difference and why should you care?

“V2” is the second iteration of the Keep by Feenics Platform (we don’t talk about V1) which uses a SQL back end and provides the user access through a Microsoft Silverlight web application… typically through a web browser. If you’re logging into your Keep by Feenics Solution by typing “myname.feenicshosting.com” into a browser, this article was written for you.

So why does Feenics want you to move to their latest “V3” platform? During the architecting of this platform we made the strategic choice of moving to a NoSQL database called MongoDB, this was primarily due to its efficiency and scalability. We also decided to make not just one, but three user interfaces that allow users to choose between Web, Windows, or a Mobile experience. Our team is also hard at work expanding and developing new Integrations as we evolve with our customers.

Those GUIs, Integrations, along with a number features are the sizzle that your sales rep would love to demonstrate to you…. and for some of our more technical users, there are a few things our Engineers would hope you can appreciate.

The V3 platform has been architected to offer a superior cloud product by leveraging Amazon Web Services. Using their robust and proven infrastructure Feenics provides near infinite scalability, crucial data encryption, and is able to deploy servers to bolster load balancers in a matter of seconds. Feenics has also invested considerably in our V3 RESTful API which unifies all applications, integrations, and custom projects. This makes life much better for all consumers of the platform.

What You Should Take Away From This Article
  1. Our new platform is amazing
  2. There’s a 90% chance you’ll be grandfathered in
  3. More Apps & Features
  4. More Power & Security
  5. More Reliability

If you’d like additional information feel free to reach us by emailing sales@feenics.com (Sizzle) or support@feenics.com (Steak).

Feenics Looking to Expand Development Team

By Feenics Blog No Comments

We are pleased to announce that we are looking to expand our Development team at Feenics HQ in Ottawa, Canada.  Feenics is looking for a full-time, entry level software developer that is fluent or familiar with C#, XAML, HTML5, Angular and Ionic.  Applicant must have a Bachelors or Associates Degree in Computer Science or a related field.  For more details, please check out our job posting here!

Feenics Achieves CA Veracode Verified Status

By Feenics Blog No Comments

OTTAWA, Ontario – May 7, 2018 – Today Feenics announced that it participated in CA Technology’s Veracode, Verified program over the past 10 months, a stringent process that validates a company’s secure software development procedures, and has received the seal of Verified by Veracode.  With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers Feenics to demonstrate its commitment to creating secure software.

When purchasing software, customers and prospects are demanding to understand how secure the software is. As part of CA Veracode Verified, Feenics can now demonstrate through a seal and provide an attestation letter from an industry leader that the application has undergone security testing as part of the development practice. Additionally, participating in the program ensures that our software meets a high standard of application security, reducing risk for the customer.

Organizations that had their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

  • Assesses first-party code with static analysis
  • Documents that the application does not allow Very High flaws in first-party code
  • Provides developers with remediation guidance when new flaws are introduced

Keep’s RESTful API scanned by Veracode in becoming Verified

The Keep API provides the developer with programmatic access to all the functionality of a deployed physical access control solution.  From adding cardholders, to adjusting door schedules, modifying access levels or querying for hardware status, all activities are programmable through this unified, RESTful API.
In addition to the stateless HTTPS protocol the API service also offers a live stream of events over a web-socket connection.  This stream of events can be used for live alarm monitoring, real time data analysis and threat detection.
The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238).

“Feenics is committed to delivering secure code to help organizations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software,” said Asha May, CA Veracode.

Denis Hebert, President of Feenics, stated that “third party review and audit within our software development lifecycle is an essential part of the vulnerability assessment process, ensuring that Feenics does everything possible to mitigate cyber risk for our users.”

“As breaches become more prevalent, the electronic security industry has a responsibility to take every possible step to guard against potential threats that may be caused by weaknesses within its API.  While quality assurances (QA) are steps that all manufacturers should take before release of any solution or additional functionality, Feenics believed it needed to take additional precautions – such taking part in and being compliant with Veracode’s Verified program – to validate our solution, Keep, from those potential threats,” said Paul DiPeso, Executive Vice President, Feenics.

About Feenics*
Keep by Feenics™ is the industry’s most secure, on premise or cloud-hosted, integrated access control and security management solutions. Featuring two-factor authentication, TLS encrypted field hardware and a secure SSL connection, Keep provides the end user with powerful features, using an easy to navigate user interface (UI) accessible via computer, tablet or smartphone. As a hosted platform, Keep reduces the total cost of ownership (TCO) by eliminating servers and appliances, while the UI is accessible anywhere there is an internet connection, providing peace of mind with full disaster recovery and redundancy. Designed by a leading industry integrator and innovator specifically for the systems integration and value-added reseller markets, Keep’s modular design scales from a single site to an enterprise environment. Keep monitors real-time events and pushes alarm or manual notifications out via email or SMS; locks down doors with a single click; creates badges; and integrates with leading providers of intrusion, video, wireless locks and accessories.
*All brand and company/product names are trademarks or registered trademarks of Feenics, all rights reserved.

Cloud Mobility & Convenience

By Feenics Blog No Comments

It is an experience we’ve all been through dozens of times. There is a new app out for our mobile phone, it could be for our latest credit card, our bank, hotel rewards program, email, or just the weather. We download it, enter a username and password, agree to the terms and maybe fill out a few more fields.

So, when we see a demo for that new access control and security management platform, we are shown the “mobile app” and think that the user experience will be no different. We are lead to believe that it will work from anywhere. That if I’m home and I get the call that someone needs to be let in the door, or they lost their badge and I’ll simply open the app, deactivate the badge or open the door. Unfortunately, when the customer has a legacy on premises system, they learn that their “mobile app” doesn’t work when they need it the most.

This can be the case whether the legacy system is a standard windows server, embedded appliance or a simple low cost system all in one panel based system.  What isn’t articulated well in the product demonstration and selection process is that it is not a true mobile app out of the box.  In order for the “mobile app” to be truly mobile and work on any network, anywhere in the world there is a large burden that will require IT support to be done properly.  It may require setting up a cumbersome VPN connection for the app to work off network or configuring a web server and opening the right ports in the fire wall in able to connect to the server that sits inside the building.  All of this leads to more system cost, maintenance and security vulnerabilities.

That experience is the exact opposite of the true mobile apps that we all consume in our daily lives.  This is due to the delivery mechanisms built into cloud platforms.  The ease of use that we have come to expect from most mobile apps is what Feenics provides out of the box.  Feenics was built on the AWS cloud and provides an experience that customers and consumers have come to expect.

Finally tying convenience and mobility together should be a strong cyber security stance.  Mobile apps should be secure by design.  They should not require customers and consumers to go through steps in order to make the product work securely.  Encryption should be default and there should be no option to turn it off.  There should be no port forwarding or inbound ports in use or again IT will have security headaches to deal with.  Feenics provides a secure mobile app that performs without requiring any hassle on the part of our customers just as it should be.

Feenics is pleased to announce our partnership with OpenEye to offer Cloud Managed Video and Access Control Integration

By Feenics Blog No Comments

Liberty Lake, WASH – OpenEye, a leading provider of cloud managed video surveillance solutions, announces the integration of OpenEye Web Services (OWS) with the Keep platform, by Feenics.  The completion of this integration marks the kickoff of a strategic technology partnership between the two companies to deliver mutual clients a fully integrated cloud managed access control and video platform.

Keep, by Feenics, is an enterprise accss control platform delivered as a service through a combination of onsite hardware, cloud services, and a highly portable client user interface.  In a traditional video integration, Keep would connect to the unique IP address of each integrated recorder, whenever a user requested video associated with an access control event.  The success of this connection depends upon the network configuration where the recorder is located.  OWS integration eliminates this dependency as video requests from Keep are made against a single point of connectivity in the cloud.  Viewing video in Keep over the WAN no longer requires a VPN connection, port forwarding, DDNS, or opening inbound ports on the local network firewall.

“This type of cloud-to-cloud integration represents the future of access control and video integrations in our industry,” says Denis Hébert, President of Feenics.  “The benefits from a simplicity, reliability, and cyber security perspective are highly compelling.”

“Our clients have been clamoring for integration with an access partner whose architecture best reflects the key benefits of the OWS platform,” says Rick Sheppard, CEO of OpenEye.  “Feenics’ cloud architecture and full-fledged commitment to cyber security make them an ideal technology partner.”

About OpenEye

OpenEye is an innovator in the design and development of cloud-centric software solutions for video management, business intelligence, and loss prevention. All OpenEye Web Services platform software is developed in Liberty Lake, Washington and many of OpenEye’s products are made in America.  With OpenEye, there is more to be seen.

About Feenics

Feenics is paving the way for the future of physical security with innovative cloud-based access control solutions developed by security industry veterans.   We make it possible for organizations to systemically secure buildings, doors and assets with the only true access control as a service solution (ACaaS) built specifically for and hosted in the public cloud. Feenics works with leading access control manufacturers and integration partners to deliver the most robust solutions for secure, connected environments in the industry.  Customers include enterprise organizations, educational institutions, government agencies and other organizations seeking to leverage the power of ACaaS today and into the future.

Learn more about this integration.

Cloud Computing Tackles Emerging Cyber Threats

By Feenics Blog, Feenics News No Comments

Cyber threats and ransomware attacks are no match for cloud computing design-built from the ground up for information technology security. In physical security, particularly access control, the history of hacking formerly focused solely on stopping unauthorized users from duplicating or cloning information housed on cards and other devices. Now, it’s all about stopping criminals from gaining access to or attacking a customer’s network and its data through vulnerabilities in their physical security systems…

Read More

Top 5 Fears of Cloud Computing

By Feenics Blog No Comments
The stage is set. Cloud computing continues to rise in deployments, with users citing economic advantages, speed, agility, flexibility, elasticity and ongoing innovation.
We’re entering the realm of “everything as a service” and that includes physical security provided by Cloud-hosted security management systems (SMS). Systems integrators who can successfully adopt and offer Cloud-hosted security and access control solutions will find themselves well-positioned for the future — with the ability to deliver a wide range of managed and remote services to vertical market customers — while boosting the overall value of their company in the process with sustainable recurring monthly revenue (RMR).

Research by Gartner predicts a substantial shift in information technology spending from traditional hardware and software to Cloud computing over the next five years, with that transfer set to total $1 trillion, according to the firm’s July 2016 findings.

The Cloud has been used for nearly a decade or more in banking and financial processes but one of the biggest objections still hindering full adoption may be an ongoing concern of data security and integrity. As such, there’s a necessary education process for both systems integrators and the end user customer to understand why Cloud-hosting is inherently safe, being “purpose built” for physical security communications and data exchange.
What fears are most commonly voiced by customers and prospects when it comes to Cloud-hosted SMS? Do you know how to address objections by potential clients? Here are the top five fears you may hear from prospects and the information you need to know to dispel lingering doubts.

1. The Cloud’s data may be easily compromised
Nothing is further than the truth. In fact, the Cloud is actually safer than non-hosted environments and its software programs have been specifically engineered for safe data transmissions for the physical security environment. Using the Cloud for access control and physical security management actually equates to heightened cyber and threat protection as opposed to traditional legacy, on-premises server systems.

With Cloud-hosted systems, a multi-layered design brings together data security and data access with added safeguards. A security management system designed from the ground up as a Cloud-based product begins first and foremost with software security. Hosted systems can follow what Microsoft refers to as SD3+C: Secure by Design, Secure by Default and Secure in Deployment in Communications. In addition, encryption further protects the transmission of data between the client and the Cloud-based server using modern Secure Sockets Layer (SSL) and is something by default that most Cloud-based solutions provide. SSL is a standard security technology for establishing an encrypted link between a server and a client. SSL encryption, 2048 bit, secures the data connection as opposed to easily hacked Open SSL protocols.

In addition, the most secure Cloud-hosted access control systems also utilize IP Client. Systems with IP Client use outbound ports at the user’s site instead of inbound ports, which greatly reduces the risk of security breaches and data compromise. With IP Client, the IT staff does not have to enable any inbound network ports or set up port forwarding. This helps keep the network secure and lowers the management workload on IT.

Finally, some hardware providers enable Transport Layer Security (TLS) encryption which allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In Cloud hosting, manufacturers auto-negotiate the TLS encryption with the controller boards as they initiate contact with the server.

2. Passwords make Cloud-hosting vulnerable
That’s definitely true — when it comes to non-hosted solutions. Passwords can be guessed, recycled or written down and all these factors could compromise the security of an access control system. However, secure, Cloud-hosted solutions don’t use default user names and passwords. Instead each hosted system is issued a unique password and can also provide additional security with two-factor authentication which can be attached to the log-in credentials of any user for an added layer of security. With two-factor authentication user accounts are linked with a second source of verification, i.e. Google authenticator, which generates a code based on a timer or counter. Users must provide this code upon entering their user name and password, which means a perpetrator would need three things in order to access the system: user name, password and access to open the device which generates the two-factor authentication code.

3. Management of Cloud software takes an IT tech
Quite the contrary: once it’s set up, no additional work has to be done. A SaaS access control solution can automatically eliminate the threat of the user losing data due to negligence or being too busy to regularly backup the database. An SMS hosted in the Cloud provides regular, automatic upgrades, daily database backups and full redundancy, eliminating the risk of having all data stored on site.

A reliable product will also provide multi-layered redundancy, meaning that multiple “write” transactions are provided. If the primary database goes down that data would exist at another location and brought back online. A second layer would be point-in-time recovery. This allows the user to restore or recover data or a particular setting from a time in the past, including history reports and recent access control transactions. If the user accidentally deletes records it only takes a quick tech support call to revert the system back to a time point before the error happened.

4. Cloud hosted systems don’t readily scale and can’t integrate legacy components
The Cloud actually provides greater flexibility and scalability of applications, and that equates to better business agility. These solutions offer a more convenient route for both small-to-medium businesses as well as enterprise customers who don’t have to go through the complexity of designing and deploying an on-premises server system.

With off-site hosting, there are no servers or appliances necessary at the customer site. This saves time and money and allows customers to future proof themselves from obsolete technology. In addition, Cloud-based SMS systems offer nearly infinite scalability, from smaller systems to large national/enterprise accounts. Cloud-hosted access control is in most cases a platform that can grow to an infinite number of access points, limited only by the controller’s hardware specifications.

Finally, with legacy equipment and Cloud-hosted solutions, the user isn’t forced into a total rip and replace. Cloud-hosted access control systems are most often hardware agnostic and can be configured for communication with many legacy devices already on site.

5. End users will balk at the price tag
Cloud-hosted solutions actually offer a lower total cost of ownership over the life of the solution. Most users don’t consider the true cost of an on-premises system which includes servers, racks, power and cooling costs, labour hours by the IT staff, operating system updates, firewall configurations, necessary VMware, etc. All these little nuances add up big.

In addition, with offsite Cloud hosting customers don’t need a dedicated IT person to administer programs and configure operating systems, databases and applications. These expenses and ongoing maintenance are alleviated as they are handled by data centres in the Cloud. Users also have access to all software functionality housed in the Cloud and can select the portions they want to manage, such as badge creation and decommissioning of access control permissions. They have choices: the option of having the systems integrator manage the solution, or, administer the system themselves with their choice of connected device, including desktop, laptop, tablet or smartphone. Integrators get the bonus of managed services, which allows them to perform maintenance and service remotely, which equals lower costs for users as opposed to paying for a service call or onsite visit. And, as a tiered solution, customers can expand without costly jumps from entry level to enterprise solutions.

Finally, users will be attracted to the possibility of being able to budget effectively with Cloud-hosted services, which move physical security from a large initial capital outlay or capital expense to an operating expense which can be planned and budgeted for easily.

Today’s systems integration is all about delivering service. And there’s no better way to deliver service in a highly flexible and scalable environment than Cloud-hosting. Cloud hosting for physical security and access control management is a sophisticated, yet user-friendly solution that provides tangible benefits to both systems integrators and end users. The challenge lies in understanding the technology and what it can do and conveying benefits to the customer.

by Brian Matthews-Director of Sales at Feenics, Inc.

Feenics Heads to PSA-TEC 2017 with Award-Winning Cloud-Hosted Access Control Platform Designed for Large Enterprises

By Feenics Blog No Comments

Westminster, Colo.— PSA-TECMay 7-11, 2017—Feenics Inc., a leading provider of cloud-hosted access control and a PSA Security Network Vendor will participate in PSA-TEC 2017, May 7-11 in Westminster, Colo., drawing on the momentum from recent security industry accolades and educating systems integrators on the advantages of flexible and scalable cloud-computing solutions.

Feenics launched its enterprise Keep by Feenics platform earlier this year, winning the prestigious Security Industry Association New Product Showcase (NPS) award in cloud computing and a Most Valuable Product (MVP) accolade. The newest version of Keep V3 provides extreme scalability, unprecedented flexibility and advanced security in a cloud-based Access Control as a Service (ACaaS) solution. Keep V3 integrates native visitor management and a RESTful API that allows systems installers simple integration of a wide array of complementary systems and open hardware devices, generating new revenue streams while creating a path for customers to lower their total cost of system ownership. Feenics will demonstrate Keep during exhibit hours on Wednesday, May 10 at stand A29.

View Full Release