Genetec CEO Pierre Racz Rails Against Conformity, Cyber Threats During Train Ride

Genetec’s headquarters in Montreal.

You have to allow for a lot of variables. It must be challenging to conceptualize them all.

Racz: We have a very creative bunch, and one-third of my time is spent on strategic human resources. That is the succession plan. Not that I’m planning to leave my post, but let’s say that something happens to me. Most people will not notice because I have creative people that are young creative engineers that are actually now powering our nine product groups. This creative process is going to go on. Also in terms of the other running the business efficiently, I have a whole other good group of young leaders that are actually focused on that. We can handle that complexity.

Stuff that is more worrisome is there is unsafe equipment being brought in from Asia and put into sensitive parts of our critical infrastructure. This concerns me greatly. We are building stuff into our software to try to compensate for that, but ultimately, it’s part of the system architecture and if we’re not involved to influence the architecture to make sure we isolate components that are of untrustworthy sources, there’s nothing I can do. Our infrastructure will be vulnerable.

You have to not only safeguard against things coming in, but also against something that might already be in there.

Racz: Right. It’s known in security that protecting the per
imeter is no longer sufficient. With “bring your own devices,” people are just bringing in all kinds of stuff into your network, and some of it is actually crap. But worse than that are purchasing people, when they’re buying cheap stuff, and they don’t care or are not conscious of what kind of vulnerabilities they might be bringing into the system. If they make the decision solely based on price, they’re exposing themselves. Maybe there’s some locations we don’t care about. Maybe someone might not care that a denial of service attack could be done on a school. But there are other critical infrastructures, like a denial of service on our financial system or our transportation system, which would cripple our economy. This is of concern.

What safeguards are Genetec employing to assure cybersecurity?

Racz: It’s the three Ps: people, product and process. In terms of product, for the last four years we’ve implemented the Microsoft SDL. We have a security development lifecycle which lets us identify attacks on our software. And we make sure our senior engineers examine the code to make sure we don’t make any exploitable software flaws. We don’t leave any flaws there. In terms of people, we’ve done a lot of education. We just came off of our development summit last week and Gary McGraw was one of the speakers. For two days he was teaching the engineers about thinking about security and architectures and known flaws.

If I just go back to process, we’ve also done penetration tests to make sure the white hat hackers cannot get into our system. Our vulnerability is the edge devices, so we’re working with friendly edge device companies to harden the communications between them so everything could be done with certificates. We can authenticate both ends of the communication. We have the certificate update servers and crypto up the wazoo. We are also getting certified. We’ll be certified ISO 2701 by mid-summer and we also are working with HIPAA and other organizations as well to assure compliancy.

If you look at our own employee badges, that is part of our PCI compliance. Everyone at Genetec has to wear a badge with a photo ID, even though that’s sort of a bit out of the norm for Canada. But it’s so we can be PCI compliant. We take this extremely seriously. The availability of your system can be either compromised by the environment or by malicious users, so we’re safeguarding against both. In our software we’re trying to be “fail safe,” so if someone misconfigures a system they actually have to do extra work to make it unsafe. For example, we don’t automatically fall back onto basic authentication.

There’s been a lot of consolidation and deals going on lately in the market. What is your perspective, and how does that impact Genetec?

Racz: There’s three ways to grow. It’s either by selling, acquiring or making joint ventures. We are not for sale. But we are doing joint ventures with large players out there. Already we’re on a very good growth path. We have solid cash flow, so access to cash is not what’s affecting our growth. And we are seeing out there that the weaker players are folding. They’re selling, and when they sell this is the death knell of innovation. I can refer you to a Stanford paper on how when nonorganic financial events occur, innovation drops by a minimum of 40%. So we’re known for innovation. We’re creating joint ventures with companies that will give us a good advantage so we’ll be here for the long run, and we can do it without actually having to take a hit on innovation. It’s sad to see some of those players go but there’s some players that are actually good to see go!

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

Rapid Response Monitoring Announces Project Management Office Manager

Allied Universal Named to Newsweek List of America’s Greatest Workplaces for Diversity

Cancel/Abort Can Increase Risks to Unsuspecting Alarm System Subscribers

Cobalt Service Partners Announces Acquisitions of Four Security Companies