Alcatraz AI is offering web-based mobile enrollment and privacy consent management to optimize the onboarding process for its facial recognition building security system. Credit: Thinkstock Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration.The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors to register remotely and securely through their own mobile devices and tablets, according to Blaine Fredrick, vice president of products at Alcatraz AI.The updated privacy consent management process is designed to offer an opt-in choice via mobile devices, allowing Alcatraz’s enterprise customers to inform end users about the usage and management of their personal data, which they can choose to accept or decline. With the two new enhancements to the Rock, Alcatraz AI expects to reduce the overall cost and complexity of the enrollment process and also enable corporate compliance with privacy laws such as the EU’s General Data Protection Act (GDPR), the US’ Biometric Information Privacy Act (BIPA), and India’s Central Consumer Protection Authority (CCPA) guidelines. The system has been designed to initiate enrollments by sending QR codes and links directly from the security teams at organizations that have installed the Rock system, using multifactor authentication, including via emails, to reconfirm access, according to Blaine.Mobile enrollment raises security concernsEnabling distributed access with the mobile enrollment feature, however, may raise concerns about malicious attempts to impersonate valid visitors, said Michael Sampson, an analyst at Osterman Research. “There are definitely security concerns if they are relying on the future employee’s personal mobile device and personal email address (to which a a link or QR code is sent),” said Sampson. “If the future employee’s email account had been compromised through phishing or other credential compromise avenues, then it is possible that a threat actor could enroll as the employee and gain building access. There’s a few hoops they’d have to jump through, but there are weaknesses in the security chain when personal devices and personal addresses are utilized.”Otherwise, Alcatraz AI’s new privacy consent management capability is expected to allow for transparency in the usage of user data.“The privacy consent is a good angle, and an essential one. There’s lots to get right in that, including the process for revoking consent and providing optics to the employee on where their biometric data is being processed,” Sampson said.The Rock features a range of compliance and security tools, including real-time event log monitoring, customizable data retention schedules, and hard data deletes.The new mobile enrollment and privacy consent management features will be generally available in the second quarter of 2023 to all Alcatraz AI customers using the cloud-based version of the Rock. The company did not immediately specify whether the new features will be rolled out to the on-premises version of the product. Related content news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe