Alcatraz AI is offering web-based mobile enrollment and privacy consent management to optimize the onboarding process for its facial recognition building security system. Credit: Thinkstock Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration.The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors to register remotely and securely through their own mobile devices and tablets, according to Blaine Fredrick, vice president of products at Alcatraz AI.The updated privacy consent management process is designed to offer an opt-in choice via mobile devices, allowing Alcatraz’s enterprise customers to inform end users about the usage and management of their personal data, which they can choose to accept or decline. With the two new enhancements to the Rock, Alcatraz AI expects to reduce the overall cost and complexity of the enrollment process and also enable corporate compliance with privacy laws such as the EU’s General Data Protection Act (GDPR), the US’ Biometric Information Privacy Act (BIPA), and India’s Central Consumer Protection Authority (CCPA) guidelines. The system has been designed to initiate enrollments by sending QR codes and links directly from the security teams at organizations that have installed the Rock system, using multifactor authentication, including via emails, to reconfirm access, according to Blaine.Mobile enrollment raises security concernsEnabling distributed access with the mobile enrollment feature, however, may raise concerns about malicious attempts to impersonate valid visitors, said Michael Sampson, an analyst at Osterman Research. “There are definitely security concerns if they are relying on the future employee’s personal mobile device and personal email address (to which a a link or QR code is sent),” said Sampson. “If the future employee’s email account had been compromised through phishing or other credential compromise avenues, then it is possible that a threat actor could enroll as the employee and gain building access. There’s a few hoops they’d have to jump through, but there are weaknesses in the security chain when personal devices and personal addresses are utilized.”Otherwise, Alcatraz AI’s new privacy consent management capability is expected to allow for transparency in the usage of user data.“The privacy consent is a good angle, and an essential one. There’s lots to get right in that, including the process for revoking consent and providing optics to the employee on where their biometric data is being processed,” Sampson said. The Rock features a range of compliance and security tools, including real-time event log monitoring, customizable data retention schedules, and hard data deletes.The new mobile enrollment and privacy consent management features will be generally available in the second quarter of 2023 to all Alcatraz AI customers using the cloud-based version of the Rock. The company did not immediately specify whether the new features will be rolled out to the on-premises version of the product. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe