Alcatraz AI is offering web-based mobile enrollment and privacy consent management to optimize the onboarding process for its facial recognition building security system. Credit: Thinkstock Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration.The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors to register remotely and securely through their own mobile devices and tablets, according to Blaine Fredrick, vice president of products at Alcatraz AI.The updated privacy consent management process is designed to offer an opt-in choice via mobile devices, allowing Alcatraz’s enterprise customers to inform end users about the usage and management of their personal data, which they can choose to accept or decline. With the two new enhancements to the Rock, Alcatraz AI expects to reduce the overall cost and complexity of the enrollment process and also enable corporate compliance with privacy laws such as the EU’s General Data Protection Act (GDPR), the US’ Biometric Information Privacy Act (BIPA), and India’s Central Consumer Protection Authority (CCPA) guidelines. The system has been designed to initiate enrollments by sending QR codes and links directly from the security teams at organizations that have installed the Rock system, using multifactor authentication, including via emails, to reconfirm access, according to Blaine.Mobile enrollment raises security concernsEnabling distributed access with the mobile enrollment feature, however, may raise concerns about malicious attempts to impersonate valid visitors, said Michael Sampson, an analyst at Osterman Research. “There are definitely security concerns if they are relying on the future employee’s personal mobile device and personal email address (to which a a link or QR code is sent),” said Sampson. “If the future employee’s email account had been compromised through phishing or other credential compromise avenues, then it is possible that a threat actor could enroll as the employee and gain building access. There’s a few hoops they’d have to jump through, but there are weaknesses in the security chain when personal devices and personal addresses are utilized.”Otherwise, Alcatraz AI’s new privacy consent management capability is expected to allow for transparency in the usage of user data.“The privacy consent is a good angle, and an essential one. There’s lots to get right in that, including the process for revoking consent and providing optics to the employee on where their biometric data is being processed,” Sampson said.The Rock features a range of compliance and security tools, including real-time event log monitoring, customizable data retention schedules, and hard data deletes.The new mobile enrollment and privacy consent management features will be generally available in the second quarter of 2023 to all Alcatraz AI customers using the cloud-based version of the Rock. The company did not immediately specify whether the new features will be rolled out to the on-premises version of the product. Related content news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe