Gustavo Gassmann, VP of Emerging Markets, Physical Access Control at HID, explained how HID showcased cyber-hardened access control innovations at Intersec Saudi Arabia 2025, emphasizing zero-trust, mobile-first security, and regional compliance to support digital transformation across emerging markets.
In an era of escalating cyber-physical threats, how is HID ensuring that your access control innovations are resilient against advanced cyberattacks, especially in emerging markets?
At HID, we approach cyber-physical security with a “security by design” philosophy, ensuring that cybersecurity is embedded into every stage of product development rather than added as an afterthought. Our biometric readers, intelligent controllers, and mobile credentialing platforms are all designed and built with advanced safeguards including end-to-end encryption, secure element storage, and multi-factor authentication to prevent unauthorized access and tampering.
In emerging markets, where organizations are rapidly modernizing infrastructure, the stakes are especially high. Our solutions undergo rigorous testing and vulnerability assessments aligned with global standards including OSDP (Open Supervised Device Protocol), which was developed by HID to strengthen communication protocols and protect critical data collected through PACS. In 2020, we donated OSDP to the Security Industry Association and we are proud to say that it became an International Electrotechnical Commission standard that same year.
With mobile credentials, we leverage the security architectures of Apple and Google ecosystems to ensure strong encryption and biometric authentication. This significantly reduces reliance on legacy technologies susceptible to cloning or interception. Moreover, our commitment to zero-trust architecture ensures that every access point is continuously verified, minimizing vulnerabilities.
Ultimately, our goal is to deliver future-ready, cyber-hardened access control systems that protect people, assets, and data, providing organizations across emerging markets with the confidence to embrace digital transformation without compromising security.
Given your global footprint, how do you balance regional regulatory and data privacy requirements when deploying a unified physical access control platform?
HID operates in more than 100 countries, each with its own regulatory environment. Our approach is to develop globally consistent platforms with the flexibility to adapt to local privacy, data residency, and cybersecurity requirements – from Saudi Arabia’s PDPL to GDPR in Europe and evolving GCC standards.
For instance, our controllers and readers are designed with role-based access controls, data minimization practices, and local encryption options, ensuring sensitive identity information remains protected and, where required, stored within regional jurisdictions. A key example of this commitment is our HID Amico Biometric Facial Recognition Readers. Now available in Saudi Arabia, these readers offer fast, secure, and contactless access, with color LCD display options that are perfect for organizations with high-traffic environments. Designed with the highest standards of security and privacy, HID Amico complies with industry best practices and regulatory mandates by allowing biometric data to be stored on the user’s credential rather than in a centralized database. This is big step in supporting data sovereignty requirements in markets like KSA.
We also collaborate closely with local regulators and system integrators to ensure compliance with ISO/IEC 27001 and SOC 2 frameworks while maintaining interoperability across global deployments. This enables organizations to implement unified, scalable access control systems while respecting local regulations. In short, our platform architecture balances global innovation with local accountability, allowing enterprises to achieve consistent security postures across borders without compromising compliance, privacy, or operational efficiency.
Could you explain how HID’s mobile-first credentialing solutions help reduce attack surfaces compared to legacy card-based systems, especially in high-risk sectors like energy or critical infrastructure?
Mobile-first credentialing, epitomized by HID Mobile Access, fundamentally shrinks the attack surface by eliminating several vulnerabilities inherent in legacy card-based systems. This is critical in high-risk sectors like energy, healthcare, and finance.
Legacy cards pose two primary risks: easy cloning and poor management. Meaning that physical cards can be easily copied, lost, or shared. Our mobile credentials are tied to the secure element of a personal device and secured by the device’s operating system, making them virtually impossible to clone.
Furthermore, a mobile-first solution enables centralized lifecycle management. If an employee loses their phone or leaves the company, the credential can be instantly revoked remotely, eliminating the window of vulnerability that occurs when waiting for a lost physical card to be reported and cancelled. Integration with Apple Wallet and Google Wallet further ensures compliance with enterprise mobility management policies and supports remote workforce models. This instant control and superior encryption reduces both the physical risk of unauthorized access and the digital risk of credential compromise, creating a more robust defense system for organizations.
What role does threat intelligence, audit telemetry, or anomaly detection play in HID’s controller and reader ecosystems to proactively identify and respond to insider threats or lateral movement?
Today’s threat landscape demands not just perimeter defense, but continuous monitoring and real-time intelligence to detect and mitigate risks before they escalate. HID’s next-generation controllers and readers are designed with built-in telemetry, event logging, and integration hooks for advanced security analytics platforms.
For example, through our Aero and Signo platforms, we enable telemetry streams that capture data such as who accessed what, when, and how. This data feeds into Security Information and Event Management (SIEM) platforms, allowing organizations to correlate access anomalies with broader threat indicators. We also support Open Supervised Device Protocol (OSDP) Secure Channel and encrypted credential exchanges to prevent spoofing and credential replay attacks. When paired with behavioral analytics, our systems can flag deviations like unusual access times, repeated failed attempts, or credential use across different locations – all of which may signal insider activity.
In emerging markets, where infrastructure and threat maturity vary, we emphasize modular integration and proactive alerting. Our goal is to empower security teams with actionable insights, not just logs. HID’s access control isn’t just about keeping doors locked; it’s about unlocking intelligence to stay ahead of threats.
As organizations in Saudi Arabia and globally adopt zero-trust principles, how is HID evolving its access control architectures to support network segmentation, minimum privilege, and contextual access based on identity and behavior?
Zero Trust has shifted the security paradigm from “trust but verify” to “never trust, always verify,” and HID is fully aligned with this approach. Our access control architectures now integrate identity-first security principles with contextual, risk-based access decisions for both physical and digital environments.
For example, our systems support dynamic access provisioning based on user identity, role, location, time of day, and even behavioral analytics. This ensures employees, contractors, or visitors only receive the minimum necessary access for the specific task or timeframe, reducing exposure to lateral movement within sensitive environments. Additionally, network segmentation is reinforced by integrating physical access events with IT security policies. If anomalous behavior is detected, such as a badge being used in two geographically distant locations within minutes, access can be automatically restricted pending verification.
We also leverage standards like OSDP Secure Channel and strong encryption protocols to maintain secure device-to-controller communications, preventing credential interception or relay attacks. By combining Zero Trust principles with interoperable, cyber-hardened architectures, HID enables organizations worldwide to unify cyber and physical security under a single, identity-centric framework that scales with modern risk environments.
What are your key objectives of participation at Intersec Saudi Arabia 2025, and how will the event help advance your strategic goals for growth and innovation in the Middle East and Africa?
Intersec Saudi Arabia is a strategic platform for us to engage with our partners, customers, and policymakers, driving the region’s digital transformation. During the event, we highlighted innovations such as HID Mobile Access, biometric authentication, and intelligent controllers, which are enabling the shift toward digital-first, cyber-physical security convergence. Beyond showcasing our latest solutions, the event helped us expand our partner ecosystem, strengthen our footprint in high-growth markets, and align our roadmap with regional priorities – from smart cities to data protection.