5 workplace security questions for Seagate’s Head of Global Trust and Security

The security of our customer’s workplaces, employees, and their visitors is Envoy’s number one priority. Through the lens of the IT, facilities, and security experts doing this work, our new blog series, Safe Spaces, Secure Places, explores the many ways today’s workplaces protect their data, people, and physical spaces.

The first blog in our Safe Spaces, Secure Places series features a Q&A with Brandon Gregg, Seagate’s Head of Global Trust and Security, and focuses on why physical workplace security matters.

Overseeing 400 security employees and contractors that work around the clock to protect customer data, Brandon Gregg, Seagate’s Head of Global Trust and Security, doesn’t take workplace security lightly.

In addition to maintaining workplace security for Seagate, with over 250,000 Seagate products made each day, there is a lot at stake in every aspect of the business––and to protect. Among the risks? “We have bad actors that want access to our firmware, people hijacking our products across the globe and others who try to counterfeit our drives and then attempt to resell them with malware.” 

How workplace security protects Seagate’s products

Sound daunting? According to Gregg, this doesn’t even scratch the surface. What’s more, Seagate products ship by plane, train, and boat across the globe. Those shipments can be held up at customs on the loading dock––to the tune of nine extra days––if Seagate fails CTPAT. That’s a voluntary security program much like TSA Pre-Check that allows companies to complete a supply chain security profile and expedite the product customs process.

Part of this profile includes proving that Seagate’s physical locations are secure. Having a security-focused visitor management system currently in use at 58 of Seagate’s locations helps Seagate avoid physical search and investigation of shipping containers and keeps costs down, a win-win in Gregg’s world. 

All of this (and so much more) is all in a day’s work for Gregg. What else goes on in the life of a Head of Global Trust and Security for a company whose products protect data security in workplaces everywhere? Between facilitating goal alignment between IT and facilities departments to building security awareness campaigns, Gregg describes his work as “something different every day, like solving puzzles.”

How do you champion workplace security at Seagate, and what was the journey like researching and deciding on a visitor management system for the company?

BG: Before I started over 20 years ago, we created our own in-house visitor management system. It worked well, but looked outdated. We started getting complaints about the look and feel. I came across Envoy on ProductHunt.com. I hated myself for not inventing it!

What intrigued me about Envoy was the ability to connect to webhooks. I like the flexibility of the product. With the Everbridge integration, for example, the workplace will be notified by email or message about an emergency. We are able to connect Everbridge to our Envoy visitor management system so that when our visitors are here, our visitors get the same notification our employees do. From an active shooter to extreme weather, mass notification is now possible for everyone on site. 

When we talked to other vendors and demoed other systems we couldn’t do that either. We also use Knightscope, security guards that are robots. They have all sorts of sensors. We are looking at how we can integrate with robots. We couldn’t do that with other products. 

What I like about Envoy is that I knew you would roll with us, you’re agile, and a lot more open than your competitors. Envoy helps us maintain strict adherence to GDPR compliance standards, too. When researching products: If they don’t have an open API or allow webhooks, I won’t touch them. 

One piggy-backer [an unauthorized visitor entering at the same time as an authorized one] could make a huge customer stop buying our products due to supply chain security concerns. Look at the recent cybersecurity incident at Supermicro as an example. People will not trust our product otherwise.

On the ground level, what does this look like?

BG: I try to tell real stories from the news or even from past experiences. We do training programs, awareness campaigns, and ‘lunch and learns’. I don’t want to cry wolf or sound paranoid, but prepared.

We’ve put up banners that encourage the ‘if you see something, say something’ mantra. We have digital posters, physical posters, and also run our ethics helpline, where employees can share anonymous tips. 

“Now, our receptionist doesn’t have to know what a fake ID looks like. People used to circumvent the sign-in system by changing their name and spelling it differently. Now, with Envoy ID scanning, we have a rule that you can’t visit more than three times without scanning your ID.”

–Brandon Gregg, Head of Global Trust and Security, Seagate

What metrics are important to you in terms of success?

BG: Number of visitors, missing-in-transits, hijackings, investigations, and warranty returns (due to counterfeit product) are just a small number of metrics we collect.

With Envoy we can use metrics like vendor information to cross-reference employee conflict of interest to find out if our suppliers or vendors have a pre-existing relationship with our employees. Envoy helps us determine that frequently. 

What are the workplace security initiatives you have put in place that you’re excited about and/or most proud of? 

BG: Robots and our AI video camera system. Robots control our parking lots to see how employees are working, what space is being utilized and deter crime. These tools, even if they are surveillance-related, are a lot for facilities management.

“People have come in under fictitious identities. The first thing we have trained front desk to do, is to have everyone sign in via Envoy. Thanks to the layers of detail that Envoy provides, such as the photo taken when visitors sign in, we have prevented social engineering attacks. This also makes it easier to investigate incidents when they do occur.”

–Brandon Gregg, Head of Global Trust and Security, Seagate

What are your predictions for the future of workplace security? Where do you see workplace technology improving or going in this context? 

BG: The biggest trend I see is cybersecurity and physical security merging closer together. It’s all going to blend together at some point. I think we’ll see this in retail, for cashier line management, and injury reporting, for example. Right now, a robot senses if someone falls immediately and notifies help in seconds. It’s going to affect everyone and everything to make everyone more productive and safe at the same time. 

When you have 40,000 employees something happens every day. With people, every second counts. Running to get help or calling 911 is logistically difficult in our factories that are over a mile long. As soon as someone grabs their chest and falls to the ground, those seconds can save a life. AI and this type of technology will and already does help in this area.