Working Together

The impact of security systems on the IT network may create bigger problems than expected

Over the years, corporate departments have learned how to increase efficiency and value by leveraging the assets of the corporate IT infrastructure. Accounting, HR, operations and other groups make extensive use of computer applications, data storage, e-mail and other IT tools to increase their productivity and the range of services they provide to customers.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

The corporate security department has recently joined this revolution by introducing new IT-centric tools and techniques designed to significantly increase the capabilities of the security organization.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

Convergence also provides the ability to integrate video surveillance systems with central monitoring station software or with transactional systems, such as point-of-sale, bank ATMs and teller lines.

These and other network-centric security tools certainly add significant value to the organization, but in the process, they also consume significant network resources. Bandwidth, switch and router ports, data storage and IP addresses are not bottomless resources.

The IT team is tasked to make sure that new systems do not negatively impact other network users -- many of whom use the network to provide mission-critical services. Therefore, the security team needs to coordinate with the IT department before connecting equipment to, or installing software on, the LAN.

Certain characteristics of security systems -- such as bandwidth consumption of video equipment -- are likely to bring close scrutiny from the IT department.

When the security department staff educates themselves on issues that concern the IT department, they are in a better position to evaluate security equipment and system vendors, which will save significant time and money by not investing in a product or system that will not meet their firm's IT standards.

System Availability
The IT network provides services to the entire organization, so it is critical that a security device failure does not cause a general network failure. By the same token, a poorly designed and managed IT infrastructure will compromise the integrity of the security system.

Security devices can increase individual availability by using solid-state hard drives for storing their embedded programs and by using operating systems that are resistant to viruses, Trojan horses and denial-of-service attacks -- especially for systems that are connected to the public Internet.

Embedded operating systems used in network appliances also ensure that hackers cannot easily exploit the vulnerabilities of PC operating systems, which can expose security equipment to be used as launching pads for network attacks. Built-in firewalls and IP access control lists that limit system access to computers from specific IP addresses or IP subnets also can help prevent network security breaches. If the equipment uses a Windows® OS, the auto-update feature should be enabled, so that publicized vulnerabilities are patched as soon as possible.

Quality of Service
IT departments can allocate percentages of network bandwidth for services (such as Web traffic, e-mail and VoIP) on a LAN to ensure high levels of service, but on a WAN or the Internet, all services fight for the same bandwidth.

VoIP and IP videoconferencing systems are examples of IT services that are extremely sensitive to LAN/WAN delays caused by excessive levels of security video traffic. One MBps of video traffic isn't noticeable on a 100 MBps LAN, but on a 1.5 MBps Internet connection, these fragile services cannot be protected from a 1 MBps video stream.

For this reason, IT departments examine the level of video traffic (particularly over the WAN) that a video security system will generate. Thus, the ability to limit video bandwidth consumption is a highly desirable feature in today's video surveillance equipment.

Some systems require data/video preservation even in the event of catastrophic failure at the primary facility. In this case, the security system must support data/video archiving in a location that is physically separate from the primary storage location. For some, daily backups suffice, but other applications require hourly or real-time archiving.

Advanced surveillance systems also provide management tools to enable remote archive/restoration of system configuration data for quick system restoration.

Privacy Protection and Information Security
Every department entrusts the IT manager to protect sensitive corporate data on the network. Live and recorded surveillance video is no exception -- especially when the video system is integrated with financial or retail systems and may contain embedded receipt data.

All network-based security equipment must, therefore, employ industry-standard authentication and authorization techniques to ensure that internal network users can only access the parts of the system it is authorized to access.

Passwords and firewalls prevent unauthorized viewing and/or downloading of security video and data. This can be designated to the level of a per camera basis on advanced CCTV systems for both live and playback modes.

Availability of Management and Monitoring Tools
In systems that employ dozens, hundreds or thousands of security devices, it becomes impractical for IT and security staff to monitor and manage these units individually.

Tools that continuously monitor the health of each security device and automatically report any problems to the IT department are invaluable. Similarly, when software upgrades are required, management tools that allow the upgrade to be applied to multiple devices at once rather than manually upgrading each unit saves labor hours.

IT also prefers a system that allows them to add, change or remove an employee's security permissions from a central database rather than logging into each device individually to change permissions. These types of management tools have long been available for networking equipment, and they are now becoming available for DVRs and other security equipment.

While some new systems can use the existing IT infrastructure, others require new investment.

Some new systems require less maintenance effort than others due to the frequency of changes and/or the lack of enterprise management tools. Devices that employ the Windows® operating system require monthly security updates. If the Windows auto-update feature cannot be used, then this update process will be manual, consuming an enormous amount of technician time.

Quality of Vendor Technical Support
In this instance, IT departments value vendors who provide accurate and timely technical support -- particularly during installation and downtime. This support can extend to advanced replacement programs (in which warranteed products are replaced rather than repaired in order to minimize downtime). A healthy, established vendor is preferable to a vendor who is a startup or is facing financial problems.

Many systems require interoperability with external systems. Flexible application programming interfaces ensure that the systems can exchange information with other systems and with various types of user interfaces, whether it be a client server or Web based. Vendors who offer a software development kit to provide a programming interface can accommodate this requirement.

For international organizations, multi-language manuals, user interfaces and technical support also are important, and the security system should be flexible enough to handle a variety of languages, date formats, daylight savings time schemes and technologies.

Evaluating Two Wide-Area Network, Video Surveillance Solutions Using IT's Criteria

A hypothetical system requires centralized reviewing and control capabilities for video cameras deployed across all 100 locations of a regional retail chain. All stores have existing 128 KBps WAN connections. The relevant requirements are:

  • One-hundred stores located across a five-state region.
  • Nine cameras per store.
  • Five frames per second of recording per camera upon motion detection, 0.5 fps the rest of the time (assume each camera will record at the higher rate 12 percent of the time).
  • A 640 x 480 resolution video, with 10 KBps average image size.
  • Thirty days of video storage.

Applying this criteria to each design solution for a video surveillance system puts these requirements to the test.

The solutions under consideration are a DVR-based approach with local video storage at each store and an NVR approach, in which each IP camera transmits its video to an NVR at the customer's corporate headquarters, as NVRs generally have a single, centralized storage device.

DVRs provide centralized viewers and configuration tools, but they store the video locally at each facility (referred to as "distributed storage"). Thus, the network connection between each store and the headquarters only requires sufficient storage for periodic maintenance and video monitoring. Hybrid approaches are available, but comparing pure DVR and NVR approaches makes the relative pros and cons clear.

 

The Most Significant Differences Are:

Network availability. The DVR does not use the network for video storage, so it is not generally affected by WAN reliability. The NVR solution uses the Internet/WAN to transmit video from the stores to the NVR central server. Lower-cost DSL connections only guarantee 99 percent availability (5,260 minutes of downtime per year). Business-grade DSL guarantees 99.9 percent (526 minutes of downtime per year), but is considerably more expensive.

Network quality of service. Services running on the existing corporate WAN connection may include credit card processing, transaction logging and inventory management. The NVR approach will require an average of 750 KBps and peak of 4 MBps at each store, requiring Internet/WAN bandwidth upgrades to ensure that the security video will not interfere with existing services. The DVR will have much smaller bandwidth requirements for performing occasional maintenance and video review using the bandwidth limit configuration setting.

Installation costs. While the DVR does not require any new network services or equipment, the NVR solution will require the installation of new network services and equipment at each store to provide the increased bandwidth requirements.

Total cost of ownership. Ten analog cameras and a 300 GB DVR will likely cost more per store than 10 IP cameras and one store's portion of the centralized NVR storage, but the DVR solution does not require the monthly recurring costs for increased WAN/Internet bandwidth at each store plus the cost of dual T3s (45 MBps) at the headend for receiving the NVR video.

The right architecture. Careful consideration must be given to IT concerns when choosing a video surveillance architecture. In this example, the cost of dedicated WAN bandwidth will surpass the cost of equipment over the lifetime of the project, and the risk of losing video due to WAN outages may be unacceptably high for some applications.

Total Cost of Ownership
It is becoming increasingly common to require a return on investment analysis for significant projects. An accurate ROI calculation considers all costs, not just those for the initial equipment, installation and configuration.

Additional costs include project-specific equipment costs, additional network equipment, anti-virus software licenses (for Windows-based devices) and training, as well as the recurring costs of dedicated WAN bandwidth, monitoring, maintenance and security vendor licensing fees.

As security managers develop IT-centric systems, a clear understanding of the impact on the corporate network will help ensure a successful deployment. Those who try to operate independently of the IT department will find themselves losing that independence as they rely on others to evaluate and approve their systems.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.