Working Together

The impact of security systems on the IT network may create bigger problems than expected

  • By Bob McCarthy
  • Sep 01, 2006

Over the years, corporate departments have learned how to increase efficiency and value by leveraging the assets of the corporate IT infrastructure. Accounting, HR, operations and other groups make extensive use of computer applications, data storage, e-mail and other IT tools to increase their productivity and the range of services they provide to customers.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

The corporate security department has recently joined this revolution by introducing new IT-centric tools and techniques designed to significantly increase the capabilities of the security organization.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

Convergence also provides the ability to integrate video surveillance systems with central monitoring station software or with transactional systems, such as point-of-sale, bank ATMs and teller lines.

These and other network-centric security tools certainly add significant value to the organization, but in the process, they also consume significant network resources. Bandwidth, switch and router ports, data storage and IP addresses are not bottomless resources.

The IT team is tasked to make sure that new systems do not negatively impact other network users -- many of whom use the network to provide mission-critical services. Therefore, the security team needs to coordinate with the IT department before connecting equipment to, or installing software on, the LAN.

Certain characteristics of security systems -- such as bandwidth consumption of video equipment -- are likely to bring close scrutiny from the IT department.

When the security department staff educates themselves on issues that concern the IT department, they are in a better position to evaluate security equipment and system vendors, which will save significant time and money by not investing in a product or system that will not meet their firm's IT standards.

System Availability
The IT network provides services to the entire organization, so it is critical that a security device failure does not cause a general network failure. By the same token, a poorly designed and managed IT infrastructure will compromise the integrity of the security system.

Security devices can increase individual availability by using solid-state hard drives for storing their embedded programs and by using operating systems that are resistant to viruses, Trojan horses and denial-of-service attacks -- especially for systems that are connected to the public Internet.

Embedded operating systems used in network appliances also ensure that hackers cannot easily exploit the vulnerabilities of PC operating systems, which can expose security equipment to be used as launching pads for network attacks. Built-in firewalls and IP access control lists that limit system access to computers from specific IP addresses or IP subnets also can help prevent network security breaches. If the equipment uses a Windows® OS, the auto-update feature should be enabled, so that publicized vulnerabilities are patched as soon as possible.

Quality of Service
IT departments can allocate percentages of network bandwidth for services (such as Web traffic, e-mail and VoIP) on a LAN to ensure high levels of service, but on a WAN or the Internet, all services fight for the same bandwidth.

VoIP and IP videoconferencing systems are examples of IT services that are extremely sensitive to LAN/WAN delays caused by excessive levels of security video traffic. One MBps of video traffic isn't noticeable on a 100 MBps LAN, but on a 1.5 MBps Internet connection, these fragile services cannot be protected from a 1 MBps video stream.

For this reason, IT departments examine the level of video traffic (particularly over the WAN) that a video security system will generate. Thus, the ability to limit video bandwidth consumption is a highly desirable feature in today's video surveillance equipment.

Some systems require data/video preservation even in the event of catastrophic failure at the primary facility. In this case, the security system must support data/video archiving in a location that is physically separate from the primary storage location. For some, daily backups suffice, but other applications require hourly or real-time archiving.

Advanced surveillance systems also provide management tools to enable remote archive/restoration of system configuration data for quick system restoration.

Privacy Protection and Information Security
Every department entrusts the IT manager to protect sensitive corporate data on the network. Live and recorded surveillance video is no exception -- especially when the video system is integrated with financial or retail systems and may contain embedded receipt data.

All network-based security equipment must, therefore, employ industry-standard authentication and authorization techniques to ensure that internal network users can only access the parts of the system it is authorized to access.

Passwords and firewalls prevent unauthorized viewing and/or downloading of security video and data. This can be designated to the level of a per camera basis on advanced CCTV systems for both live and playback modes.

Availability of Management and Monitoring Tools
In systems that employ dozens, hundreds or thousands of security devices, it becomes impractical for IT and security staff to monitor and manage these units individually.

Tools that continuously monitor the health of each security device and automatically report any problems to the IT department are invaluable. Similarly, when software upgrades are required, management tools that allow the upgrade to be applied to multiple devices at once rather than manually upgrading each unit saves labor hours.

IT also prefers a system that allows them to add, change or remove an employee's security permissions from a central database rather than logging into each device individually to change permissions. These types of management tools have long been available for networking equipment, and they are now becoming available for DVRs and other security equipment.

While some new systems can use the existing IT infrastructure, others require new investment.

Some new systems require less maintenance effort than others due to the frequency of changes and/or the lack of enterprise management tools. Devices that employ the Windows® operating system require monthly security updates. If the Windows auto-update feature cannot be used, then this update process will be manual, consuming an enormous amount of technician time.

Quality of Vendor Technical Support
In this instance, IT departments value vendors who provide accurate and timely technical support -- particularly during installation and downtime. This support can extend to advanced replacement programs (in which warranteed products are replaced rather than repaired in order to minimize downtime). A healthy, established vendor is preferable to a vendor who is a startup or is facing financial problems.

Many systems require interoperability with external systems. Flexible application programming interfaces ensure that the systems can exchange information with other systems and with various types of user interfaces, whether it be a client server or Web based. Vendors who offer a software development kit to provide a programming interface can accommodate this requirement.

For international organizations, multi-language manuals, user interfaces and technical support also are important, and the security system should be flexible enough to handle a variety of languages, date formats, daylight savings time schemes and technologies.

Evaluating Two Wide-Area Network, Video Surveillance Solutions Using IT's Criteria

A hypothetical system requires centralized reviewing and control capabilities for video cameras deployed across all 100 locations of a regional retail chain. All stores have existing 128 KBps WAN connections. The relevant requirements are:

  • One-hundred stores located across a five-state region.
  • Nine cameras per store.
  • Five frames per second of recording per camera upon motion detection, 0.5 fps the rest of the time (assume each camera will record at the higher rate 12 percent of the time).
  • A 640 x 480 resolution video, with 10 KBps average image size.
  • Thirty days of video storage.

Applying this criteria to each design solution for a video surveillance system puts these requirements to the test.

The solutions under consideration are a DVR-based approach with local video storage at each store and an NVR approach, in which each IP camera transmits its video to an NVR at the customer's corporate headquarters, as NVRs generally have a single, centralized storage device.

DVRs provide centralized viewers and configuration tools, but they store the video locally at each facility (referred to as "distributed storage"). Thus, the network connection between each store and the headquarters only requires sufficient storage for periodic maintenance and video monitoring. Hybrid approaches are available, but comparing pure DVR and NVR approaches makes the relative pros and cons clear.

 

The Most Significant Differences Are:

Network availability. The DVR does not use the network for video storage, so it is not generally affected by WAN reliability. The NVR solution uses the Internet/WAN to transmit video from the stores to the NVR central server. Lower-cost DSL connections only guarantee 99 percent availability (5,260 minutes of downtime per year). Business-grade DSL guarantees 99.9 percent (526 minutes of downtime per year), but is considerably more expensive.

Network quality of service. Services running on the existing corporate WAN connection may include credit card processing, transaction logging and inventory management. The NVR approach will require an average of 750 KBps and peak of 4 MBps at each store, requiring Internet/WAN bandwidth upgrades to ensure that the security video will not interfere with existing services. The DVR will have much smaller bandwidth requirements for performing occasional maintenance and video review using the bandwidth limit configuration setting.

Installation costs. While the DVR does not require any new network services or equipment, the NVR solution will require the installation of new network services and equipment at each store to provide the increased bandwidth requirements.

Total cost of ownership. Ten analog cameras and a 300 GB DVR will likely cost more per store than 10 IP cameras and one store's portion of the centralized NVR storage, but the DVR solution does not require the monthly recurring costs for increased WAN/Internet bandwidth at each store plus the cost of dual T3s (45 MBps) at the headend for receiving the NVR video.

The right architecture. Careful consideration must be given to IT concerns when choosing a video surveillance architecture. In this example, the cost of dedicated WAN bandwidth will surpass the cost of equipment over the lifetime of the project, and the risk of losing video due to WAN outages may be unacceptably high for some applications.

Total Cost of Ownership
It is becoming increasingly common to require a return on investment analysis for significant projects. An accurate ROI calculation considers all costs, not just those for the initial equipment, installation and configuration.

Additional costs include project-specific equipment costs, additional network equipment, anti-virus software licenses (for Windows-based devices) and training, as well as the recurring costs of dedicated WAN bandwidth, monitoring, maintenance and security vendor licensing fees.

As security managers develop IT-centric systems, a clear understanding of the impact on the corporate network will help ensure a successful deployment. Those who try to operate independently of the IT department will find themselves losing that independence as they rely on others to evaluate and approve their systems.

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.