Working Together

The impact of security systems on the IT network may create bigger problems than expected

Over the years, corporate departments have learned how to increase efficiency and value by leveraging the assets of the corporate IT infrastructure. Accounting, HR, operations and other groups make extensive use of computer applications, data storage, e-mail and other IT tools to increase their productivity and the range of services they provide to customers.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

The corporate security department has recently joined this revolution by introducing new IT-centric tools and techniques designed to significantly increase the capabilities of the security organization.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

Convergence also provides the ability to integrate video surveillance systems with central monitoring station software or with transactional systems, such as point-of-sale, bank ATMs and teller lines.

These and other network-centric security tools certainly add significant value to the organization, but in the process, they also consume significant network resources. Bandwidth, switch and router ports, data storage and IP addresses are not bottomless resources.

The IT team is tasked to make sure that new systems do not negatively impact other network users -- many of whom use the network to provide mission-critical services. Therefore, the security team needs to coordinate with the IT department before connecting equipment to, or installing software on, the LAN.

Certain characteristics of security systems -- such as bandwidth consumption of video equipment -- are likely to bring close scrutiny from the IT department.

When the security department staff educates themselves on issues that concern the IT department, they are in a better position to evaluate security equipment and system vendors, which will save significant time and money by not investing in a product or system that will not meet their firm's IT standards.

System Availability
The IT network provides services to the entire organization, so it is critical that a security device failure does not cause a general network failure. By the same token, a poorly designed and managed IT infrastructure will compromise the integrity of the security system.

Security devices can increase individual availability by using solid-state hard drives for storing their embedded programs and by using operating systems that are resistant to viruses, Trojan horses and denial-of-service attacks -- especially for systems that are connected to the public Internet.

Embedded operating systems used in network appliances also ensure that hackers cannot easily exploit the vulnerabilities of PC operating systems, which can expose security equipment to be used as launching pads for network attacks. Built-in firewalls and IP access control lists that limit system access to computers from specific IP addresses or IP subnets also can help prevent network security breaches. If the equipment uses a Windows® OS, the auto-update feature should be enabled, so that publicized vulnerabilities are patched as soon as possible.

Quality of Service
IT departments can allocate percentages of network bandwidth for services (such as Web traffic, e-mail and VoIP) on a LAN to ensure high levels of service, but on a WAN or the Internet, all services fight for the same bandwidth.

VoIP and IP videoconferencing systems are examples of IT services that are extremely sensitive to LAN/WAN delays caused by excessive levels of security video traffic. One MBps of video traffic isn't noticeable on a 100 MBps LAN, but on a 1.5 MBps Internet connection, these fragile services cannot be protected from a 1 MBps video stream.

For this reason, IT departments examine the level of video traffic (particularly over the WAN) that a video security system will generate. Thus, the ability to limit video bandwidth consumption is a highly desirable feature in today's video surveillance equipment.

Some systems require data/video preservation even in the event of catastrophic failure at the primary facility. In this case, the security system must support data/video archiving in a location that is physically separate from the primary storage location. For some, daily backups suffice, but other applications require hourly or real-time archiving.

Advanced surveillance systems also provide management tools to enable remote archive/restoration of system configuration data for quick system restoration.

Privacy Protection and Information Security
Every department entrusts the IT manager to protect sensitive corporate data on the network. Live and recorded surveillance video is no exception -- especially when the video system is integrated with financial or retail systems and may contain embedded receipt data.

All network-based security equipment must, therefore, employ industry-standard authentication and authorization techniques to ensure that internal network users can only access the parts of the system it is authorized to access.

Passwords and firewalls prevent unauthorized viewing and/or downloading of security video and data. This can be designated to the level of a per camera basis on advanced CCTV systems for both live and playback modes.

Availability of Management and Monitoring Tools
In systems that employ dozens, hundreds or thousands of security devices, it becomes impractical for IT and security staff to monitor and manage these units individually.

Tools that continuously monitor the health of each security device and automatically report any problems to the IT department are invaluable. Similarly, when software upgrades are required, management tools that allow the upgrade to be applied to multiple devices at once rather than manually upgrading each unit saves labor hours.

IT also prefers a system that allows them to add, change or remove an employee's security permissions from a central database rather than logging into each device individually to change permissions. These types of management tools have long been available for networking equipment, and they are now becoming available for DVRs and other security equipment.

While some new systems can use the existing IT infrastructure, others require new investment.

Some new systems require less maintenance effort than others due to the frequency of changes and/or the lack of enterprise management tools. Devices that employ the Windows® operating system require monthly security updates. If the Windows auto-update feature cannot be used, then this update process will be manual, consuming an enormous amount of technician time.

Quality of Vendor Technical Support
In this instance, IT departments value vendors who provide accurate and timely technical support -- particularly during installation and downtime. This support can extend to advanced replacement programs (in which warranteed products are replaced rather than repaired in order to minimize downtime). A healthy, established vendor is preferable to a vendor who is a startup or is facing financial problems.

Many systems require interoperability with external systems. Flexible application programming interfaces ensure that the systems can exchange information with other systems and with various types of user interfaces, whether it be a client server or Web based. Vendors who offer a software development kit to provide a programming interface can accommodate this requirement.

For international organizations, multi-language manuals, user interfaces and technical support also are important, and the security system should be flexible enough to handle a variety of languages, date formats, daylight savings time schemes and technologies.

Evaluating Two Wide-Area Network, Video Surveillance Solutions Using IT's Criteria

A hypothetical system requires centralized reviewing and control capabilities for video cameras deployed across all 100 locations of a regional retail chain. All stores have existing 128 KBps WAN connections. The relevant requirements are:

  • One-hundred stores located across a five-state region.
  • Nine cameras per store.
  • Five frames per second of recording per camera upon motion detection, 0.5 fps the rest of the time (assume each camera will record at the higher rate 12 percent of the time).
  • A 640 x 480 resolution video, with 10 KBps average image size.
  • Thirty days of video storage.

Applying this criteria to each design solution for a video surveillance system puts these requirements to the test.

The solutions under consideration are a DVR-based approach with local video storage at each store and an NVR approach, in which each IP camera transmits its video to an NVR at the customer's corporate headquarters, as NVRs generally have a single, centralized storage device.

DVRs provide centralized viewers and configuration tools, but they store the video locally at each facility (referred to as "distributed storage"). Thus, the network connection between each store and the headquarters only requires sufficient storage for periodic maintenance and video monitoring. Hybrid approaches are available, but comparing pure DVR and NVR approaches makes the relative pros and cons clear.

 

The Most Significant Differences Are:

Network availability. The DVR does not use the network for video storage, so it is not generally affected by WAN reliability. The NVR solution uses the Internet/WAN to transmit video from the stores to the NVR central server. Lower-cost DSL connections only guarantee 99 percent availability (5,260 minutes of downtime per year). Business-grade DSL guarantees 99.9 percent (526 minutes of downtime per year), but is considerably more expensive.

Network quality of service. Services running on the existing corporate WAN connection may include credit card processing, transaction logging and inventory management. The NVR approach will require an average of 750 KBps and peak of 4 MBps at each store, requiring Internet/WAN bandwidth upgrades to ensure that the security video will not interfere with existing services. The DVR will have much smaller bandwidth requirements for performing occasional maintenance and video review using the bandwidth limit configuration setting.

Installation costs. While the DVR does not require any new network services or equipment, the NVR solution will require the installation of new network services and equipment at each store to provide the increased bandwidth requirements.

Total cost of ownership. Ten analog cameras and a 300 GB DVR will likely cost more per store than 10 IP cameras and one store's portion of the centralized NVR storage, but the DVR solution does not require the monthly recurring costs for increased WAN/Internet bandwidth at each store plus the cost of dual T3s (45 MBps) at the headend for receiving the NVR video.

The right architecture. Careful consideration must be given to IT concerns when choosing a video surveillance architecture. In this example, the cost of dedicated WAN bandwidth will surpass the cost of equipment over the lifetime of the project, and the risk of losing video due to WAN outages may be unacceptably high for some applications.

Total Cost of Ownership
It is becoming increasingly common to require a return on investment analysis for significant projects. An accurate ROI calculation considers all costs, not just those for the initial equipment, installation and configuration.

Additional costs include project-specific equipment costs, additional network equipment, anti-virus software licenses (for Windows-based devices) and training, as well as the recurring costs of dedicated WAN bandwidth, monitoring, maintenance and security vendor licensing fees.

As security managers develop IT-centric systems, a clear understanding of the impact on the corporate network will help ensure a successful deployment. Those who try to operate independently of the IT department will find themselves losing that independence as they rely on others to evaluate and approve their systems.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3