Working Together

The impact of security systems on the IT network may create bigger problems than expected

Over the years, corporate departments have learned how to increase efficiency and value by leveraging the assets of the corporate IT infrastructure. Accounting, HR, operations and other groups make extensive use of computer applications, data storage, e-mail and other IT tools to increase their productivity and the range of services they provide to customers.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

The corporate security department has recently joined this revolution by introducing new IT-centric tools and techniques designed to significantly increase the capabilities of the security organization.

By connecting physical security systems to the IT network, security can achieve productivity gains and deliver new services in the areas of remote video surveillance, video and access control integration, and centralized security system management tools.

Convergence also provides the ability to integrate video surveillance systems with central monitoring station software or with transactional systems, such as point-of-sale, bank ATMs and teller lines.

These and other network-centric security tools certainly add significant value to the organization, but in the process, they also consume significant network resources. Bandwidth, switch and router ports, data storage and IP addresses are not bottomless resources.

The IT team is tasked to make sure that new systems do not negatively impact other network users -- many of whom use the network to provide mission-critical services. Therefore, the security team needs to coordinate with the IT department before connecting equipment to, or installing software on, the LAN.

Certain characteristics of security systems -- such as bandwidth consumption of video equipment -- are likely to bring close scrutiny from the IT department.

When the security department staff educates themselves on issues that concern the IT department, they are in a better position to evaluate security equipment and system vendors, which will save significant time and money by not investing in a product or system that will not meet their firm's IT standards.

System Availability
The IT network provides services to the entire organization, so it is critical that a security device failure does not cause a general network failure. By the same token, a poorly designed and managed IT infrastructure will compromise the integrity of the security system.

Security devices can increase individual availability by using solid-state hard drives for storing their embedded programs and by using operating systems that are resistant to viruses, Trojan horses and denial-of-service attacks -- especially for systems that are connected to the public Internet.

Embedded operating systems used in network appliances also ensure that hackers cannot easily exploit the vulnerabilities of PC operating systems, which can expose security equipment to be used as launching pads for network attacks. Built-in firewalls and IP access control lists that limit system access to computers from specific IP addresses or IP subnets also can help prevent network security breaches. If the equipment uses a Windows® OS, the auto-update feature should be enabled, so that publicized vulnerabilities are patched as soon as possible.

Quality of Service
IT departments can allocate percentages of network bandwidth for services (such as Web traffic, e-mail and VoIP) on a LAN to ensure high levels of service, but on a WAN or the Internet, all services fight for the same bandwidth.

VoIP and IP videoconferencing systems are examples of IT services that are extremely sensitive to LAN/WAN delays caused by excessive levels of security video traffic. One MBps of video traffic isn't noticeable on a 100 MBps LAN, but on a 1.5 MBps Internet connection, these fragile services cannot be protected from a 1 MBps video stream.

For this reason, IT departments examine the level of video traffic (particularly over the WAN) that a video security system will generate. Thus, the ability to limit video bandwidth consumption is a highly desirable feature in today's video surveillance equipment.

Some systems require data/video preservation even in the event of catastrophic failure at the primary facility. In this case, the security system must support data/video archiving in a location that is physically separate from the primary storage location. For some, daily backups suffice, but other applications require hourly or real-time archiving.

Advanced surveillance systems also provide management tools to enable remote archive/restoration of system configuration data for quick system restoration.

Privacy Protection and Information Security
Every department entrusts the IT manager to protect sensitive corporate data on the network. Live and recorded surveillance video is no exception -- especially when the video system is integrated with financial or retail systems and may contain embedded receipt data.

All network-based security equipment must, therefore, employ industry-standard authentication and authorization techniques to ensure that internal network users can only access the parts of the system it is authorized to access.

Passwords and firewalls prevent unauthorized viewing and/or downloading of security video and data. This can be designated to the level of a per camera basis on advanced CCTV systems for both live and playback modes.

Availability of Management and Monitoring Tools
In systems that employ dozens, hundreds or thousands of security devices, it becomes impractical for IT and security staff to monitor and manage these units individually.

Tools that continuously monitor the health of each security device and automatically report any problems to the IT department are invaluable. Similarly, when software upgrades are required, management tools that allow the upgrade to be applied to multiple devices at once rather than manually upgrading each unit saves labor hours.

IT also prefers a system that allows them to add, change or remove an employee's security permissions from a central database rather than logging into each device individually to change permissions. These types of management tools have long been available for networking equipment, and they are now becoming available for DVRs and other security equipment.

While some new systems can use the existing IT infrastructure, others require new investment.

Some new systems require less maintenance effort than others due to the frequency of changes and/or the lack of enterprise management tools. Devices that employ the Windows® operating system require monthly security updates. If the Windows auto-update feature cannot be used, then this update process will be manual, consuming an enormous amount of technician time.

Quality of Vendor Technical Support
In this instance, IT departments value vendors who provide accurate and timely technical support -- particularly during installation and downtime. This support can extend to advanced replacement programs (in which warranteed products are replaced rather than repaired in order to minimize downtime). A healthy, established vendor is preferable to a vendor who is a startup or is facing financial problems.

Many systems require interoperability with external systems. Flexible application programming interfaces ensure that the systems can exchange information with other systems and with various types of user interfaces, whether it be a client server or Web based. Vendors who offer a software development kit to provide a programming interface can accommodate this requirement.

For international organizations, multi-language manuals, user interfaces and technical support also are important, and the security system should be flexible enough to handle a variety of languages, date formats, daylight savings time schemes and technologies.

Evaluating Two Wide-Area Network, Video Surveillance Solutions Using IT's Criteria

A hypothetical system requires centralized reviewing and control capabilities for video cameras deployed across all 100 locations of a regional retail chain. All stores have existing 128 KBps WAN connections. The relevant requirements are:

  • One-hundred stores located across a five-state region.
  • Nine cameras per store.
  • Five frames per second of recording per camera upon motion detection, 0.5 fps the rest of the time (assume each camera will record at the higher rate 12 percent of the time).
  • A 640 x 480 resolution video, with 10 KBps average image size.
  • Thirty days of video storage.

Applying this criteria to each design solution for a video surveillance system puts these requirements to the test.

The solutions under consideration are a DVR-based approach with local video storage at each store and an NVR approach, in which each IP camera transmits its video to an NVR at the customer's corporate headquarters, as NVRs generally have a single, centralized storage device.

DVRs provide centralized viewers and configuration tools, but they store the video locally at each facility (referred to as "distributed storage"). Thus, the network connection between each store and the headquarters only requires sufficient storage for periodic maintenance and video monitoring. Hybrid approaches are available, but comparing pure DVR and NVR approaches makes the relative pros and cons clear.


The Most Significant Differences Are:

Network availability. The DVR does not use the network for video storage, so it is not generally affected by WAN reliability. The NVR solution uses the Internet/WAN to transmit video from the stores to the NVR central server. Lower-cost DSL connections only guarantee 99 percent availability (5,260 minutes of downtime per year). Business-grade DSL guarantees 99.9 percent (526 minutes of downtime per year), but is considerably more expensive.

Network quality of service. Services running on the existing corporate WAN connection may include credit card processing, transaction logging and inventory management. The NVR approach will require an average of 750 KBps and peak of 4 MBps at each store, requiring Internet/WAN bandwidth upgrades to ensure that the security video will not interfere with existing services. The DVR will have much smaller bandwidth requirements for performing occasional maintenance and video review using the bandwidth limit configuration setting.

Installation costs. While the DVR does not require any new network services or equipment, the NVR solution will require the installation of new network services and equipment at each store to provide the increased bandwidth requirements.

Total cost of ownership. Ten analog cameras and a 300 GB DVR will likely cost more per store than 10 IP cameras and one store's portion of the centralized NVR storage, but the DVR solution does not require the monthly recurring costs for increased WAN/Internet bandwidth at each store plus the cost of dual T3s (45 MBps) at the headend for receiving the NVR video.

The right architecture. Careful consideration must be given to IT concerns when choosing a video surveillance architecture. In this example, the cost of dedicated WAN bandwidth will surpass the cost of equipment over the lifetime of the project, and the risk of losing video due to WAN outages may be unacceptably high for some applications.

Total Cost of Ownership
It is becoming increasingly common to require a return on investment analysis for significant projects. An accurate ROI calculation considers all costs, not just those for the initial equipment, installation and configuration.

Additional costs include project-specific equipment costs, additional network equipment, anti-virus software licenses (for Windows-based devices) and training, as well as the recurring costs of dedicated WAN bandwidth, monitoring, maintenance and security vendor licensing fees.

As security managers develop IT-centric systems, a clear understanding of the impact on the corporate network will help ensure a successful deployment. Those who try to operate independently of the IT department will find themselves losing that independence as they rely on others to evaluate and approve their systems.


  • Secure Your Home During the Holidays

    The most wonderful time of the year can easily transform into a nightmare. Being vigilant, while still enjoying the holiday season, is possible. The holiday season is the perfect time to start implementing security measures to protect one’s home and ensure security while out and about. Read Now

  • Five Cybersecurity Trends Predictions for 2024

    According to Cybersixgill, threat research experts, AI’s evolution will continually improve both organizations’ cyber defense efforts and cybercriminal activities. At the same time, increasingly complex regulatory requirements, continued consolidation of cybersecurity tools, a widening attack surface, and heightened global geopolitical issues will all play a significant role in driving the direction of cybersecurity. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • NSA Report Focuses on How to Protect Against Evolving Phishing Attacks

    The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. Read Now

Featured Cybersecurity

New Products

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3