Software Defined
Wide-area networking comes to physical security
- By Dr. Cahit (Jay) Akin
- Nov 01, 2016
As physical security
technology continues
to advance in both
complexity and capability,
it is increasingly
bumping into and
being influenced by other technology
segments. Cyber security technologies
are the first that come to mind, but recently,
another true networking technology
trend has arisen that is impacting
physical security implementations of all
kinds. Known as Software-Defined Wide
Area Networking or SD-WAN, this connectivity
technology is making physical
security implementations easier, more
flexible, more cost-effective and more
reliable than ever before.
SD-WAN technology itself is an offshoot
of Software-Defined Networking
or SDN. Originally designed for highperformance
data centers, SDN is a means
of virtualizing important network functions
as applications on commodity servers,
thus giving IT a major boost in cost,
complexity, and flexibility when building
new infrastructure. Those same benefits
have now grown beyond the data center
to Small- and Medium-sized Enterprises
(SMEs), as well as branch offices in the
form of SD-WAN.
WANs are generally used to connect
branch offices to a central corporate network
or connect data centers together
across distance. A SD-WAN moves the
“configuration” of these networks into
the cloud for IT to manage remotely and
brings programmability to the IP connectivity.
By doing so, this allows for remotely
manageable devices to be installed at these
“branch office” or remote locations, thus
reducing the need for onsite expertise or
management. Having the ability for the
WAN links to adapt and work around to
any network problems further simplifies the
management and operation of the WAN
network. This complete package makes for
a very flexible and cost-effective means of
connecting lots of geographically remote
sites together in a cost-effective manner.
So how does this connect to physical
security? Let’s start with the most obvious
application for where this might be
useful: video surveillance. Just think of
the number of instances where a large
organization has myriad sites, all with
multiple cameras at a single site that require
monitoring. Even with a single site
that is large enough for several dozen
cameras would be able to make use of an
SD-WAN network. In the simplest terms,
these SD-WAN devices will connect all
cameras to a cloud network, enabling the
organization to monitor all feeds from
a single location, while also eliminating
the need for a wired network connection.
Not only does this consolidate the
resources required for monitoring, but it
also makes camera placement much more
flexible, reaching locations unavailable
with a physical wired feed. While wireless
cameras are already seeing a great deal
of deployment, SD-WANs are different
in that they can bond multiple low-cast
Internet connections together in order to
create a single “bonded” connection that
is many times more resilient and higherperforming
at a fraction of the cost of a
more expensive connection.
Let’s look at a hypothetical installation.
Organizations can connect an SDWAN
device to a remote PTZ camera system
and the SD-WAN device will enable
a live video feed and allow for control of the PTZ camera via the bonded Internet connection between the
SD-WAN device field unit and the SD-WAN device server that is
located at the organization’s primary data center.
The SD-WAN device server can be installed at any location
with Internet connectivity such as the monitoring headquarters
or a data center. Various field units can feed video to a command
and control center that can control the pan, tilt and zoom controls
remotely over the bonded connection. Most SD-WAN devices
will accept an Ethernet or Wi-Fi feed from a PTZ camera,
or PTZ camera gateway. This bonded IP tunnel between the PTZ
camera(s) and the receive terminal transparently replaces the
wired connectivity normally required for the PTZ camera.
Beyond the flexibility, some SD-WAN devices have the ability
to consolidate multiple Internet streams together into a single
“bonded” stream, thus increasing resiliency and performance
while reducing the cost of the telecom networks required to connect
these cameras. One can imagine the multiple security and
law-enforcement applications where this kind of SD-WAN would
be useful to an organization with budget issues in mind.
Beyond just physical security, this kind of flexible, resilient,
and cost-effective network lends itself to almost any physical security
application that relies on what we’ll term cyber-physical
systems. A cyber-physical system (CPS) is a system of systems
where there is a tight coupling between the computing component
of the system and the physical components, underlying processes,
and policies governing these systems.
This is an evolving area that is an important and distinct part
of physical security infrastructure, but one we see growing every
day with the rise of smart city infrastructure, smart homes with
security services as a focus, and network-controlled security systems
in enterprise environments, whether those run by the company
itself or via a third-party security service provider. Physical
security is already prevalent in almost all infrastructures, including
transportation; chemical, water, and wastewater; healthcare;
and energy. Now, network-based command and control systems
are becoming the norm. And as a result, physical security organizations
need to look to SD-WAN systems in order to ensure these
new command and controls systems can be implemented in a way
that gives them the best chance to succeed.
SD-WAN technology is just one of many points of continued
convergence between IT security and physical security. The
technology’s potential has almost all industry analysts bullish on
its growth, with IDC predicting it will be a $6B market by 2020.
For our future, it’s clear that we are moving toward “smart” infrastructures:
smart power grid, smart buildings, smart bridges,
smart cars, embedded medical devices, and robotic assistance for
the elderly. All of these will require security solutions and those
solutions will require connectivity that is flexible, cost-effective,
and reliable. It seems that SD-WANs and physical security have a
bright future together.
This article originally appeared in the November 2016 issue of Security Today.