There has been much talk in the physical security market
concerning the imminent arrival of IT manufacturers and the likely
impact it will have on the industry, often couched in negative
terms by those fearful of change. The expectation has been an
'invasion' spearheaded by the storage-led vendors, but to many's
surprise the impact of these systems has yet to be felt and, to be
frank, I'm finding it quite hard to be certain how these products
(or are they solutions?) will be taken to the wider market,writes John Kirtland, sales and marketing director at
independent security integrator and Cisco security partnerQuadrant Security
Group.
Instead, the significant impact in the electronic security
market is being made right now from the network end of the system
from the likes of Cisco, rather than from the storage end, where
many of the mainstream IT providers are still operating. What they
call "physical security" provides solutions that bring together a
number of exciting video surveillance, management and storage
products with the formation of an expanding range of IP cameras to
create a portfolio of products that are truly network-friendly. The
solutions really are very good and they will challenge the
traditional brands who are offering weak IP-based solutions.
However, the noticeable difference that network solution
providers will make in this respect is that their understanding and
support doesn't stop when they get to the network port. When we
look at most traditional security manufacturers and resellers we
find that their knowledge of IP networks does not go very deep and
their experience of converged networks is, at best, limited. This
disconnected approach does not lend itself very well to providing a
seamless security solution as it tends to lead to a breakdown in
communication between security and IT simply because they don't
share the same language.
I believe the changes afoot will have a number of positive
effects for the end user and their IT department. It will ensure
that the weak gaps present in most of the models used in the
security industry will be filled. As customers compare the
standards of design and delivery they will soon begin to take
advantage of the networked model. I'm thinking here of adequate
product knowledge to complete good designs as well as providing
ample support without falling back on the manufacturer every
time.
Furthermore, there are substantial cost benefits all round. For
the security department, the savings can be as much as 30%, as
existing infrastructure can be utilised and on-going savings can be
made in maintenance. For the IT department, migrating electronic
security onto the existing network increases the value of that
network and provides an improved ROI. Furthermore, you can provide
a valuable added disaster recovery service for the security system.
Everyone's happy, not least the FD.
A further key benefit will be the advanced IP knowledge that
these new breed of resellers will gain and they will provide an
important bridge between the world of security and the world of IT.
That bridge is key and has more often than not been a major
stumbling block to success.
The issues here are trust and understanding - from both sides of
the divide. My experience from the security team's point of view is
that they don't see the IT department as reliable enough as, unlike
security, it doesn't operate 24/7 which is clearly essential for
effective security. There is also a very real concern of trust as
security involves monitoring and recording people from within an
organisation as well as visitors. When an incident has occurred and
information needs to be obtained from the security system as part
of an enquiry, can they trust the IT staff and how far? After all,
those staff do not report directly to them. These are genuine
concerns, but ones that can be readily overcome.
And, of course, it works the other way round. To establish a
good rapport requires an understanding on your part of the basics
of physical security. Whilst no one would expect you to know how to
design a security system, there are certain misconceptions commonly
held by IT departments about physical security. The most common of
these is that putting security system feeds - especially cameras -
on to your network will slow it down, or even bring it down. The
good news is that cameras don't have to be streaming constantly and
most video feeds are much less than 2Mb each. Even a substantial
system in a high security environment is still easily manageable
across your network and can be designed to accommodate both the
needs of the security department and those of the network.
The other big misconception is that security - with its CCTV,
access control, intruder detection etc - is a poor relation to the
IT industry in terms of skills and technology. Well we've already
seen that on the technology front the move to IP addressable
equipment is a genuine break through. In terms of expertise, don't
underestimate the skill set required to conduct a comprehensive
risk assessment, identify operational requirements and design a
system that meets all those needs.
To borrow a much quoted IT analogy, a security risk assessment
creates a solution that is very much like the rings of an onion;
you start at the edge, in this case the perimeter of the site, and
work your way back layer by layer - to the car park, to the
building exterior, through reception and other external doors and
in to the heart of the building. You define what the risk is, where
it comes from and then you must decide how to prevent, deter, delay
and detect the attack. The latter aspect is essential as you can
have all the cameras in the world installed, but they won't help
you if you haven't decided on an appropriate response. For example,
if you have a high security site the main focus is on prevention
and deterrents, whereas a lower security site may rely more on
delay tactics. The higher the risk, the greater the number of
layers of security are required to prevent and deter intruders.
Security companies also face the challenge of designing systems
using equipment from different manufacturers without an open
protocol. They must therefore have an excellent understanding of
product to ensure they are not drawn down a route where they end up
with a proprietary system. Manufacturers' proprietary software has
held the security industry back for years and although an open
protocol has been developed it is less than a year old.
Another source of confusion, this time from both sides - IT and
security - are the issues of budgets and ownership. Who pays for a
security system that runs over an existing network? I fail to see
why this should cause so much upset as the security system is just
another business application; why treat it any differently from
other departments and applications such as HR and Finance? Each
organisation will clearly have its own way of working but my
experience is that as converged solutions are deployed the security
system budget for equipment and support will be transferred to the
IT department whilst the operational requirements and staffing will
still be the responsibility of the security department.
So change is afoot and as the key decisions and budgets for
electronic security technology migrate to the IT department then
the availability of technology from an IT-centric supplier will
only hasten this change. I expect this will lead to many of the
traditional security companies quickly falling at the barriers of
skill, time and money as they are incapable of stepping up to the
required standard. But for forward thinking IT departments and
resellers, there is a very real opportunity to pave a path of
excellence.