Security Networks: When Electronic And IT Security Collide

Access-Sept

Until the reasonably recent past, electronic security systems existed in stand-alone environments, often utilising expensive proprietary software and hardware, and being operated and maintained by specialist professionals. Systems such as CCTV and intrusion detection and access control were completely independent from other networks that operated within a business, building or facility, and were made up of analogue devices that utilised coaxial, multi-core or other type of traditional cable to connect to independent workstations, usually located together within a central ‘control’ room. Such systems required specialist training to operate, service and maintain, which was typically provided by security professionals at a premium rate.

The progressive emergence of new generation, Internet Protocol (IP) based electronic security systems over the past 15 or so years has been welcomed eagerly by both the security industry and its customers due to the numerous functionality increases provided by the technology. These systems have quickly become the new industry standard, providing more cost-effective and comprehensive solutions that are able to be integrated with other systems like never before.

CCTV in particular has experienced a revolution with the introduction of IP connectivity, requiring less planning and coordination of rack locations, cable runs, power and uninterrupted power supply (UPS) management, monitor placement and numbers, cooling and space management to facilitate a new system installation than of the analogue variety. IP CCTV systems utilise IT network equipment and can be designed using basic IT network design and planning strategies. The system cameras likewise are no longer reliant on independent power sources and now use a Power over Ethernet (PoE) solution, which reduces cable requirements by providing power and data communication via the same cable. These cameras feed into a standard network switch, which passes the data to specialist CCTV recording equipment and a monitoring terminal, hardware which typically can be shared with other electronic security systems such as access control and intrusion detection. Mercifully, older analogue cameras are able to be integrated into an IP network easily by using encoding devices to convert the analogue signal to IP and back again as required, although such cameras will still have independent power requirements.

Access control and intrusion detection systems have enjoyed less of an IP revolution than CCTV and more of a gradual shift toward the new protocol. Most commonly used systems communicate from the control panel, either wall or rack mounted, to the control terminal via IP, but still have devices such as readers and detectors connected using traditional cable. Readers and door controllers in these types of installations do provide two-way communications; however, they use multi-core and shielded cable to provide both power and data functionality. IP connectivity from the control panels allows these systems to interface to dedicated management software that allows operators greater control and functionality for control activities, as well as greater reporting and analytical capabilities for management review. Often, more than one system will integrate to the security management system (SMS) software, including CCTV, making the entire security control function more simplistic and providing greater control. As many of the hardware manufacturers in the industry use different technologies to create their products, this integration between brands is achieved through interfaces – small software applications that pass the control of equipment to the SMS at either low level (read only), or high level (read, write and control).

The benefits of IP security systems are many and vary from the client, installer and end-user perspective. For end-users, the benefit is a centralised security command centre that is simplistic to use, offers a graphical user interface environment and provides the operator with greater control. For example, an operator using an IP-integrated security management console would be able to receive notification of an alarm, check the CCTV cameras located at the alarm event location, make a decision on how to action that alarm based upon the CCTV output and take the chosen action – all from the same console or workstation, without needing to switch from stand-alone system to stand-alone system and use different usernames and login information to authenticate to numerous systems to action a single alarm event.

Another impressive benefit to the customer is the reporting capabilities offered by a centralised software management application that can provide budget and return-on-investment analysis, which is an asset to any system, as well as analysis of alarm event history and system effectiveness. Similarly, there are cost savings in IP connectivity in using non-proprietary network equipment instead of having to purchase all system equipment from the security hardware manufacturer. Switches, routers, workstation terminals and other network equipment can be purchased from numerous vendors at competitive prices, with only the specialised security equipment needing to be purchased directly from the manufacturer or supplier. Likewise, the maintenance and configuration of the standard network equipment used can often be performed by internal IT personnel, rather than relying on the security provider, again providing cost benefit to an organisation.

Such advances and changes within the security industry have brought about some challenges in addition to the benefits provided. With systems that now essentially are IT networks, there has been a steep learning curve for physical security technical personnel who supply, install, configure and maintain the equipment. The installation of analogue cameras for example was largely a plug and go arrangement, similar to connecting a VCR to a TV in a home environment. Now there are IP addresses, bandwidth considerations, network access control and a heavy reliance on a customer’s IT system administrator to facilitate the installation and provide the necessary access and configuration information necessary for the installation to take place. For many technical personnel this has meant considerable retraining and adjustment to perform works they were once specialised in.

The necessary level of knowledge for the new breed of IP systems far exceeds the standard specification of basic security electronics and now reaches deep into the realm of network infrastructure and data systems. Collaboration with a customer’s IT administrator is now essential in ensuring a system functions in the manner intended and has been correctly configured for the best possible outcome. To properly facilitate this, cooperation between company management, senior technical personnel and the security supplier is essential through the design, development and implementation phases of the security installation.

Finally, one consideration of networked security systems that must be planned for is the decision of whether to physically locate the security network on a facility’s existing IT infrastructure, or to completely segregate it as a separate network. Each option has possible repercussions and must be assessed with consideration to functionality, cost and the security requirements of the customer.

Hosting the security systems on an enterprise network will greatly impact upon bandwidth availability, particularly for systems incorporating large CCTV systems. Consideration must be given to the bandwidth requirements for enterprise applications in such instances to ensure that there will be enough to facilitate sharing the network resources. Hard drive and physical storage too must be taken into consideration to ensure that both enterprise critical data and CCTV footage is able to be stored and accessed for the nominated time period required; often 30 days minimum for the recording time from each camera that forms part of the system. This would be in addition to typical company data storage requirements, such as for database, customer detail and product development requirements, including data with time-sensitive specifications such as financial, human resources and other such information.

The accessibility and restriction of access to the integrated security system content, both internal and external to the network, must be planned for, in addition to how to best protect and safeguard this information. This would include from internal and otherwise authorised company personnel, but also from external and malicious sources. Sharing of a physical network in theory exposes the security system and the records it creates to the same IT security risks faced by the network as a whole. A network attacker may discover more than they had anticipated if they successfully breached the network and could access security system history, footage and other information, in addition to their original target. For this very reason, the security risk profile and specifications of the facility being protected must always be adhered to, as higher security applications simply will not allow security networks to share physical network equipment as a means of eliminating the risk of unauthorised access to the critical information that it contains.

With proper planning, including the early engagement of relevant management and IT representatives, it is now possible to create integrated security networks that offer customers greater benefits and ease of use than ever before. Customers and end-users are embracing the new breed of systems and the benefits they offer, which are increasingly providing the industry with new technological advancements. Ten years ago the use of mobile phones to view CCTV footage was unheard of but, due to developments in both electronic security systems and mobile phone technology, it is now a reality. As future technologies are developed, the relationship between electronic security and IT will surely continue to further integrate.

Rachell DeLuca is a senior security professional located in Melbourne, Australia. She has over 16 years’ experience in the security industry and has been involved in projects utilising a huge range of analogue, IP and hybrid technologies. For more information, Rachell can be contacted via email at rachell-deluca@outlook.com

%d bloggers like this: