IT Gains Clout in Making Security Decisions
The convergence of physical and IT security might worry physical security experts who dread the idea of having to learn the intricacies of bits and bytes. But there may be little choice: As CCTV systems increasingly rely on data networks, vendors are beginning to pay more attention to the IT department.
Peter Strom, president and CEO of Ottawa, Canada-based March Networks, which builds digital video recorders (DVRs), explains that the shift started when DVRs began to replace VCRs. DVRs provide a host of advantages over their predecessors, from greater storage to remote management capabilities; but, since they run across a data network, IT departments are protecting their turfs.
"They're getting involved a lot more in the decision making," Strom says, "so we find ourselves presenting technology to decision-making committees, which generally consist of somebody from the IT department, somebody from security or loss prevention, and potentially somebody from operations as well."
This means that IT staff--who often have bigger budgets than their security counterparts--have growing clout in purchasing decisions, Strom says. For example, any purchased equipment needs to be compatible with the network and must be kept safe from virus infections and hackers. Plus, Strom adds, "they're a little more astute in testing the overall performance of the box," because they're concerned with any effect the recorder could have on network bandwidth.
Ray Shilling, principal consultant in Canon's video division, agrees that IT staff are increasingly involved in purchasing new security technologies, particularly when the technologies require deep knowledge of network architecture. But he doesn't think physical security pros will be shut out. "What I see is not so much a shift as a convergence," Shilling adds.
"We're talking about professionals in the security industry that have a tremendous amount of knowledge of the whole system--access control, fire, emergency response systems--and that person is extremely valuable," Shilling explains. He adds that Canon works "to train those with security and surveillance backgrounds on how to handle our networks vis-à-vis firewalls, NAS [network attached storage] systems, high-capacity RAID [redundant array of independent disks] arrays and storage." The company also works with IT companies to "pull them into the security business," Shilling says.
IT professionals are also beginning to influence surveillance technology design. According to Strom, there's been increasing interest in DVRs that run on Linux rather than Windows. Security is only one issue behind this change; Strom explains that the open-source Linux can also be easily customized, meaning that unnecessary applications (such as e-mail or Web browsers) that are the frequent targets of computer attacks can be stripped out. A smaller footprint also means it uses less memory. "We find Linux to be a much more stable environment to run video processing than a Windows box was," he says.
Shilling says that Canon leapfrogged over the DVR stage to the network video recorder--essentially software that turns any Windows-based computer into a video recording device. While he says that this provides economies of scale that keep overall investments low, the specter of network attacks is always there. "We're very careful in working with customers to make sure they have a firewall in place and they have careful management to make sure those controls are taken care of," he says. A close relationship with Microsoft helps ensure that patches are timely. He adds that with the network video recorder, only the central server needs to be patched (cameras run on a proprietary operating system), rather than on every DVR across multiple remote sites.