Banking on a Security Upgrade
Print Issue: February 2014
CREDIT SUISSE, a global financial services company headquartered in Zurich, Switzerland, has more than 530 offices in more than 50 countries. About eight years ago, the company underwent a rebranding, as it had acquired several assets and smaller companies over the years and needed to consolidate them into one global group. During this period, the company also restructured its approach to security management, says Pete Giunchini, global products engineer at Credit Suisse. Security was consolidated globally, but it was structured into two verticals within that group—corporate security and security technology. Then last year, it moved the security technology division under IT to aid in deployment and maintenance.
Corporate security is charged with developing policies, running the guard services, overseeing physical security, and the like, while the security technology division is charged with identifying and assessing technology. Once systems are acquired, other IT groups can then deploy, manage, and administer them.
Giunchini explains that Credit Suisse takes a nuts and bolts approach to choosing what security technology it will use when a need arises. “When we sit down with our vendors and manufacturers and suppliers… we ask them to send the engineer with the sales guy,” he says.
This division of duties allows the tech team to focus its energies in ways that other company security departments may not be able to do. “Because of our organizational split, I can easily just concentrate on the technologies,” he says. Security services tells the tech team that it has a need for a capability. The team does not specify a technology. It’s up to Giunchini’s team to find the technology that can best meet the need.
He says that his security teams are also constantly thinking of future needs when assessing present problems. When they look at technology, they also consider what the vendor’s roadmap is and where the vendor plans on taking the technology. Credit Suisse wants to make sure that anything it invests in will meet future needs as well.
VMS. An example of how the team works is how it recently went about selecting a video management system (VMS) that the company could use for its 33 regional offices in the Americas. A VMS is software that allows for centralized management and control of video surveillance and access control devices. An advantage of a VMS is its scalability; companies can deploy just a few devices or thousands, depending on their needs. Credit Suisse ultimately selected Genetec’s VMS software, Omnicast. Omnicast runs on Genetec’s Security Center platform, which can be accessed through a Web browser or on a smartphone application.
The VMS project also included making it possible to convert feeds from existing analog cameras to digital signals. Both of these moves were part of a larger project at the organization to upgrade its entire enterprise security solution.
Surveillance video is an important part of Credit Suisse’s security. “The way we use video monitoring is three-fold,” says Giunchini. It serves as a forensic tool, as a visual confirmation of what’s happening with an alarm, and as a part of access control. (There’s some overlap between the second and third use).
As a forensic tool, the footage is used to investigate an incident after the fact. For the visual confirmation, if there is an alarm that signals a door being ajar, for example, security can check the video to see what’s going on. They may find that someone propped it open or there may be an issue with the hardware on the door, such as the door closure mechanism not working properly.
Finally, the company uses camera footage to corroborate access control data. Per the company’s security policy, a camera is positioned at as many secure doors as possible to record who enters or exits. Most of the time, cameras are facing the portal from the inside of secure doors, “so when somebody badges in and they open the door and walk in, you get an image of the door opening and the person walking in—a facial shot,” Giunchini states.
Before the current upgrade, Credit Suisse was using digital video recorders (DVRs) to manage and review security footage from its range of legacy analog cameras at the regional offices. According to Giunchini, these devices were reaching the end of their life-cycle, and frequently failed. “Back in 2007, we started identifying that the existing [video] platform we were on was becoming end-of-life and unsustainable; we had to do something different,” he notes.
But that presented an opportunity to improve the system’s capabilities. For example, the old devices only had the ability to record locally, meaning that there was no option of storing all the video centrally for disaster-recovery purposes, which was important to Credit Suisse. In addition, with the old system, “you had to go into every unit individually in order to control it. That means programming had to be replicated. From an investigations standpoint, especially in a single facility, you had to jump between units logging in and out for an investigation,” Giunchini says.
Before choosing a new product to replace the old DVRs, Giunchini and his security services team looked at how the security industry as a whole was changing its approach to video recording, and they saw that the industry was beginning to move toward digital and networked systems (IP video). “We decided that was the route we were going to take. So with that, we started investigating IP video,” explains Giunchini.
There are many pieces to the IP-video puzzle that the team needed to understand and make decisions about. There is the camera, which can be analog with an encoder to translate the signal to digital—or it can be fully digital. Then there is the recorder, which can be local or remote. Next is the connectivity, which is the networked aspect. Finally, there is the VMS software that allows for viewing and monitoring of multiple devices from disparate locations on one platform.
Product integration. The security integrator for the project was Kratos Public Safety & Security Solutions, which Credit Suisse chose to work with before selecting the specific product it would ultimately purchase. The integrator’s role in the deployment of a technology is to go out and install the equipment in the field and ensure that all of the devices are working for the client organization in the way that they should.
Kratos specializes in security system integration deployments and often works with financial services clients. To get a better understanding of the company’s specific wants and desires, Kratos met with Credit Suisse to find out what their priorities were in the VMS installation and camera upgrade.
“Back before we started the deployment, we sat down with their IT folks, with the IT department within Credit Suisse, and talked about bandwidth requirements,” says Nick Rizzotte, engineering manager for national accounts at Kratos. “We ironed out with the IT department bandwidth requirements and how the whole camera system would go together as a whole.”
Deciding how much video storage Credit Suisse would need also raised the question of whether the video would be stored locally in hardware, or in the cloud at a data center location. “That was a big step to get through because that took quite a bit of time and effort to calculate all the video bandwidth that we were going to anticipate for the project as a whole,” says Rizzotte.
Giunchini explains that they used bandwidth calculators provided by the manufacturer to determine how much bandwidth for storage was needed. “We came up with estimates on what we would have for motion,” he explains, noting that the cameras are set to record only when there is motion in their field of view. “All of our cameras are really based where our [access control] readers are, so by using logs from the access control system reporting, we have the ability to see traffic patterns. We’re able to see how many people are in different locations at different times of the day. So based off that data we came up with estimates for different types of zones on how much foot traffic there was,” he notes. Then the amount of storage needed was bumped up by a small percentage to accommodate potential growth for a few years.
Credit Suisse decided it wanted local storage, but it also wanted the option of backing up everything in one centralized location in the future if it chose to. It also wanted the ability to remotely monitor feeds and review streaming video. But as engineers researched various systems, they found that not all suited their mix of large and small sites. “The biggest hurdle we had… was our small sites. Being an enterprise group, we have large campuses and we have small sites,” says Giunchini. “Large campuses could be 300 to 400 cameras, which is perfect for what the enterprise-level video management systems are doing, but we could also have a site that would be the branch office somewhere, out in the Midwest or in some small country…that could only have two or three cameras in it.”
Replacing the DVRs with a VMS system would mean Credit Suisse wouldn’t need separate servers for each appliance, since a VMS is like “a PC in what they call a black box solution, which means it doesn’t look like a PC, it just looks like an appliance that you plug [cameras into],” he notes. But the storage capabilities are there. Additionally, software updates can be applied across the entire system, rather than one device at a time.
And the key is that this doesn’t require equipment upgrades. “Now with this type of solution, it’s all software based, which means new capabilities, new functions are just software patches. They’re just easy software upgrades to gain new functionality that would have never existed in the old system,” says Giunchini.
Credit Suisse and Kratos started looking at vendors of IP cameras and VMS systems. “We started out as a deep dive just to learn where the industry was going and what everybody was doing, then from there we identified the biggest players in the market, and then we had multiple rounds with them in discussion,” he says.
But this initial review of vendors did not provide them with the solution they were looking for. Nobody at that time had a solution for locations with two or three cameras. There was the option of streaming video, but they wanted a solution that used local storage.
Ultimately, Genetec offered the company the opportunity to beta test a unit of a VMS product not yet on the market. The product offered what Credit Suisse was looking for—it supported a small number of cameras and provided the option of streaming as well as centralized storage. That product never went beyond the beta stage, however. But almost immediately after, Genetec rolled out the SV-16, a hybrid VMS appliance. The hybrid device offers dual access control and video capability. The device has 16 ports for either video or access control devices to be plugged into, and functions dually as a server and a video recorder. So Credit Suisse installed the VMS product at its regional offices.
Credit Suisse also wanted personnel in its central monitoring station in New York and a backup location in New Jersey to be able to monitor video streams coming from its regional offices. This is where the SV-16’s capabilities and functionality came into play.
With its Omnicast VMS software, Genetec allows for central monitoring of any and all cameras hooked into an SV-16 appliance. Feeds can also be directed to other sites as well, if a company so chooses.
The software gives Credit Suisse “a lot of functionality that’s in these new systems that never existed in the old systems, anywhere from the virtual matrix where it makes it look like one holistic system, down to reporting, investigations, the ability to be able to review multiple cameras or associate cameras for investigation purposes into single video streams, compared to having individual cameras where you record and store separately,” he adds.
The SV-16 comes preloaded with Omnicast, so Kratos did not have to deploy the software. The integrator did, however, have to ensure that it was functioning properly. “In the remote locations, technicians go out on site and install the equipment and make sure that everything works there locally, just as a single system, and then [two senior engineers] bring those cameras through Genetec software into one system…in New York,” says Rizzotte. They make sure that the cameras have a URL or IP address, so that they are recognized by the network and can send their feeds to the central monitoring station; they also make sure that they have been programmed to record on whatever sequence the company wants them to operate on.
Credit Suisse previously had some remote viewing capacity with its analog cameras, but Giunchini says it required logging into a different device for each DVR it wanted to stream video from. “In the old days, you had to actually log into individual units at individual sites,” he notes. With the new system, “you can just log into one control unit, and from there, you can see anything in the world. It makes it virtually look like one single system,” he says. “It’s pulling it from remote locations, but the user just sees a single interface.”
Now any time there is a security incident, Credit Suisse’s incident-review teams can monitor that easily from centralized locations via streaming. “There are a few offices with monitoring capability due to high risk or criticality of site, but all capability is centralized to a single main facility… as a primary command center function,” Giunchini says. “Also, our staff have the ability to remotely log in from any Credit Suisse PC to gain access to the system should they be at a remote office and need to view stored or archived footage,” he adds.
Credit Suisse is still storing video locally, but the company now has the ability to store everything centrally, which it plans to do in another phase of security upgrades. “At this point, the infrastructure is built, so it’s easy to do that,” Giunchini notes.
Legacy equipment. One major consideration as the company transitioned to VMS and IP was what to do with the existing analog cameras. They did not want to have to replace the ones that still had years of their useful life left. Thus, except in a few situations where the cameras merited replacement, the solution was to purchase encoders (in this case from Axis) to translate the analog signals into digital.
Streaming. Credit Suisse did not build a separate network for streaming video; it created a segregated section of the existing corporate network specifically dedicated to video streaming. When plugging in the IP cameras or attaching encoders to analog cameras, it is plug and play—the SV-16 automatically detects and places the devices on the network.
Kratos has nearly completed the integration of the SV-16s and upgrade to IP cameras at all the Credit Suisse regional locations in the Americas—a project that has been ongoing for about three years.
So far, the system is working as expected, says Giunchini. There have been normal service issues, such as power downs and the occasional piece of equipment that goes bad. But overall, he says, the VMS platform is performing well and the new solution has provided “tons of benefits” to Credit Suisse.
“Scalability is one of the first things... the ability to deploy more cameras at cheaper costs, more infrastructure at cheaper cost price points,” he says.
Other technologies. Giunchini notes that in addition to upgrading its VMS, Credit Suisse is staying on top of other modern security technologies to best serve its clients and employees. “We’re being progressive because we have a strong push looking at wireless, mobile computing, kiosks, self-service, these are all things that are mainstream service within my group right now to change and transform how the products and services that we deliver internally are modernized,” he says.
The next big project is to review access control platforms with an eye toward upgrading to something that might work well with the new camera systems. “The video platforms are way ahead of access control platforms in the open architecture arena with IT, and our mandate is to migrate to a platform that’s of equal standing,” says Giunchini.
The technologies team already made one improvement to access control by developing an easier way for employees to get a temporary badge when they lose or forget their own. They did that by designing an access control credential kiosk in-house with the help of outside vendors. The kiosks implement biometrics to allow employees to get a 24-hour pass, and “when it gives you your temporary badge, it also deactivates your old card, so nobody can actually pick it up and use it,” Giunchini explains.
The nice thing about this solution is it’s a self-service kiosk, which allows the employees to do something by themselves, Giunchini says. That’s more efficient for the company and a better experience for the end user, so everybody wins.
Holly Gilbert is an assistant editor at Security Management.