Be Prepared: Physical Security is Migrating to Your (IT) Domain

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Here is a re-enactment of typical crowd reactions during a soapbox presentation in a booth at the most recent Interop show:

Presenter: "How many people here care about security?"

Half the hands shoot up.

Presenter: "How many people care about physical security? We're talking perimeter walls, not firewalls."

One or two hands raise.

Presenter: "How many people think video surveillance on the network is a good idea?"

No show of hands.

Presenter: "How many people think, 'There's no way you're putting video surveillance on my network'?"

Every single hand shoots into the air.

It is clear that video has a terrible reputation, and also clear that the IT industry on the whole is relatively unaware of trends in video surveillance and security. But, just as VoIP brought the world of telephony under the IT umbrella, the rise of network-based surveillance systems is bringing physical security under the network administrator's province as well.

THE FUTURE: Going where no cameras have gone before

With the physical security market now opting more and more often for IP-based devices over analog coax predecessors, IT professionals will be hard pressed to avoid the technology overlap for much longer. Still, it was evident at the show that a lot of education is needed to root out misconceptions about IP video.

The bottom line: Don't let the thought of surveillance video riding your network give you a panic attack. It's not the same "video" that network administrators often loathe.

Much of the fear is based on performance degradations experienced when dozens of employees simultaneously download popular YouTube clips or stream live events like March Madness or the Royal Wedding. But the surge in downloadable content is a different technical reality from surveillance content created and viewed internally by a limited group of viewers.

Here are four tips on how to manage this growing stream of network video surveillance and seamlessly balance this new format with other traffic sharing the network.

Bandwidth requirements

In the world of video surveillance, frame rates and resolution have a direct impact on bandwidth consumption. The more frames per second and the higher the resolution required by physical security personnel, the greater the bandwidth needed to send the video images. Also, the more activity you have in the "scene," the more data will be created. The first step is to determine how many frames per second and how high you really need the resolution to be to achieve specific surveillance objectives.

Take a high school scenario as an example. When students are between classes, hallway activity is much higher than when class is in session. During class breaks, school administrators want cameras to operate at a good resolution and high frame rate to capture enough detail to defuse fights and prevent vandalism. Conversely, they could accept throttling down the resolution and frame rate at night when there are no evening activities on the calendar.

Fortunately for network administrators, a network video camera is an intelligent device that can be programmed to change frame rates and resolution to provide the amount of critical security video needed without monopolizing network bandwidth. And, even with stepping down performance during off-peak times, security directors and facilities managers will still receive better images than they're used to with analog technology.

Video archiving options can also impact bandwidth consumption. If storage space is limited but compliance issues necessitate longer retention, many users opt for network cameras that support more advanced compression technologies, such as H.264. If bandwidth is at a premium during certain hours, you could deploy network cameras equipped with SD cards to store the video until it can be transmitted to a server during off-peak hours when network traffic is lower.

Network security

With so many security breaches making headlines lately, it's important that both security and network professionals understand how to protect the video streams from being compromised. In low-risk environments, requiring a user name and password might be sufficient to prevent unauthorized access to the video feed. For higher-risk environments, some of the more popular logical security measures built into network cameras include:

* IP filtering. Some network cameras and video encoders (which convert existing analog cameras into network-enabled devices) use IP filtering to prevent all but one or a few IP addresses from accessing the network video components. IP filtering provides a function similar to a built-in firewall. Typically, the network cameras are configured to accept commands only from the IP address of the server hosting the video management software (VMS).

* Encryption. Encrypting the data rather than the transport provides a higher level of privacy. Hyper Text Transfer Protocol Secure (HTTPS) is the most common data encryption protocol used in applications like online banking to provide the requisite security for financial transactions performed over the Internet. Many network video cameras have built-in support for HTTPS, which makes it possible for video to be securely viewed using a Web browser.

* Port authentication. Network cameras and video encoders with built-in 802.1X are especially useful where network cameras are mounted in public spaces such as reception areas, hallways, meeting rooms or on the outside of the building. 802.1X uses special identification certificates to either authenticate cameras attached to a LAN port and establish a point-to-point connection or deny access from that port if authentication fails.

Open architecture

All network video equipment piggybacking on the company's infrastructure should adhere to relevant IEEE and de facto network standards as well as global interface standards adopted by the physical security industry, like ONVIF (Open Network Video Interface Forum). Building a surveillance system on an open architecture allows the freedom to select best-of-breed components, from the preferred server and network components of the organization, to specific models of network cameras to appropriate video management software and video analytics.

An open application programming interface (API) not only allows you to tap into a wealth of existing video surveillance software, but also makes it easier to integrate the surveillance system with access control, HVAC and other relevant systems in the facility.

Remote access

Just like other applications riding on the network, surveillance video can be accessed from any device equipped with a browser and connection to the Internet. This makes it easier for security professionals to monitor multiple facilities from a central command center or tap into the video stream from a mobile device like a smartphone.

Remote access needn't be confined to video residing on-site. If there are a number of locations running one or two cameras or perhaps a large corporation looking for secure off-site archiving to satisfy internal policies or compliance issues, there is another option: using a service provider to move video storage to the cloud. As with other cloud-based services, by shifting surveillance to a virtualized solution, you can minimize the number of servers dedicated to local video archiving, saving on space as well as electricity and cooling costs.

Though the video data resides in the cloud, the physical security and/or IT departments can still control access to live and archived video through a secure viewing portal to the host provider. The cloud protects against possible theft or damage to onsite recordings. And, if the WAN happens to go down, the system can be augmented with low-cost local network attached storage (NAS) for high-resolution, high-frame rate video recording.

With more companies hopping on the IP surveillance bandwagon, the worlds of physical security and information technology are quickly merging into a single domain. Once surveillance seeps into IT's world -- and that day is coming soon if it hasn't arrived already -- it's up to IT to establish a balance that protects the business and its people without compromising other mission-critical operations that share the network.

Nilsson is author of the book "Intelligent Network Video." He is a regular expert contributor on topics of networked video surveillance systems and cameras.

Read more about wide area network in Network World's Wide Area Network section.

Copyright © 2011 IDG Communications, Inc.

8 pitfalls that undermine security program success