The Cloud Comes Down to Earth
Cloud computing, a maturing IT strategy, now has moved decisively into physical security, including video surveillance, with a surprising litany of business benefits. It turns out, for many, to be an essential tool to meet that equally essential “do more with less” attitude, which continues to spur consolidation, outsourced business processes and an accelerated investment in technologies that shifts costs from large capital expenditures to operational expenses. Depending on how high in the cloud, this can include infrastructure, platforms and applications now delivered in the form of services.
For enterprise security leaders as well as their IT brethren, there are many ways to look at the cloud. It can go by various labels. Hosted service. Software as a service. Platform as a service. Managed video as a service. Infrastructure as a service.
There are myriad deployments from a private cloud and community cloud to public and hybrid clouds.
On the good side, hosted service, being “in the cloud” can save money and speed implementation of new technology, upgrades, or scaling up designs. What may have taken 30 days before now could be done in 30 minutes, suggests Anil Karmel of the Los Alamos National Laboratory. It can be a time saver, because you can use vital software programs to help with business management. Cloud computing can also allow users to incorporate different types of applications including email, word processors, management systems, and more, which results in less glitches and improved performance. Departments even have the ability to share data.
Another advantage, as more employees are working on the road and spending less time in the office, cloud computing can boost productivity. And a huge benefit: reduced costs, as there is no need to go out and purchase new hardware as the cloud comes ready to be deployed.
On the other side, it has its own set of disadvantages, including security concerns. Although a hosted service can result in less data loss because of its frequent backups, the fact that servers are interconnected means it’s an “all for one and one for all” system when it comes to attacks and intrusions.
In addition, an obvious disadvantage is that it completely relies on network connections. If the network goes down, you’re done working until it comes back up. And while lack of a hard drive is a benefit when it comes to hardware costs, it can also be a disadvantage to you if you use programs that rely on an attached hard drive. And although cloud computing can show you financial benefits in the long term, it’s not the cheapest of solutions to get set up if you’re doing it on a smaller scale. Sure, if you’re a big business who can shell out quick cash for quick benefits its all good, but there’s no cheap way around it for those of you wanting to test the water before you jump. It’s all or nothing, unfortunately. Cloud expenses also seep back to the data centers who have to shell out for new software that can actually run the cloud.
There is no doubt that cloud computing is very popular and growing larger in scope, applications and business attraction, ranging from general uses to specialties.
There is Gmail from Google, the most used cloud application with an estimated 3 billion (Yes, billion!) users. Salesforce.com and Amazon.com are also players in the cloud. There are, however, dark clouds at times, often linked to security worries. This past spring, for example, Amazon was hit with service attacks that brought down some of its “in the cloud” clients.
Still, cloud services are available for enterprise security leaders in applications that can range from card access control and mass notification to security video and unique storage, forensics and retrieval needs.
Whatever you label it, there are common elements of existing and emerging services, which can provide technology and business benefits, according to Shayne Bates, chairman of the ASIS International Cloud Computing Workgroup. Conceived as a collaborative effort of two ASIS International Councils – the Information Technology Security Council and the Physical Security Council – the workgroup published a valuable document that “introduced cloud computing and software as a service to the security practitioner, particularly those who have an interest in, and responsibility for, physical and electronic security and the potential application of cloud computing in this environment,” says Bates.
“We saw value in how NIST (the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce) defines the characteristics,” adds Bates. He thumbnails five linked to security leaders and their business mission.
On-demand self-service.When providing infrastructure to security, IT can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction. Need more storage or processing for security video? It’s there, without any requests or help.
Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops and PDAs). For enterprise security leaders and their staff, access is universal and always there.
Resource pooling.Computing resources are pooled to serve a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Security is served individually but also as part of the entire enterprise. Examples of resources include storage, processing, memory, network bandwidth and virtual machines, all of which can relate to video surveillance and its information.
Rapid elasticity.Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To security, the capabilities available for provisioning often appear to be unlimited and can be purchased or assigned in any quantity at any time. This is important when security faces changes in its number of cameras or storage and retrieval needs, as examples.
Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth and active user accounts). Resource use can be monitored, controlled and reported providing transparency for both the provider and the security operation. Such a characteristic mirrors the growth of metrics impacting security more generally.
The business advantages of cloud computing, when it comes to physical security, are many and apparent.
Special Events and the Cloud
Earlier this year, the PGA Tour’s annual Valero Texas Open in San Antonio picked a hosted security video solution as part of its security and loss prevention solution. This was the first time that the tournament, a Golf San Antonio event, leveraged video surveillance to supplement on-site security staff. A network-based, hosted video system made it possible without disturbing the attendees, players or aesthetics of the course.
All spectators entered the golf course at the main ticketing gates and were funneled through the Valero Corner Store tent, which was monitored using the hosted video solution.
“In addition to providing a great entertainment experience for our spectators, we also had a fundamental goal to ensure that they have a safe experience while protecting the property that has been entrusted to us by our business partners,” says Tony Piazzi, president and chief executive officer, Golf San Antonio. “Navco’s hosted solution with Axis Communications cameras helped us achieve our goal.”
Navco installed cameras at potential areas of loss around the golf course, such as at the Valero Corner Store, as well as near the TPC Apparel Store, admissions booth, refreshment tent, golf cart parking lot and areas where large crowds are expected to gather. Additionally, since most personnel work late into the evening during the tournament, there was late night coverage over staff parking areas.
To install the cloud-based surveillance system, the integrator leveraged an Axis platform and one-click camera connection with the video storage cloud server. Eight cameras streamed live video to the integrator’s Videometrixs.com cloud portal, created to store hosted video as well as provide actionable intelligence for the end user’s business. At the Valero Texas Open, video was monitored by tournament personnel who had security access while recording of the system was set to motion detection.
What About Storage?
There are also focused on-site and hosted security video storage and retrieval solutions.
Which brings in the concept of virtualization. In computing, it is the creation of a virtual as opposed to an actual version of something, such as a hardware platform, operating system, a storage device or network resources.
There now are a number of solutions to simplify, consolidate and cost reduce today’s stack of servers, storage and networks. This is especially true when it comes to security video. Surveillance users are running up against hard power and cooling limitations as they record more cameras, introduce higher resolution cameras and lengthen video retention times. Simply adding conventional servers and storage means that power and cooling needs – in addition to the servers themselves – must grow linearly with camera requirements.
Welcome to virtual servers. One approach is to purchase and manage a physical storage area network or SAN, primarily used to make storage devices accessible to servers so that the devices appear as locally attached to the security operation’s operating system. A SAN typically has its own network of storage devices that are generally not accessible through the regular enterprise network by regular devices. The cost and complexity of SANs dropped in the early 2000s, allowing wider adoption across both enterprise and individual applications. For capacity-intensive markets such as security video, an alternative approach consists of familiar server appliances that deliver both local virtual server environments and an IP SAN that scales out across the appliances. The latter, of course, works and is accessible through the enterprise’s local or wide area network.
Storage virtualization refers to the process of completely abstracting logical storage from physical storage. The physical storage resources are aggregated into storage pools, from which the logical storage is created. It presents to the user a logical space for data storage and transparently handles the process of mapping it to the actual physical location.
While such approaches are growingly essential for enterprise security operations with high numbers of cameras, emerging technology can additionally handle smaller operations. For example, CloudBank standalone appliances from Pivot3 aim at small to medium business environments where cameras are frequently distributed.
Lee Caswell, the firm’s founder, likes to talk about the ABCs of security video. “That’s availability, bandwidth and capacity. When it comes to availability, if a component fails, you can still access the information. With bandwidth, with surveillance a cost center, you want the least expensive components. And with capacity, you want to scale up as seamlessly as possible.”
Caswell points out that, “With virtualization, there is coexistence and sharing of the same hardware” that may handle other business applications, too.
Some software as a service pioneers in the security arena, first offering access controls, now see value to taking a more integrated approach to include security video.
One example: OVR WebService (Online Video Recorder) from Brivo Systems combines its access control Web service with online video storage. “All an end user needs is a camera,” says the firm’s John Szczygiel, who sees numerous business benefits in the design. Video, access control and alarms have been linked for a long time. Now they can be Web-hosted. That creates universal, simplified access to information. There is scalability on demand and you can avoid certain capital expenses, he says.
And, when it comes to the security and continuity of software as a service and hosted applications, Szczygiel agrees with information security experts and research studies. “Check out how good data and security controls are and how they are audited. Track a provider’s record of high availability of service. Do they have multiple data centers, redundancy of data centers. Also view how hosted solutions work within the end user’s own IT infrastructure. Are there inbound holes in their firewalls?”
Most enterprises, most folks touch the cloud in one form or another, observes Matt Krebs, who is business development manager of hosted video at Axis Communications. He sees interest of hosted video in such situations as retail with smaller camera counts but with multiple locations and healthcare, where regulations dictate how video data is handled and stored. It is a cost effective solution. Ongoing maintenance is handled by the host, Krebs suggests.
Phil Atteberry, director of managed security services for Siemens Building Technologies, agrees. “You can manage security more effectively across the entire infrastructure without a lot of investment. Among the remote managed services can be remote guard tours, for instance. The concept plays well when it comes to total cost of ownership. And everyone may have a role to play, a buy-in that includes IT and physical security working together.”
The Tech Side of Virtual and the Cloud
There are new risks and challenges when it comes to driving security through software as a service and virtualization.
“Of course, it is a matter of how much resources are needed and the type of storage functionality,” says Ben Treiber of DataCore, a storage virtualization firm with emphasis on life-critical, high-availability nuclear power plants, among other applications. “There is an ability to combine software with commodity hardware,” comments Treiber, who sees essential elements that include:
For Bryan Peterson, the sweet spots are“virtualized storage, virtualized CPU and memory.” With the Utah Education Network, which provides the computing infrastructure for Utah’s public education system, he is associate director of technical services, enterprise systems and software development. “Our biggest win is when we first went with SAN and RAID and carved storage up in a virtual way.” RAID or Redundant Array of Independent Disks provides increased storage functions and reliability through redundancy, especially handy when storing and retrieving security video for forensics use. RAID, in computer data storage schemes that support security video, for instance, can divide and replicate data among multiple physical disk drives. The physical disks are said to be in a RAID array, which is accessed by the operating system as one single disk.
The approach is both cost effective and invisible to security.
When it comes to the cloud, it’s pay as you go that’s the charm, according to Eric Schwab of GFI Software, which specializes in e-mail and business solutions. And when it comes to the security of the approach, “you have to trust your outside vendors as you give up control to them. Know the data centers they use and their locations. As the Internet grows, security is an evolving mechanism.”
More U.S. Companies are Using Cloud Computing
Is use of the cloud catching on? Twenty eight percent of U.S. organizations are using cloud computing today, a recent CDW poll found, with most reporting (73 percent) that their first step into the cloud was implementation of a single cloud application.
While many organizations (84 percent) say they have already employed at least one cloud application, most do not yet identify themselves as cloud users who are implementing or maintaining cloud computing, the report says. CDW defines cloud computing as a model for enabling convenient, on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned.
Applications most commonly operated in the cloud are commodity applications such as email (50 percent of cloud users), file storage (39 percent), web and video conferencing (36 and 32 percent, respectively) and online learning (34 percent).
Respondents estimated that, on average, only 42 percent of their current services and applications have potential to operate in the cloud. Even the respondents who identified themselves as cloud users – currently implementing or maintaining cloud computing – said they expect to spend no more than one-third of their IT budget (34 percent) on cloud computing by 2016, and at the same time, to save 31 percent of their IT budget by using cloud resources and applications. Non-cloud users said they expect to spend slightly more than one-quarter of their IT budget (28 percent) on cloud computing by 2016, and to save 23 percent by using cloud computing resources and applications.
Among current cloud users, 84 percent said they cut application costs by moving to the cloud. On average, cloud users report saving 21 percent annually on those applications moved to the cloud.