No doubt, too many choices can lead to confusion. Still, and obviously, the ubiquitous Web and mobile devices, to a lesser extent, have spurred hosted and managed services, remote intelligent monitoring, software-as-a-service and in-the-cloud solutions that impact access control, security video, mass notification and even security guarding.
Such approaches continue to be more attractive and even fashionable, in a business-centric way.
Brian David, security manager for The Jones Group, a designer, marketer and wholesaler of branded apparel, footwear and accessories, knows. He chose a software-as-a-service access control approach “because we wanted a remote, Web-based system that would enable us to control multiple locations at once. One of our goals is to unite all of our brands by creating a strong and secure global badge, a consistent form of identification throughout the company. Unlike a proprietary system, the technology in a Web-based system allows us to minimize the number of personnel we need devoted to security, and in turn enables us to be a more efficient and secure company.”
David cut through the confusion to pick what he needed.
It is not an easy task.
For Eric Zurawski of Insurance Auto Auctions (IAA), headquartered in Westchester, Ill., it is more an evolution then a big leap. He says that his firm was “using live security video monitoring about two years ago” but has moved to more intelligent cameras with software analytics to protect 24 locations across the nation. The approach is more efficient and “better at recognizing people and vehicles” when compared to people looking at monitor screens.
Remote Monitoring Services
Zurawski also uses Viewpoint CRM, a video monitoring service. Using video analytic technology, Viewpoint’s remote monitoring center staff responds to the video surveillance system alarms in real-time. With IP video, “I also have the ability to look into video from my laptop or even my smartphone with an app,” Zurawski says. In addition, “almost all of our cameras are outdoors. And with some of them, legacy analog cameras, we have added encoders, too.”
In this new world, however, everything is not as cut and dried.
There are hosted security services – taking information from an enterprise site such as alarms, card access, video or a combination and taking some type of action including audit trails and video recording.
There are managed security services – the day-to-day monitoring and interpretation of important system events.
And there is software-as-a-service – software and its associated data that are hosted centrally (typically in the cloud) and typically accessed by users using a Web browser over the Internet.
They have their commonalities and their differences, based on return on investment, corporate culture, staffing, legacy technologies, number of facilities and, yes, security needs. In the old, old days – you know, 20 years ago – the concept was called outsourcing. But, with the Internet, Web browsers, tight budgets and the growing influence of IT’s love-it-hate-it concepts, there is that perceptible shift from do it yourself to pay someone else to do at least some of it.
A Win-Win Situation
The shift provides more choices for enterprise security leaders. But the shift also creates enlarging and new ways integrators and others can create a closer relationship and revenue streams, too. Not a bad deal for some. At The Jones Group, for instance, Protection 1 and Peace of Mind Security have both provided integration and installation expertise on this on-going project. And Jones will soon begin integrating video surveillance into its Brivo system.
But it all makes business sense for David. Installation of the technology has resulted in substantial savings and has given The Jones Group the ability to run multiple reports to view all activity in the company’s facilities and look for patterns that may suggest something is amiss. The staff also uses the system’s alert feature to notify them about temperature fluctuations, power failures and other critical events for which they want immediate information.
It is the same story specific to security guarding provided by firms such as VirSec Virtual Security and integrator Convergint Technologies, which works with it. For enterprise security executives frustrated by the high cost of security staffing, a virtual security officer is a solution. Virtual patrols, escorts and interventions make a VirSec officer an option for everything from critical infrastructure to vacant real estate. Security magazine has a free Webinar on the topic at www.securitymagazine.com and by clicking Events and then Webinars.
Need for More Robust Solutions
Security needs for small to medium size organizations have moved into the cloud due to lack of resources and capital funds. “However, the challenging questions are typically not from the small to medium size companies, but from the large enterprise class companies struggling with if and how SaaS solutions can help them,” says Phil Atteberry, director of managed security services with Siemens Building Technologies. “The answer is a more robust solution than just SaaS alone. It should be combined with managed services such as remote access management and remote video monitoring services. Through this combination of hosted and managed services, enterprises can reduce their upfront capital costs and further reduce their total cost of ownership of the solution by reducing their IT and security spend over time.”
Moving into the cloud demands more inspection beyond working with an integrator, though.
Security or an integrator may use a managed service provider (MSP). MSPs are service providers that remotely manage and monitor portions of a client’s infrastructure, says Siobhan Byron, president, Forsythe Technology Canada, and vice president, managed services. “A company can hand over the maintenance of their devices or appliances without compromising their people or policies. Engaging an MSP is a fairly affordable and easy way for a company to operate more efficiently. Outsourcing lost some popularity after the 1990s because many companies felt they lost control and outsourced too much of the business operations, but today selective sourcing is a growing trend. Businesses can engage an MSP as a partner who can work as an extension of their in-house team. The MSP manages parts of their technology environment, while the necessary business functions and policies are still managed in-house.”
Managed Service Providers
When considering working with an MSP, according to Byron, there are a few things to keep in mind. Among them:
• Research the provider. Understand the vendor’s strengths and weaknesses and select a provider that’s a good culture fit. When establishing a long-term relationship, find a comfort level with a partner that offers good communication, so that they act as an extension of the in-house team.
• Think about location. The physical location of the MSP can be a factor for some organizations.
• Consider the capabilities of the MSP. Look at the provider’s overall capabilities. For instance, what are their on-site consulting capabilities? What types of tools and processes do they have in place to ensure quick diagnoses and remedy? What is the full value the partnership can bring now and in the future?
• Define policy ownership. Consider the policy ownership model the provider uses. Can your business maintain ownership and decision-making responsibilities for policies or does the MSP dictate?
At the heart of many cloud services is a data center, in which its own security and business continuity play a significant role.
Matt Krebs, business develoment manager for hosted video at Axis Communications, with a software platform for creating a service provider-specific portal to manage video monitoring services over the Internet, has some solid advice. When evaluating providers, “beware of so-called benchmarks. A Tier 2 data center is the minimum you should look for.” Tier 1 to 4 data center ratings are nothing but a standardized methodology used to define uptime of data center. This is useful for measuring:
• Data center performance
Tier 4 data centers are considered as the most robust and less prone to failures. Tier 4 is designed to host mission critical servers and computer systems, with fully redundant subsystems (cooling, power, network links, storage etc.) and compartmentalized security zones controlled by biometric access controls methods. Naturally, the simplest is a Tier 1 data center used by small businesses.
• Tier 1 = Non-redundant capacity components (single uplink and servers)
• Tier 2 = Tier 1 + Redundant capacity components
• Tier 3 = Tier 1 + Tier 2 + Dual-powered equipment and multiple uplinks
• Tier 4 = Tier 1 + Tier 2 + Tier 3 + all components are fully fault-tolerant including uplinks, storage, chillers, HVAC systems, servers, etc: Everything is dual-powered.
No matter hosted to managed, no matter the service provider, when some go up in the cloud, “many are flying blind,” contends Antonio Piranio, chief technology officer at ScienceLogic, which simplifies data center and cloud management for service providers. Often, “cloud services are what the enterprise wants them to be. And people define vulnerability by what it matters to them.”