|Whether access control or security video in the cloud applications, commonality is a Web-based platform.|
Security, at least its electronic brothers and sisters, has been in the cloud since the beginning.
Cloud computing is today’s solution for everything from email and office applications to storage. Cloud computing is really use of resources (hardware and software) delivered as a service over a network, nowadays typically the Internet. The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure. Cloud computing entrusts remote services with a user’s data, software and computation.
Enterprise security executives may not have to know exactly what is going on in the cloud, just that their needs are being met, that the mission is being addressed and that it's secure. It’s rental, not buying.
So flip back to the initial introduction in the dinosaur days of burglar alarm monitoring for stores, offices and schools when they “rented” the monitoring of alarms from security firms far away in those first clouds.
Then flip to today with myriad cloud applications aimed at physical security, information security and general IT needs. Among the choices:
• Infrastructure as a service (IaaS)
• Platform as a service (PaaS)
• Software as a service (SaaS)
• Storage as a service (STaaS)
• Security as a service (SECaaS)
• Access control as a service (ACaaS)
• Video surveillance as a service (VSaaS)
• Mass notification as a service (MNaaS)
• Data as a service (DaaS)
• Test environment as a service (TEaaS)
• Desktop as a service (DaaS)
• API as a service (APIaaS)
• Backend as a service (Baas)
What has helped accelerate the cloud for enterprise security is the appeal of mobile access outside of the traditional control center through laptops, smartphones and tablets, especially for security video and clips of alarms and incidents.
So what are the best in the cloud application? Basically, what works for you.
Types of Clouds
But first, it’s important to realize the differences among the clouds as well as the potential dangers to avoid. There are four types of cloud applications.
Public cloud applications, storage and other resources are made available to the general public by a service provider. These services are free or offered on a pay-per-use model. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer access only via Internet.
Community cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. Costs are leveraged over fewer users than a public cloud, so only some of the savings are achieved.
Private cloud is infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the security or business environment, and requires the organization to reevaluate decisions about existing resources.
Hybrid cloud is a composition of two or more clouds (private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models. By using “hybrid cloud” architecture, companies are able to obtain degrees of fault tolerance combined with locally immediate usability without dependency on Internet connectivity. Hybrid cloud architecture requires both on-premises resources and off-site server-based cloud infrastructure.
No matter the type of cloud, when it is done right, it can have a positive impact. But every one of the steps in the project raises security, compliance and privacy issues, as examples, that must be addressed in order to avoid serious vulnerabilities.
Databases and Video Storage
Specific to security, the best in-the-cloud applications center on databases, monitoring and storage. Electronic access control for doors and entry into a network are natural fits. Whether a single door or multiple geographically dispersed facilities, access control in the cloud manages employee and visitor databases, using secure Web-hosted infrastructure and centralized online administration to reduce IT costs and allow security to more easily manage access points from a single location that can also be mobile.
When it comes to mass notification, an application embraced by schools, colleges and hazardous workplaces but spreading beyond, it is a natural in-the-cloud application where often, the enterprise uses a Web browser to enter and make changes to a database, manages how to contact people and encourages people to opt-into the system through the Web. Such systems then make calls, send emails and text messages related to incidents and emergencies.
With security video, one type of in-the-cloud application concentrates on storage and retrieval. It makes business sense what with the large amounts of data from video and growth thanks to more cameras and megapixel cameras. The challenge here is transmission and the cost of transmission. And sometimes the answer is local storage, in the camera, with digital and network video recorders, and uploading images, often the saved or tagged images, during off-hours.
For retail and some other enterprises, security video in the cloud goes to third parties for business analytics – traffic patterns, heat mapping and shopper demographics, as examples.
Turning over security video monitoring to the cloud, however, is a decidedly different story. If cloud-powered surveillance was simple, everyone would be doing it.
The fact is that one challenge prevents rapid adoption, and the good news is that it can be conquered, according to sources such as Smartvue. The main obstacle to cloud surveillance is the “B” word – bandwidth. Think of it as two pipes running from your security operation to the Internet. The water in the pipe is data. One pipe is download (how fast can you get “water” from the Internet to your security operation); and the other is the upload pipe (how fast you can get “water” from security to the Internet). The bigger the pipe (bandwidth), the more water (data) you can pass through it. Video surveillance requires massive amounts of “water” to go through the upload pipe to get to the Internet. Upload bandwidth is very expensive, more expensive than download bandwidth. How big is big video? One security operation with five HD cameras needs an upload speed of about 10Mbps for real-time, online cloud video recording. In comparison, credit card transactions are running at a maximum of about 2.4Kbps. Video can be 4,000 times bigger than that or more.
Beyond Video Verification
So it is not surprising that traditional alarm monitoring continues and some of these central stations have added video verification, usually video clips, to meet local ordinances, for example. A more limited number of in-the-cloud firms, however, offer video-only central station services.
No matter the application – access control, mass notification or security video – many are jumping on the in-the-cloud bandwagon.
In one example, Georgia Tech University campus buildings were once controlled by proprietary door hardware, which locked its police department (GTPD) into an inefficient physical access control system supported by a single regional vendor. The existing software-based approach required building managers to assign access control privileges from a specific workstation, with limited Web browser support.
GTPD deployed RedCloud Virtual to leverage its virtual IT infrastructure, reduce system maintenance and simplify facility access management. GTPD identified a cost-effective, Web-based access control platform that could run in its virtual server environment. It has migrated its IT infrastructure to a secure, private cloud environment. GTPD further leveraged support for open, non-proprietary door hardware to future-proof its investment and regain control of its access control system.
When it comes to examples of hosted video, an end user excavation company upgraded its analog-based video surveillance system to a hosted video service, thanks in part to Honeywell and LowV Systems. Several benefits were recognized with the new system, such as being able to access video from any Internet connected device, lower upgrade costs by using existing analog cameras and add IP cameras, as needed. The excavation company is using the hosted-video surveillance system to monitor its heavy equipment yard and fuel tank.
A kind of in-the-cloud application is developing through the shift of access control from cards to smartphones.
Mobility Wins Out
For instance, HID Global’s readers replaced proximity readers at selected locations in Netflix facilities, and pilot participants at each company were given handsets that were equipped with NFC capabilities and digital keys, so they could securely store and emulate user credentials and open doors by presenting the handsets to the readers.
Pilot participants highlighted improved security among the many benefits of using smartphones to open doors. “I love the idea of mutually authenticated reader-badges – it reduces the threat of badge skimming and replay attacks,” says Bill Burns, director, Netflix IT networking and security. He adds that technically, the physical security is better because it requires that a person know the phone can be used as a key, know the passcode to get into the phone and know how to activate the key.
The pilot proved that using both a layered security approach and smartphones to provide secure physical access to buildings is a great way to meet their goals of adding security without complexity.
Netflix has traditionally used keyfobs for access control, and wanted to evaluate the benefits of provisioning digital keys over-the-air to its staff’s smartphones to further streamline the new-employee on-boarding process. The company also believed that digital keys could be a valuable addition to smartphones in its bring-your-own-device or what is called BYOD mobility environment. By the time the pilot was launched, almost half of the participants were already socializing the mobile access experience by using proximity tags affixed to the back of their current phones to open doors. The pilot was intended to test the concept of a true mobile access experience with over-the-air provisioning capability that also delivered improved user convenience and security.
From Analog to VSaaS
For smaller installations or remote facilities of larger enterprises, using a server-based video management system can be a costly solution, especially during a time of transition from analog to IP-based security video.
So it is not surprising that Steve Olson, franchise owner of the West Des Moines, Iowa, Plato’s Closet, part of the popular consignment store chain, has gone to great lengths to ensure the security of his 7,000 square feet of retail space, including migration to IP video and a move to Video Surveillance as a Service (VSaaS).
“We decided to invest quite a bit of money in the security system,” Olson says. “We wanted to be aggressive against theft and work jointly with law enforcement to stop shoplifting and vandalism.” Local integrator ICS Advanced Technologies suggested a gradual transition to IP video as the logical and affordable way to an eventual top-of-the-line video surveillance system.
In addition, ICS had another solution: VSaaS by leveraging a video management system from Salient Systems and a local network-attached storage device as redundant backup. Olson says that he appreciates the response that VSaaS offers because he isn’t always at the store but is able to view into the facility from a home computer. The IP video resolution also system allows the Olson to pinpoint shoplifters and turn them over to law enforcement and focus on shoppers who try and switch price tags from one item to another.
The software makes the entire difference in how the security model is planned and implemented. The streaming video defaults to their server with a remote backup. Olson has the ability to control his own video, and if there is an upgrade to the software, it is always kept up to date.
This article was previously published in the print edition as "Best in the Cloud? Use Business Sense."