Monitoring the security of mobile video

5 keys to a rewarding experience


Mobile video is providing opportunities to use surveillance in new ways and is seeing exceptional marketplace adoption from a whole new group of users. Mobility is fundamentally changing how customers interact with their video systems. It is extending back-room systems into the hands of a new user and those users are inventing ways to use video for both security and business operations. With a relatively small investment, the existing video infrastructure can be put into more hands, driving even larger returns on investment. Mobile technology is an exciting enabler but implementations need to be approached with these five key essentials in mind.

1. Know your users

Before implementation or specification, be sure to ask the user these questions:

- Is the mobile system going to support an existing security team or a broader base?
- What is the expected usage pattern?
- Will the video be used for brief periods or extended operations?
- How is mobility going into the current daily workflow?

Use the answers to model the data needs of the existing infrastructure. Mobility itself doesn't require more data, but when adding lots of new users to the video system, you need to ensure the infrastructure can handle it.

2. Secure the infrastructure

Mobility typically implies both 'in facility' access and external access 'from anywhere. Different organizations secure their network in a variety of ways:

- Internal access through WiFi-These networks should be set to use a minimum of WPA2 encryption and authentication-lower security standards are vulnerable. When connecting devices to WiFi, consider the use of MAC address locks to limit allowed devices.
- DMZ-Remote access requires allowing connections that fit the organization's security policies. Many organizations allow connections into a DMZ portion of the network where outside users can connect to a video server (whether it resides in the DMZ or deeper in the network). This option works if the mobile video solution includes encrypted connectivity capabilities.
- VPN-Other organizations connect using a VPN to create an encrypted tunnel from the mobile device to the infrastructure. Most mobile devices provide built-in VPN functionality. Because of the additional encryption overhead,

VPNs also typically add latency to the video connection (anywhere from a hundred milliseconds to seconds). If the application needs real-time video with little latency, this may require additional thinking. The mobile devices also need to be secured. A first step is enforcing a PIN/password policy for access to anything on the device. Also set the device to erase itself if the PIN entry fails a number of times. The second step is using device management technologies to allow remote configuration or wiping of compromised devices. Finally, make sure your mobile video solution encrypts anything it stores and allows remote administration of the video assets that the user can access.

3. Make it easy on the user

Mobile users gravitate toward simple and quick applications. Mobility is about targeted access to information, not simply replicating a desktop. Mobile video applications need to provide quick switching between video assets. Additionally, the mechanism for securely connecting needs to be easy. Entering cumbersome VPN credentials every time you view a camera may be more secure, but may result in fewer users actually using the system.

4. Monitor and tune the network

The wireless pipe should be monitored in the same method the wired network is handled. Network monitoring tools or simply using a network switch allowing the tracking of the amount of data flowing through specific switch ports is critical. Using this to monitor the Internet side of the infrastructure and the network on which the video server(s) and other key elements reside can provide critical insights, especially as usage grows and additional resources need to be provisioned. Pay special attention to the Internet link data usage as many organizations haven't planned for additional external data growth.

This content continues onto the next page...