A Roadmap to an Enterprise-Wide Security Solution

A small retail business has successfully found a niche market in today’s economy and is expanding from its single site to several new stores in different cities. Company officials still want to monitor security from one central location. The challenge is going from one location to four locations while still maintaining a quality level of monitoring.
A medium-sized manufacturer with two plants, several warehouses, fleet centers and other facilities based across two states, has long had a successful analog-based security system. Yet, the cameras are failing, and managers want to upgrade and future-proof the system without exceeding the security budget.
These are just two of many examples of organizations that are expanding or upgrading a security system with an interest in using a computer network to accomplish their goals. It will mean learning a new vocabulary and skill set. It will require choosing new equipment. It will involve bringing other employees into the effort. It will likely call for qualified and experienced outside help to design and install the solution.
For those looking to make the move to network-based systems, here is a beginning roadmap to enterprise security.

Dealing with IT
I have been involved in helping create enterprise solutions for customers as far back as 2000. One of the key goals with an enterprise solution is to have the ability to integrate multiple facilities at different locations with one platform that can create operational efficiencies and maximize the overall investment — whether it is strictly access, strictly video or a combination of both.
In every case, there will be a requirement to get the information technology people involved. Enterprise solutions will touch the corporate network, and IT will play an important role in making a new security system work effectively.
Some may say that IT professionals are not knowledgeable about security needs and will just get in the way of a security director or an integrator; however, IT does play an important role in a successful installation. The fact is, security professionals need the knowledge of the IT professionals to successfully implement the latest technologies. Building mutual respect is key to a successful working relationship. The more astute the security professional is about how the IT community works and how we need to communicate with them, the quicker we will get their buy-in and the more successful we will be.
The most common issue in dealing with IT is network bandwidth. All networks have finite space to move data, so the allocation of bandwidth and the impact security devices will have on the network is one of the first issues to be resolved. Sometimes it may be as basic as convincing IT that security systems are important enough to be on the network.
Another issue can be the firewall that helps protect the network. How will security devices affect the firewall while maintaining the level of network security required by IT?
Video and Bandwidth Issues
Video will, by far, place more demands on the network than any other data that might be sent from other security systems such as access control or intrusion devices. One way we can limit video bandwidth needs is to record on the edge — that is at the camera — and only transmit during alarm situations. That way, static information such as video of a doorway that never opens is not recorded.
Video analytics that use complicated algorithms to review video and create alarms when pre-defined rules (such as a door opening) are violated can be a big factor in managing bandwidth needs. Again, video is only transmitted across the network during an event-driven situation.
Your IT department may be comfortable creating a virtual local area network (VLAN). This is a segment of the network that is allocated specifically for security. It enables security to know exactly what it has to work with and gives IT the comfort of knowing security will not get outside of its boundaries, creating a negative impact on the network.
Making use of recording on the edge, analytics and a VLAN are three significant ways security professionals can work harmoniously with IT professionals on the transmission of video.
Also, event-driven information does not have to come from video analytics. It may be an alarm created by a motion detector, a glass break or door contact. Even in these cases, video is only moved over the network when someone needs to pay attention to an event.
Access control also requires network bandwidth. The needs are far less than those of video and it may be possible in some cases to tie security department needs with other corporate organizations. For example, linking human resources’ hiring and termination processes to identification badging can result in the immediate addition or subtraction of employees from the access system. This limits excess information in the databases and makes for a more effective and efficient enterprise solution.

Locate a Systems Integrator
Before embarking on a network-based security system, it is important for a company to decide who will coordinate the application of systems. Most organizations do not have the capability in-house to plan and install an enterprise solution. That leaves two major options — employing the services of a security consultant or a systems integrator.
There are many good consultants that can lead a customer in the right direction and provide valuable information such as design considerations. However, any enterprise solution will ultimately require the services of a systems integrator. Selecting an integrator with the proven experience and skilled staff to create and install an enterprise system will alleviate the need and added expense for a consultant.
When selecting an integrator, look for one that has staff with certifications from Cisco, Microsoft and other leading network hardware and software providers. The integrator should have account references that are employing enterprise solutions. These customers are usually willing to talk to you about the work that was done and the processes they went through to complete the job.
Once there is a team in place, communication becomes vital. Security departments and integrators understand the necessary components of a successful enterprise system. At the same time, the IT department understands the components of a successful enterprise solution as it works over the network, resulting in all departments working together to achieve the same goal.
You need to let each party tackle its areas of expertise and come together with one common solution. You cannot have a successful solution without having both parties involved and in agreement.

Devices and Legacy Systems
When it comes to devices, there is not necessarily a major difference between an enterprise solution as compared to a stand-alone application. Video, access, intrusion, fire and other high-end devices such as biometrics can be found in either setting. It all depends on whether information is being funneled into a security operations center from one site or multiple sites.
Generally speaking, devices from various manufacturers can all work well — if set up properly — on the network. Open architecture, which is widely favored by IT departments, is coming to the security industry. Some of the barriers that we had before with the inability of some devices to communicate between multiple systems or platforms are diminishing. This allows for a wider choice of options that are compatible in the network solution.
While there are still some proprietary systems on the market, more and more manufacturers are willing to release their software development kits (SDKs) to other companies. This makes it possible for devices from various manufacturers to work well together.
One of the biggest barriers to an enterprise solution is the number of disparate systems an end-user may have installed at various sites throughout its operation. Most often, a customer looking to install an enterprise solution is not starting from scratch.
One of the key challenges is making it all work without just uprooting everything and starting over. There may have been millions of dollars spent on the current legacy system. An integrator brings great value to their customer when they find ways to reuse as much of the existing infrastructure as possible.
Many times, the key is selecting the software platform that can accommodate or communicate with the majority of the systems already in place. We need to do our due diligence and complete a full inventory of what exists. Unfortunately, we can’t always use 100 percent of what is there, but we can work toward using as much as possible.
Much of the older analog systems can still fit into an enterprise solution. With the addition of an encoder, analog video can communicate over a network-based solution. We may not get the quality we would expect from an IP camera, but they can work acceptably. Furthermore, when that analog camera finally fails, it can be replaced with an IP camera without wasting any of the infrastructure that has been built around it.
Most end-users cannot afford to totally remove legacy systems. The prudent thing to do is to maximize the investment by developing the necessary infrastructure to support an enterprise solution. This is the best way to affordably improve the system and then future-proof it by designing it to accept the most up-to-date technologies.
This is hardly the full extent of what is required to develop an enterprise-wide security solution. Nevertheless, it should provide some ideas of where to begin and what to expect throughout the process.
As you begin to think about an enterprise solution, make sure that all parties involved in the process are heard. Keep the C-level executives updated. In the end, it will be worth the time and effort.

Christopher Wetzel, executive vice president and founder of Warrendale, Pa.-based InterTECH Security, has more than 25 years of experience in the electronic security field and is recognized for his comprehensive knowledge of available security technology. InterTECH is also a member of SecurityNet, an international organization of independent system integrators providing a single contact for electronic security needs.


Case In Point – (sidebar)

Carolinas Medical Center

Carolinas Medical Center­ – NorthEast is a 457-bed medical center that services the residents of multiple counties. It is a part of Carolinas Healthcare System, the third largest non-profit, public system in the nation.

Those who mange today’s healthcare facilities and campuses all emphasize the importance of safety for their patients, visitors and staff; yet, getting the top priority for security improvements within a hospital’s budget proves to be a difficult task. Security directors and facility and maintenance managers must look to systems integrators, who understand the particular needs of healthcare facilities, to partner in developing a technology plan that will continue to evolve as the hospital’s needs do. 
CMC-NorthEast’s previous security technologies were comprised of disparate systems, multiple databases, a control room with 25-30 screens, and several cameras and recording systems that had exceeded their useful life. The security department did not have the ability to monitor security systems when outside the control room. To add to the challenge, the campus has grown to more than 63 acres, with several departments now residing in different buildings. The need for increased visibility into the systems and the integration of disparate systems quickly became critical for the overall safety and security of the patients, staff and visitors of the hospital.
CMC-Northeast turned to Johnson Controls to assist with the development and implementation of a campus-wide security plan. The first step in this planning process was to conduct an idea session with all the key hospital stakeholders, which resulted in identification of all of CMC-NorthEast’s security needs and a prioritization method for further refining the overall security plan. The facility needed a centralized control room and consolidation of security management systems, video surveillance monitors and databases. It also required an event management system that communicated with critical security systems. Several disciplines with the organization had also voiced specific needs for dual credentialing in the pharmacy and remote access to the personnel database for on-boarding and vacating of employees through the human resources department.
The integrator truly became a consultant in terms of evaluating and recommending technology and addressing the integration needs to develop the “best practice” procedures that exist today at the hospital. The new security system technology and methods compliment the healthcare system, and met their needs and ultimately the overall mission of the organization. The continued return on investment has brought security to the forefront during board meetings and has certainly changed the administrations’ views about where security falls within the priority of their organization.
The Johnson Controls P2000 security management system serves as the primary integration platform for CMC-Northeast’s security systems. It is also a key component in the infrastructure of the campuses access control and event management system. Middleware applications have been woven into the system, which include the badge system, infant abduction system and PIN system for pharmacy staff. The system contains all the data for running security compliance reports and is accessible through three specific locations within the campus.
Recorders and cameras from Pelco were integrated into the system, and video coverage of the facility was increased through improved camera layout and maintenance along with the addition of cameras, where needed, across the campus. The integrator installed technologies with open systems which allowed the video to be standardized on one single platform, networked without adding cabling costs. The networked surveillance system enables hospital staff to view hallways and stairwells that were not previously viewable, as well as provide access to surveillance video from remote locations such as nursing stations.