These days, physical security is blending with IT in ways never before thought possible. Corporate computer networks, once strictly the bastion of IT departments, now play host to a wide variety of security functions.
While IP-based equipment can lead to security improvements, this brave new world also requires the cooperation of two often very different areas of an organization: the security department and the IT department. Several longtime security integrators were asked to discuss the best approaches for the physical security department planning a jump onto the corporate network.
The Ground Rules
First of all, the two departments need to establish an atmosphere of trust and mutual respect in order to work well together. When initiating a project to place security functions on the corporate network, the security department can get off to a good start with IT by showing early on that they understand IT issues.
“You have to prove your competence,” said Jim Coleman, president of Atlanta-based Operational Security Systems Inc., who has more than 30 years of experience as a security integrator. “You have to show that you are comfortable and knowledgeable in working with IT technology and networks.”
This could be difficult for some security department staff members who may come from a law enforcement rather than a technical background, and who may not have a high level of networking knowledge and experience. That's where a highly skilled security systems integrator can be a true asset. The integrator can supply both the technical knowledge and security expertise needed to ensure that everyone is on the same page.
“Once (the IT staffers) know your team knows how to ‘play' in their space—in other words, that you know what you're talking about regarding networking issues—then things go a lot smoother,” Coleman said.
Brad Wilson, a longtime security integrator and president of RFI Communications & Security Systems in San Jose , agreed. “The first concern (IT staffers) have is, ‘Who are you? What do you know about networks? What do you want to put on my network?'”
Wilson noted their suspicion is not surprising considering all the various functions—from enterprise applications to IP-addressable video—competing these days for space on a company's network. “It's like you've got this multi-lane freeway, and who gets the commuter lane?” he said.
IT departments are understandably cautious because they are responsible for keeping the network running smoothly. “They want to make sure your equipment will adapt well to their environment,” Wilson said. “If you can show early on that you understand their environment and are sensitive to their concerns, you can put the IT people at ease. This will make for more productive meetings from the beginning because you've established credibility.”
Bill Savage, a seasoned integrator and president of Security Control Systems, emphasized the consequences of neglecting to lay down a foundation of credibility at the start. “I think we have all had experience with what happens when the IT department doesn't buy into the project,” he said. “The IT department can place so many different hurdles that must be overcome that it can stand in the way of the effectiveness of the system. On the other hand, if you have your facts and figures (bandwidth requirements, data and network security provisions, etc.) covered, the IT team can help make the project an efficient success.”
Another thing to consider when approaching IT is having certified professionals on the security team. There are numerous industry-recognized credentials that help to demonstrate knowledge. Among these are Microsoft Certified Professional, Microsoft Certified Systems Engineer and Cisco Certified Network Administrator. Other certifications, such as Certified Protection Professional and Physical Security Professional, awarded by industry associations, also help to demonstrate competency. A four-year degree in computer engineering or a related field also says something about ability.
Getting Down to Bandwidth
While establishing credibility is an important first step, the next thing on the table will be bandwidth requirements. How much network space does the security application need? That's almost always the primary concern for IT folks, since they must ensure they have enough space on the network to run mission-critical systems along with various support functions.
Transmitting surveillance video over the company network or Internet, for instance, requires a significant amount of bandwidth. Despite this drawback, many companies are anxious to use this technology because of its advantages over analog systems. One of the most tantalizing is the ability to monitor the video remotely. How can security use IP video without bogging down the corporate network?
One alternative just beginning to surface, according to integrators, is the creation of standalone IP networks that are just for security. “This is where you use the same kind of equipment, same standards of wiring, same kind of wiring, but you don't use (the regular corporate network) bandwidth,” said Coleman. “You provide a parallel network that is isolated from enterprise computing functions.
“Lots of times the IT folks already have spare wiring, and it's just a matter of having separate routers and separate switches. Other times, the security integrator puts in the separate system that just takes care of the needs of security, and IT doesn't concern itself with it, although that's probably less often.”
While separate pipelines are starting to turn up for physical security functions, many times getting adequate network space comes down to the fine art of negotiation.
“Sometimes it's just a process of education, where you assuage anxieties,” Coleman said.
Wilson added, “You tell them all the space requirements. You look at ways you can avoid stepping on each other's needs. For instance, you can consider things like sending out smaller packets of data (for IP video) during peak activity periods. Then if you really need to pull out more data, those things can happen during lower network activity periods. It's those kinds of negotiations that will help everyone come to agreement.”
Voice Over Internet Protocol
To help reduce operational costs, companies are beginning to adopt Voice over Internet Protocol, which runs data and voice transmissions on the same network. In the security industry, this tool is still in its infancy, but it's beginning to generate some interest because of its usefulness in various security situations.
“It really makes sense as a natural progression,” Wilson said. “People start out wanting to put in a secure portal—a card reader or access control point. Then, they think, ‘Wow, wouldn't it be nice if I could see who's coming, rather than just identifying people through an access card number?' That's the stage that you get into video surveillance. The next iteration would be audio. That way they can communicate with someone who's trying to access the building. The security person could be on the west coast, allowing after-hours access through voice interaction with someone on the east coast or halfway around the world. By having audio on an IP platform, it becomes a much wider, broader application.”
Whether VolP will become widespread in the security industry remains to be seen. “It's still pretty early in the game, just a few manufacturers are putting it out there,” Wilson said.
In terms of IT department concerns, voice transmission has lower bandwidth requirements than video. “That means there is less push back from IT on voice over IP,” Coleman said.
The Bottom Line
IP-based security products are gaining popularity, greatly increasing the possibility that many security departments will find their technologies riding the network. If you need outside assistance, find a highly qualified security integrator in your area. They can be invaluable in supplying both the technical knowledge and security expertise to make the project successful. In selecting an integrator, look for one with plenty of high-tech talent on their team and also a history of handling IT and physical security convergence projects. Finding a highly skilled integrator can help to ensure that the concerns of the security team are balanced with the concerns of the IT department.
Chris Wetzel, co-founder and chief operating officer of Warrendale, PA-based InterTECH Security, has 20 years of experience in the electronic security field. He has unique experience designing systems for large public venues, such as stadiums, business centers, university campuses, zoos, airports, retail complexes and laboratories. InterTECH Security is a member of SecurityNet, a network of 22 domestic and overseas leading independent systems integrators offering clients a single, responsible source for meeting all electronic security needs.