Recently, a friend of mine from the IT world expressed his bafflement that physical security practitioners would tolerate the possibility of loss of video due to DVR hard drive failure — especially since RAID data protection (see Wikipedia article on RAID — Redundant Array of Independent Disks) is more than a decade old.
“They call it a ‘DATA center,’” he said, “because safeguarding corporate data, and assuring its availability, is mission-critical. Video data is critical data, so why don’t security managers simply follow their company’s standard practices for critical data?”
That’s a good question. One reason is that previous security video recording products have not followed IT standards or practices. DVRs were developed as replacements for VCRs, and were not designed or intended to fulfill data center requirements. That’s just the history of it — a history that is not generally known by IT folks.
What was interesting in the conversation is that my friend had uttered the word DATA as if simply speaking the “magical word” was somehow the answer to the situation. That’s no surprise, because in the IT world, data infrastructure is a respected discipline. The term data infrastructure refers to shared networked storage systems that safeguard the data, ensure that it is available as needed and facilitate management of the shared storage resources. At the end of the day, data remains a core critical asset. And as the organization’s information needs grow, a sound data infrastructure supports that growth without needing to rip and replace storage systems. (There is an excellent 4-page white paper by the Uptime Institute defining what constitutes a “reliable data center”. You can see where your own security systems rate within the clearly defined scale provided. Download location: http://www.datacenterdynamics.com/Media/DocumentLibrary/Tier_Classification.pdf)
This discussion reminded me of a question I had received by e-mail:
Q:What will it take to get physical security folks to “see the light” about DATA?
My initial response was another question, “Which security folks are we talking about?” Other questions followed: “Which data should they be concerned about?” and “What’s the difference between PSIM (Physical Security Information Management) and data management?”
DATA is an abstract term, initially used by the people who design and maintain the systems that hold or transmit the information. They don’t deal with the information itself. Data, from their perspective, is bits and bytes needing storage capacity and network bandwidth. It’s an abstract term at the systems level of thinking. Data management is what a good storage system allows you to do. Information management is what a good information system allows you to do — and that’s where PSIM comes in.
At the security operations level, it’s not DATA— it is EVIDENCE, INTEL or ACTIVITY. It is INFORMATION. Video systems capture accidents, incidents, people, vehicles and objects. Recorded video must answer the question, “What happened?” If it can’t answer that question, it is of no value. Ask the security practitioner whose video system did not capture a critical incident, or whose recorded video doesn’t clearly reveal what has occurred. You can’t use or manage information that you don’t have.
Providing robust (i.e. fault-tolerant), high-performance data infrastructure is how you guarantee that critical video data is available when you need it. In the future, perhaps all security data will safely reside in an IT data center environment. Until that day, there is every reason to establish data center quality data infrastructure not just for video data, but also for access control and other security systems data. The more advanced PSIM applications become, the more important the data infrastructure is.
Another key point is that the design of IT data infrastructure not only provides the reliability and performance needed for critical data applications, it provides it affordably. In today’s economic environment, that’s an important issue. As security risks escalate, the importance of the security system data increases. Yet, most video systems today are recording at lower frame rates and resolutions than the cameras provide. Additionally, general surveys of practitioners tend to indicate that video retention rates are about half of what security needs would dictate. That’s most often the case because the high cost of non-IT video storage forced compromises in the design of video storage for budget compliance.
That has left many security practitioners in the situation where they had no choice but to accept recording video at one-half or one-quarter of the quality (resolution and frame rate) that the camera puts out. Many new DVRs are still limited in that regard.
In the past, it has been hard to think of recorded video as critical data — because the video coverage was often incomplete and the recorded quality less than desirable. It’s not critical data if it doesn’t contain the needed information.
With the affordability and capability of today’s video technology, there is no reason to settle for less than what the job of security requires.