Breaking Down Security Silos

The physical security market is undergoing a substantial metamorphosis as it looks to evolve from its past focus on doors and fences and adapt to a more integrated approach that incorporates the important information technology (IT) aspect of organizations' overall security strategy. This shift is driven by one of the greatest fears for security professionals -- a coordinated assault that combines a physical security attack with an attack on the IT network that would eliminate the organization's ability to command, control and communicate.

To get a firm grasp of an organization's overall security posture, it is increasingly important to integrate all of your various physical and IT security systems -- systems that until now have been managed and run in separate silos. For an enterprise to adequately protect itself from today's increasingly sophisticated threats, it's critical to leverage advancements in technologies that impact both physical and IT environments. As with many areas of technology, this security convergence will occur in a couple of phases.

Physical Security: It all Started with a Knock on the Door

Physical security overall hasn't changed much in the last few centuries -- there were finite ways in and out of a castle or building. The focus was on protecting the physical perimeter where a moat, wall, fence, gate or door served as the primary barrier to entry. Over time, stronger fences, more sophisticated door locks and electronic badges were created to strengthen the physical security of a building, facility or campus. In today's world -- the definition of the physical perimeter is changing and technology needs to adapt accordingly.

More recently, cameras and a variety of noise and motion sensors entered the equation to provide visual confirmation of threats to the physical enterprise - people lurking where they shouldn't be; unknown vehicles in the parking lot; unmarked packages placed in obscure places. So, there's a confluence of factors happening here:

• Enabling technologies like cameras and sensors are becoming less and less expensive
• Physical security systems and devices are becoming Internet protocol (IP) -enabled
• Advancements in technology are making these devices smarter and smarter, enabling more visibility and automation
• However, these devices are all still deployed in silos and are not coordinated with existing IT security infrastructure

This begs the question, "How can one have thousands of eyes and still be blind?"

The Rise of the IT-centric Enterprise Called for New Security Measures

Today, no organization can conduct business without basic technology infrastructure. Think about it - without email, Internet and applications, we're essentially unable to effectively communicate. This applies to security organizations, too - losing C3 functions (command, control, communication) cripples their ability to achieve their primary goal of protecting people, assets and infrastructure.

The efficiencies of the IT-centric enterprise brought new threats. IT assets - customer data, business information, intellectual property, secret formulas, etc. - were not only easily accessible and re-usable, but also gave rise to new security challenges related to protecting those assets. Multiple technologies have been being deployed to protect this vital infrastructure; firewalls were created to prevent unwanted access to your network and data; intrusion detection systems alerted security personnel to malicious network traffic and computer usage; encryption protected data at the file-level. In fact, many enterprises have 20-plus security products deployed to "serve and protect," each with their own console collecting and reporting current security status. Security event and information management products address this problem by collecting data from all the disparate products and enable the correlation of activities and threats on the network to elicit the appropriate response.

The growth of the IT-centric enterprise and distributed computing environments have also driven the disappearance of the physical perimeter, calling for a more tightly-integrated security system to manage and deal with both physical and IT threats.

The Convergence of Physical and IT Security

The simple reality is that now that the world has changed, you have to adapt how you deal with security threats. We've seen a significant shift in the security field - a convergence of traditionally separate physical and IT security systems. In late 2006, Lehman Brothers indicated that the $150 billion physical security market is undergoing a tectonic shift, driven largely by a sense of urgency around security and integration with IT security systems.

In addition, according to market research firm The Freedonia Group, the global market for private security products and systems is forecast to grow 8 percent annually through 2010, reaching $85 billion. Take the Secure Border Initiative, also referred to as SBInet, for example - some estimate the value of the multi-year contract to be more than $2.5 billion, which will be used to install new tracking sensors, cameras and communications equipment to build an integrated electronic surveillance system along the U.S. border.

The SBInet program is just one large scale example - enterprises and municipalities around the globe are investing in these systems. However, at the same time, they won't abandon their existing network infrastructure. With more than 90 percent of the installed base of security cameras being analog video, organizations must now weave in new digital camera technologies without giving up on their previous analog investments.

In the surveillance world, where analyst firm Research and Markets expects the market for video surveillance equipment to grow by 37 percent by 2009, companies that converge physical and IT security are able to take the blinders off as they deploy a complete network of surveillance technologies that communicate in real-time to deliver operations center personnel true situational awareness. And the convergence continues at multiple levels - analog and digital video; video technologies such as DVRs and NVRs; sensors and access control; external data sources such as weather reports, crime stats and map data; and IT security in general are quickly being assimilated into the overall technology infrastructure. All of these converged security technologies can produce a greater amount of information from which to make security decisions.

To illustrate, consider these key technology convergence issues organizations face as they strive to meet their primary mission of protecting people, assets and infrastructure:

• Analog to Digital Migration - Organizations have to manage a large installed base of analog (more than 90 percent) plus fast-emerging digital solutions
• Multiple Management Systems - Every product and system has a proprietary standalone management console
• Data Overload - There are too many cameras to monitor and too many data sources
• Disparate Equipment and Systems - To date, systems such as surveillance, access control and information security have been built in silos and do not interoperate
• Proactive Mitigation - Forensics only help "solve" the crime, they do not accomplish the primary mission of protection
• Legacy Equipment and Networks - Fork-lift upgrades are unrealistic and simply aren't acceptable
• Archive and Storage - Legacy tape systems are not suitable for fast data retrieval or event correlation
• Lack of Standards - Control plane systems do not operate on known standards

The shift has already begun - the first phase to converging physical and IT security combines the integration of analog and video sources with other physical security data feeds, event correlation, incident response, collaboration and mobility to have a better view of your security posture that produces real-time situational awareness security personnel can act on.

From here, it is crucial to be able to manage, correlate and analyze the information to drive the right response, and this is where physical security information management enters the picture.

The Physical Security Information Management Market

Until now, there has been a void in the physical security market at the intersection of IT security. Despite the staggering number of cameras, alarms and sensors feeding data to an operations center, there lacked a physical security information management platform that could take in all the data, correlate it with data from IT security systems, and provide security personnel the insight to make effective decisions and respond to security events.

Security event management (SEM) and security incident management (SIM) are used in the IT security field, and have long served as the data collection and correlation engine that enables an IT security manager to filter out false alarms and false positives from true events that require attention and response. SEM enables organizations to pull data from firewalls, intrusion detection and prevention systems, anti-virus software and log files to create a clearer view of network activity and how to respond swiftly and effectively.

Companies are now applying these concepts to the physical security field, producing greater insight into what is going on in your physical environment to provide real time situational awareness, and determine how best to handle a given situation. Enter physical security information management (PSIM). By correlating the data feeds and alarms from various sources, a PSIM solution can provide the context that enables the right response to real threats and security events and disregard those that are false alarms or not real threats.

The emerging PSIM product category addresses the need for security organizations to integrate all their disparate systems and devices into an overall security network that provides true collaborative situational awareness. The market for these products will emerge in 2007 and, according to Steve Hunt from 4A International, will grow to more than $3 billion in 2011.

The next phase in the convergence of security systems will need to address the dramatically changing security requirements - from physical to logical, from gates and doors to bits and bytes, from analog to IP video - to provide the context security decision makers and operations center personnel need to make effective, timely decisions about how to respond to security events.

One Consolidated, Correlated View of Physical Security Events

It is our belief that this growth of the PSIM market will provide great value to today's security organizations. By converging video surveillance and other physical security systems together with IT security, taking in the enormous load of information and distilling it into the most pertinent insight, organizations can significantly improve cross-organization communications and efficiencies while fortifying a comprehensive security posture. The devil is in the details, however.

Many vendors, whether physical security or IT security, will develop their own proprietary solutions that require expensive tie-ins with other products they offer. The primary value a PSIM solution can deliver is through a standards-based approach that can interconnect an organization's existing proprietary systems - be it analog or digital, cameras or alarms, firewalls or intrusion prevention systems - enabling the organization to leverage and build off its existing investments rather than a rip-and-replace approach.

The shift toward an integrated physical and IT security system is underway with the convergence of analog and IP video and other data sources into a physical correlation environment that leverages an organization's existing technology investments. As companies get more comfortable with the inevitability and value of a fully-integrated physical and IT security environment, as physical security products collapse onto the IP network, the developing PSIM market will blossom into a full solution category segment that will help enable security personnel to achieve their primary goal of protecting people, assets and infrastructure from the flood of new threats that emerge daily.

Key Attributes of an Effective PSIM Solution
In selecting systems to integrate security data in a PSIM method, we have identified 12 characteristics that are preferred in PSIM solutions. Consider these elements as you define your needs of a converged security solution.
• Normalization of Device Presentation regardless of vendor, protocol or standard
• Normalization of Device Control regardless of vendor, protocol or standard
• Normalization of Routing and Connectivity of all devices and systems regardless of what type of network they reside on including IP, ATM, ISDN, Overlay (fiber, serial, coax, etc.)
• Integration and management of Analog Video without the need to bulk convert to digital.
• Event capture from any devices and systems regardless of network, vendor, communications protocol
• Complex Rules and Correlation Engine that enables policy to be applied to multiple events with the elements of time, location, personnel and "normal" conditions incorporated into the correlation of an event
• Built-in Procedure and Policy Database to enable operators to easily know the standard response to an incident
• Multiple methods of Collaboration to enable operators to share information with others regardless of their method and location including video conferencing, email, Web conferencing, SMS, chat, VoIP and Radio
• Use of GIS systems to present data for personnel, devices, data, events and incidents in an intuitive Map Interface that enables operators to quickly understand the relationship of objects
• Integration with Video Wall that enables customizable display of information for an event
• Integration with Mobile Wireless networks to enable the sharing of information including video with field operations
• Secure Infrastructure that is resistant to attack by hackers and threats

About the author: Tony Lapolito is vice president of marketing for VidSys. He comes to VidSys with over 15 years of experience in the networking and video industries. Lapolito most recently led the marketing team of Cisco Systems' Application and Content Networking division. Previously, he was the director of product management at SightPath (now Cisco), an early pioneer in CDN products. Prior to SightPath, Lapolito held positions in marketing and engineering at leading high technology companies that include Artel Video Systems, 3Com, Chipcom, Leaf Systems and GTE. He holds a BSEE from the University of Massachusetts, Lowell and an MBA from Boston College.