The Convergence of Physical Security & IT

The convergence of physical security technology and information technology, and its impact on security and IT departments.

Up a step from this scenario is one in which multiple security LANs are connected over a business WAN backbone, but there is no interconnection to any business LANs. Or, multiple security LANs with multiple video servers may be connected over a business WAN to multiple business LANs.

In the most complex example, multiple security LANs with wireless indoor and outdoor security devices and multiple video servers are connected over a business WAN to multiple business LANs with wireless devices.

Internetworking Issues

The internetworking of security networks with business networks introduces a number of new issues to deal with on both sides of the fence.

Some security system workstations are located in areas that are much more accessible to the public than corporate networked PCs. Building lobbies and parking lot booths are two such locations that are often not very secure and are often unattended after hours.

  • Firewalls on business networks may not respond well to security network traffic, such as streaming video, and may require some reconfiguration to support it.
  • Security applications, such as software used to access live and recorded security camera video, may need to be installed on business workstations. In most situations these applications have not been tested or approved by IT.
  • Security budgets don't include funds for extending the security network for business operations use.
  • Security system administrators don't have network training and are not familiar with business network security policies, procedures and electronic security measures, which may need to be extended into the security network.
  • Some security workstations must be used by contracted guard force personnel, who normally would not be permitted access to any computer on the corporate network.
  • Where the security network and business networks are interconnected, problems with business servers or server maintenance can require temporarily taking down some or all of the business network, disabling part of the security network as well. Thus, the scheduling of routine server and network maintenance requires coordination with security, which may have to institute temporary security procedures until the network is fully restored.
  • It is common for security system vendors to have dial-in access to security system networks, for the purposes of providing technical support and responding to service calls. For interconnected security and business networks, such dial-in will require full compliance with business network security requirements.
  • When IT departments provide network connectivity for security networks, the security system vendors have to be provided with a means to test the network connectivity and available bandwidth at any time. The test capability must be available throughout the entire security system installation process.
  • For security to maintain responsibility for security network integrity, and for IT to maintain responsibility for business network integrity, security devices like routers or firewalls must be deployed on both sides of each security/business network interconnection. Properly configuring these devices means close coordination between security and IT. This also means that security needs a network-savvy specialist, or has to provide special training to an existing security technologist.
  • Both security and IT should have a physical "off-switch" capability that requires no technical expertise to use. This allows disconnection of the business and security networks quickly in the event of a detected network security breach on either side.
  • Acceptance testing of computerized or networked security systems should require sign-off by IT.
  • Virtual private networks (VPNs) can be used to economically provide remote access to security networks over business networks or the Internet, but security personnel have little understanding of the technical aspects of VPNs. See Figure 2 for an illustration of the VPN concept.
  • The increase in the popularity of wireless networked devices on both business networks and security networks increases the potential for conflicts and requires that standards exist and be enforced for the selection and management of wireless connections and devices on both sides.
  • Internetworking products and security system networked products continue to evolve. This requires a synchronization of knowledge between security and IT at least every six months - and a recalibration of security projects that haven't yet reached the purchasing stage - to ensure optimal system design and maximum return on investment.