The Convergence of Physical Security & IT

The convergence of physical security technology and information technology, and its impact on security and IT departments.

Usually IT personnel bristle at the thought of so much bandwidth going unused 99 percent of the time. Unlike business network bandwidth, a good portion of security network bandwidth can be considered as insurance - you need to have it, but you hope you don't have to use it.

The activity patterns for security networks are different than for business networks. Business networks usually have typical daily and weekly activity patterns which result from the patterns of operations of the business. Security network activity is generally light until an alarm or security incident occurs, and there is no predicting when that will be.

Although this article discusses the impact of security video on networks, it's not only heavy security camera use that can elevate network bandwidth requirements. Redundant server restoration, testing or upgrades can require full-bandwidth utilization of high-speed network segments for a good portion of a day. If it takes too long to synchronize a backup server and restore redundancy, the system could be left vulnerable for too long a time.

Scenario-based Security Network Assessment

To accurately assess security network bandwidth requirements, a scenario-based approach must be used that examines security system use during various security and business conditions, including security incident response and emergency incident response.

For example, during the World Trade Center attacks of September 11, security personnel were able to use CCTV surveillance cameras to assist in evacuating the buildings by informing emergency personnel by radio and telephone about building conditions that were obscured by smoke or otherwise outside the emergency personnel's field of view. In such a situation, as many available personnel are put on such a task as is practical, and all available security video workstations are put to use.

It takes a bit of homework, but the various security and emergency scenarios can be worked out. Start working backwards from what you will need to accomplish under each circumstance and how you want to accomplish it. Then determine how the security system capabilities will be used and what network bandwidth will be required.

Usually security personnel can identify a half-dozen security and emergency scenarios that are of concern to them and that are representative of the kinds of responses they would have to make. These scenarios should be written out, including what security information is required for the security and emergency personnel to make an informed response. IT should also provide scenarios involving network incidents that would result in loss of part or all of the security network. Alternate methods of accessing security system functions should be explored for each of the network loss scenarios.

Security Should Be Pro-IT, and Vice-Versa

There are many reasons for security to be pro-IT. IT can help establish network security requirements and provide network security tools that will be needed for the security network. They can help answer networking questions, and they can provide project support for specifications and for testing relating to the computer and network aspects of the project. In-house IT can provide ongoing support for security computer and network issues. As security systems incorporate more and more information technology, IT knowledge will become more important to security.

Security should designate someone to be an IT liaison as a permanent role, not just for the duration of the next security project. Security system upgrades and expansions will need to be coordinated with IT, and security will want to stay abreast of network expansions in case they provide an opportunity for security to further its objectives.

Similarly, IT should designate a liaison to security. Security will continue to expand, so it behooves IT to learn more about physical security. IT will have the task of augmenting security's network infrastructure based upon security needs. They may also have opportunities to piggyback off of required security network upgrades and accomplish some of their own objectives sooner, perhaps at a reduced cost. Security can contribute to IT's planning for physical security measures as part of its information security plan.