My Point of View: Clouds on the Horizon?

April 18, 2012

The metaphors came quickly as my staff and I made our way across the show floor at the recent ISC West conference in Las Vegas. Either your head was in the clouds or you were walking on clouds almost the entire week. Moving physical security into the cloud (along with practically anything else that isn’t nailed down) seemed like a foregone conclusion.

But not so fast, brother! Although massive, disruptive change is coming to IT as Software as a Service (SaaS), SOA, mashups, Web 2.0 and cloud computing truly come of age, research surveys and several sage industry veterans say differently.

The PR touting the benefits of cloud migration into the physical security space makes it sound like a no-brainer. Who’s going to argue when you tell your boss that the cloud will help the company access data virtually anyplace, anywhere and at any time; that it will reduce the amount of equipment in the field and lower the cost to own and maintain it; and that it will also make data more accessible to the system users.

These efficiencies are accomplished by leveraging IT to reduce deployment, maintenance, installation and operational costs. For instance, server virtualization is supported by many video management software platforms, allowing a physical server to appear as multiple logical servers to the application. As a result, you can reduce costs by consolidating servers. These concepts are not to be taken lightly and involve a lot of knowledge and training to deploy and support — especially if they are supporting mission-critical subsystems such as access control and video surveillance.

But recent studies show that adoption has not been on the fast track in many sectors. Microsoft’s SMB Cloud Adoption Study 2011 found that only 29% of SMBs are paying for one or more cloud services (but expected to increase to 39% within the next three years. Symantec’s 2011 State of Cloud Survey indicates that adoption of cloud computing in organizations is low and only a few have crossed the finish line. Few surveyed companies had implemented these services: SaaS (19%); Private IaaS/PaaS (17%); Public IaaS/PaaS (17%); and Hybrid IaaS/PaaS (11%). According to Data Center Decisions’ 2011 survey, cloud adoption is growing slowly, and only a few percentage points separate 2011 from the 2010 results. The survey found that public/private cloud implementation only increased from 4% in 2010 to 6% in 2011. And a 2012 survey of government IT decision makers by CompTIA indicated that only 18% expect to spend their budget on cloud computing in the next 12 months.

When interviewed at ISC by SecurityInfoWatch.com editor Geoff Kohl, Tyco Integrated Security’s CTO Jay Hauhn said that the industry has trended from DVRs to IP video and now to the cloud and managed services for both access control and video surveillance. “There were a couple card access companies that really showed this industry how to do cloud and managed services and how to make money at it,” he said. “It’s a great financial play for the customers [to hand off the hardware and services], and it generates RMR for the integrators. It turned card access into a managed service, and it’s had great success. Now the industry is trying to figure out how to do it in video. Companies offering video storage in the cloud are getting their foot in the door.
“Replacing DVRs or NVRs with the cloud is still a challenge, primarily due to bandwidth,” Hauhn continued. On a campus or in a facility on the LAN, the bandwidth is fine because you may have gigabit ethernet, but when you try to get that video off the campus is when you struggle [due to limited bandwidth]. However, compression is getting better as we are picking up standards from the cable industry.”

Others like industry analyst Steve Hunt admit that cloud services are an unstoppable train and will become fundamental elements of how businesses run in the future. He says it is not a matter of whether or when to use the cloud, but how to do so smartly and safely.

The obstacles faced by CISOs when assessing adoption of cloud computing for their organizations is not much different from the average CSO or corporate security director. Your organization’s cloud must pass solutions needed to be compliant with various industry standards like PCI, HIPAA, SAS 70, etc.

There needs to be seamless interoperability so applications move across the cloud without major technology issues. The lack of common standards is the potential roadblock to adoption. Also, don’t discount the culture in your organization as being a hazard. Is there a working relationship between your IT and physical security staffs? Is there buy in from the C-suite? And of course there is the defining issue – calculating the real ROI. If you can’t quantify the return on investment for your cloud migration, it will be a tough sell.

If you have any comments for Steve Lasky regarding this or any other security industry-related issue, please e-mail him at [email protected].