Adoption of cloud-based security solutions at the crossroads

Many physical security pros still cautious about technology


Today’s cloud services, especially managed or “hosted” video and physical access control can offer the user the ability to track or constrain the geographic location of their data assets, and who has access roles and permissions. Service level agreements (SLAs) communicate these expectations, as well as continuity of service, and are a critical part of any cloud-based service.

The security practitioner and organization they represent still owns all rights to the content. Just as with any VMS-based security system, the rights and access can be controlled by the end-user. Cloud services by nature are meant to replicate in-house systems, but are managed offsite. This simply means the content produced is the same, only the delivery mechanisms are different.

Connectivity, Content and Media

Intelligence, authentication and improved storage management at these “edge” network cameras and physical access control devices can be enhanced with network attached storage (NAS) devices. Managed video devices stream the higher resolution HDTV video data to a local NAS, permitting a lower bandwidth video stream directed “up” to the cloud or managed service provider, where there might be constraints on connectivity, such as with the use of asymmetric digital subscriber lines (ADSL).

Should there be a connectivity failure through the internet service provider (ISP) for the device supported by the cloud, the device can be continuously recording on the NAS. An additional benefit for physical security is that this device can also be connected to local authorities through a local wireless solution (i.e. MESH/MIMO), and fully support video at ruggedized laptops in first response vehicles and a wide variety of mobile devices. The “smart transcoding” of these video streams from cloud to mobile device is discussed at length in the Video Quality in Public Safety Handbook, available at http://www.pscr.gov/.

The bottom line key is to understand the needs of the cloud-based security applications and set up proper expectations and redundancy measures (if necessary) to ensure appropriate uptime. Most hosting providers stick to the law of five-nines uptime – another factor that should be covered in the SLA – yet if the security application calls for additional redundancy, inexpensive hardware can be integrated into the system onsite.
ROI and what makes for a great “match” in the cloud
There are many ROI studies demonstrating the savings organizations and agencies have enjoyed by deployment of both private and public clouds. Tools specific to the video and physical access control manufacturers that estimate return on investment have just been deployed. EMC’s tool outputs the total cost of ownership comparison between a cloud-based network video surveillance solution, compared to a legacy solution. Answer a few questions about each use case and the tool delivers data illustrating a cumulative reduction in total cost of ownership (TCO) through cloud deployment. If the solution uses event-based recordings, as most network video and physical access control systems do, the savings may be even greater.
And so, what makes the cloud "fit" so many applications? It is not by accident that Amazon’s primary offering is known as "Elastic Cloud." Perform legacy, fixed budget IT resource planning and the result will be either surplus (waste of services) or poor performance and limited storage followed by the customer’s dissatisfaction.

This is where the cloud shines. A cloud’s elasticity matches computing and storage resources to the tasks, with minimal waste, dynamically allocating by historical trends or real time adjustments. One of the best approaches is to look at the use of your physical security operation and see if there are service peaks and valleys, starts and stops or unplanned growth or shrink. All of these behaviors are well matched to cloud deployment.

Another approach is to contract with a cloud service provider only when you need to "rent the spike" after establishing baseline costs. This way, you would outsource unbudgeted, unforecasted high usage or specialized applications to managed services. One example of this is video surveillance for event security. The event dates are predictable, but the attendance may not be.