The concept of using the cloud as it relates to the physical security industry is one that has been shrouded in ambiguity. In general, we are well aware of how the cloud is revolutionizing information technology, media and many other industries; however, when talking about how the physical security ecosystem would relate to a Security as a Service (SaaS) offering, it is difficult to find clear answers.
It is time that the physical security industry addresses this area and demystifies how cloud service models mesh with or replaces the established security industry models and the Security Industry Association (SIA), Silver Spring, Md., is working with the industry to do just that.
As chair of SIA’s Standards Committee, I am excited that the organization has begun working on this particular issue by first planning the release of a paper that explores cloud architecture, cloud service models, best practices and standards that link the cloud with traditional physical security service models. The group will later produce standards where there are gaps specific to the industry.
Defining reference architecture
One of the biggest and most important challenges of overlaying a new technology domain such as the cloud to an established domain such as physical security equipment is defining reference architecture. This is a delicate process. There may be many implementations among practitioners and some may feel that the chosen reference architecture favors one system design over another. Technology changes rapidly and the model runs the risk of becoming outdated.
One thing that is certain is that there must be a way to link the traditional security ecosystem devices such as cameras, controllers and readers to the various forms of user access through cloud services. Simple reference architecture will go a long way in clarifying the role of cloud in the physical security realm.
Cloud services are consumed in a rather different manner than what the security industry is accustomed to with dedicated, on-premise applications and equipment. Two model shifts, one technical and one business, immediately come to mind when cloud is introduced:
- APIs vs. SDKs—Cloud service providers typically do not distribute SDKs, because SDKs are platform-specific, which is antithetical to the value of cloud applications. Instead, most cloud service providers publish API definitions that integrators and developers can build to however they want.
- Subscriptions vs. Licenses— Cloud service providers (almost by definition) sell subscriptions, not licenses. This changes the way that projects are bid, priced, and scoped. It also raises questions of data ownership and recovery that are unique to the cloud service model.
Architectures and service models are just two of the things that SIA will cover in the paper. Topics such as privacy, information security and compliance, topics that are not all that foreign to us as security professionals, will be explored in detail within the context of introducing software and hardware cloud services.
