Ray Coulombe is Founder and Managing Director of SecuritySpecifiers.com, enabling interaction with specifiers in the physical security and ITS markets; and Principal Consultant for Gilwell Technology Services. Ray can be reached at ray@SecuritySpecifiers.com, through LinkedIn at www.linkedin.com/in/raycoulombe or followed on Twitter @RayCoulombe.
You can’t pick up any security or IT publication these days without some mention of “the cloud” — now I have guaranteed that this issue will be no different.
Three facts seem very clear from our current vantage point:
• The movement to cloud services is a train that may be slowed, but cannot be stopped;
• Cloud services have the potential to provide additional RMR to dealers and integrators in a variety of ways, including video, access, intrusion, PSIM and more; and
• Cloud services represent a potential security and business threat.
Security is not leading the way to broad-based adoption of cloud services; rather, IT-centric service offerings such as SalesForce.com and DropBox, coupled with widespread IT and consumer acceptance, can claim that distinction. The challenge for the security industry is to figure out how to use this technology from a business and practical standpoint, while provisioning good “secure-ITy”.
At the recent 2013 Securing New Ground (SNG) Conference in New York, there were lots of people talking about the cloud. Among them was Frank De Fina, senior VP of Samsung Techwin, who had just returned from a series of meetings with high-tech corporate leaders in Silicon Valley and found that they had some deep concerns about the impact our industry could have on the cloud infrastructure.
The concerns, De Fina learned, included the effect of potentially massive amounts of video data flowing through data centers, the physical security in those data centers, insider threats, and the incredible cost of data breaches — estimated in excess of $400 billion annually.
I wonder about their video concerns. I do not see near-term movement of massive video feeds to cloud based storage — too much bandwidth is required and it is not really needed. Cloud video services, such as VSaaS (Video Surveillance as a Service), tend to be based on alarms and events, triggering limited-duration video clips to be viewed or stored.
Local storage, including inexpensive SD and SDHC cards on the camera, can be expected to be the main repository for whatever is needed to be saved. Further, you can argue that a video data breach is less likely to be catastrophic than many other types of data breaches, with perhaps the main concern being the loss of privacy.
IT Security Threats
The information security threat is real and requires diligence on the part of the security dealer or integrator.
The Cloud Standards Customer Council has published an excellent white paper, available at www.securityspecifiers.com/ResourcesWhitePaper.asp — search “Cloud”) detailing 10 steps to evaluate and compare cloud offerings.
Among other items, potential users are encouraged to ensure that effective governance, risk and compliance processes exist; to audit operational and business processes; and to assess the security provisions for cloud applications. The white paper says that if you are going to use a cloud service, there are other issues that also must be addressed, but two of the most important are managing all security terms in the cloud SLA (Service Level Agreement); and evaluating security controls on physical infrastructure and facilities.
The steps described in the white paper are also useful for larger-scale enterprises deploying their own private cloud, upon which integrators have the potential to provision cloud services and provide ongoing value. In any event, I was happy to see physical security make the list.
Business Threats and the Residential Market
A real threat to the business status quo in the security industry actually comes from outsider companies. It is not a stretch to think that those who operate large data centers — Amazon, Google and Microsoft, for example — could evolve plausible security-targeted business models themselves.
A number of top-tier security integrators are migrating their business model to services, increasingly caring less about the hardware and installation revenue. Nowhere is this more prevalent than in the residential market - attractive because of its sheer potential for growth, both in number of users and services offered. Alarm monitoring can now be supplemented with video verification, off-site storage of alarm event data, energy management, lighting control and more.
Mobility is tightly linked to cloud services, and a homeowner’s ability to remotely check on a property is compelling. A good friend of mine, after suffering a very expensive break-in, moved to a video-enhanced alarm system with this remote capability. Now he’s telling all his friends about it. The system was installed by a very qualified regional systems integrator who displaced a well-known national brand.
It’s going to be an interesting competition: there are the nationals who are accelerating their product offerings and advertising; the local and regional firms that are embracing cloud services; and the telecom and IT companies who are now deciding to throw their hat into the ring.
Ray Coulombe is Founder and Managing Director of SecuritySpecifiers.com and RepsForSecurity.com. Ray can be reached at ray@SecuritySpecifiers.com, through LinkedIn or on Twitter @RayCoulombe.