Physical Security and Cloud Computing

We've been hearing a lot about cloud-based physical security solutions lately, and as with any emerging area, there are lots of different perspectives on what makes something a "cloud" solution, or a "something as a service" (something being software, storage, security, etc. -- SaaS). I want to take this blog post to hit upon three things that I believe you, as technologists, technology users and security systems integrators will want to consider:

1. Does the cloud mean freedom from proprietary technology?

One of the questions that I heard raised during the ASIS show was, "Is that really security at a service if they require you to have proprietary equipment installed?" The comparison was that hosted IT services typically don’t require proprietary hardware. If you're using Gmail's hosted email service or's hosted solution, you don't need a Google black box or a Salesforce black box installed in your office.

The person who pointed this out to me said that we have a lot of companies masquerading as SaaS companies, but that what separates our industry is that our SaaS companies require us to install proprietary hardware in our tech rooms and utility closets. What do you think? Is this a fair criticism of how SaaS works in the world of physical security today? I'm not sure that it was a fair critique, and I don't know that the promise of the cloud was ever the promise of being platform or technology agnostic.

2. How do you define the cloud?

Question number one brings us right into issue number two. It seems that there are a lot of misconceptions about cloud solutions today. I think that comes from a simple misunderstanding of what a "cloud" solution is. To me, something becomes "cloud" when any vital part of the operation is hosted elsewhere. That could be storage, but it also could be the processing.

Of course, there are a lot of conflicting definitions of what cloud computing is, and I'll not pretend to be the one who should define this major technology shift. Even NIST, the National Institute of Standards and Technology, has struggled with defining cloud computing, but define they have! In fact, they're on their 15th definition now, which you can download from as MS Word file here. I think that their definition is fantastic, and everyone should have to read this before they drop the word "cloud" in casual speak.

3. What are the misconceptions about the cloud?

Finally, there are a lot of misconceptions about the cloud, and the first thing I always hear is: "But how can the cloud be secure? I don't know that I can trust that my physical security data is secure if we can't lock it up right here in the security office!"

It seems like a legitimate concern. How do we trust our cloud security providers? Are you sure they're not allowing your competitors to open your company's Google docs for a fee? Maybe this is paranoia, or it maybe it's called simply being cautious. Whatever it is, it's part of Tony Kontzer's review of the "5 things no one will tell you" about cloud computing. Read this list of the five things that he posted last week. It's worth your time.

That's enough for the cloud today, but I can tell you that we have a lot of great content coming in about hosted solutions, cloud computing for physical security, and software as a service. Keep watching this site and the magazines for this information.