Editor’s note: This is the eighth in a series of interviews with the session leaders of the upcoming GSO 2025 event being held November 2 & 3, 2022 at the Vari® (formerly VariDesk®) global headquarters in Irving, Texas, near the DFW airport. The event is named with a future date because it takes a 3- to 5-year look ahead at where security leadership and security technology are going. Registration is open now.
Editorial Director Steve Lasky recently sat down with Ray Bernard, noted security consultant and author, columnist for Security Technology Executive magazine and writer for Security Business magazine and SecurityInfoWatch.com. Steve inquired about the GSO 2025 summit’s Day Two focus on technology thinking.
SIW: In what ways are you saying that our technology thinking today is still outdated?
Bernard: The information technologies we use to build our security systems have changed drastically and continue to change at an ever-accelerating pace. While that fact is now common knowledge, the impacts of that situation have not been considered thoroughly enough. The physical security industry is still primarily product-focused with insufficient consideration of the impact of key IT trends. The industry is still running years behind IT in terms of IT thinking and design practices.
SIW: Can you be more specific?
Bernard: There are several examples, and I’ll give you a key one. Most business, especially the larger ones, are engaged in digital transformation initiatives to advance how the company works and does business. They are using advanced information technology in their data centers, and in some industries even at the edge, meaning on premises and outside data centers.
This advanced technology is much more scalable and upgradeable than what we’re using for physical security, except for a few of the cloud-based offerings. With the newer technology businesses are more able to facilitate change and growth. There is a strong focus on data. The information technology enables businesses to understand themselves better, have deeper operational insights, and be agile so as to continually optimize how the business operates.
This is made possible by recent advancements in software-defined IT infrastructure, which provides virtualized computing, storage and networking components that can be easily managed at any scale. These software-defined elements have levels of redundancy and fault tolerance that can’t be achieved with the now-outdated hardware architectures we use for our physical security systems.
New technology breakthroughs have made it possible for computing, data storage and networking hardware to be added to or changed out without interrupting the software applications and their data exchanges. Hardware can be added, subtracted or replaced without having to shut the systems down.
Deploying and maintaining such software-defined infrastructure no longer requires highly skilled or heavily staffed IT operations, because today’s software-defined computing platforms manage themselves and utilize their built-in redundancies and failover capabilities to update the software-defined elements, virtual machines and applications running on them automatically as hardware is changed.
The IT term for this is autonomous compute infrastructure, which I first heard from Dell Technologies. It’s the IT industry’s equivalent of self-driving vehicles. It is the current state of the art for cloud computing technologies, and it’s now deployable as on-premises equipment too, for the on-site elements of our physical security systems.
Such infrastructure provides 99.9999% uptime for all applications, eliminating the need for third-party failover software and dedicated video failover recorders. The redundancy and fault tolerance capabilities of the physical security industry’s traditional approach to server-based deployments can’t match or even come close to the autonomous compute infrastructure capabilities. In software defined platforms the application architecture is fully independent of the hardware, not constrained or limited by hardware as our traditional physical security systems are.
SIW: Can such systems be installed by security integrators?
Bernard: Yes. For example, Dell’s autonomous compute platforms ship as turnkey systems that are lab-certified for the security applications that will run on them. They arrive ready to put in place and power on. Their deployments no longer involve the previous labor-intensive and error-prone human IT tasks that used to be required.
They can be installed by security integrators in minutes and hours, not days and weeks. There are upgrade paths to migrate in a sensible way from existing legacy systems to such new technology. That includes having cloud-applications in the mix, along with legacy technology that doesn’t warrant upgrading yet.
For the first time in the history of physical security technology, in-place systems can be evolved to incorporate emerging technologies, additional applications and integrations, and support new devices while the security system applications keep running with minimal or no application downtime.
Another key point is that the computing hardware built to support this intelligent infrastructure approach has strong cybersecurity features built right in – much like those used for secure cloud computing infrastructure.
SIW: What kind of new thinking is required?
Bernard: It’s not hard thinking, it’s just different than what we’ve been doing for so many years. We’ve been oriented around installing individual products and designing the hardware based on the short term requirements for them, rather than designing evolvable computing infrastructure as a platform that can support both today’s and tomorrow applications.
For example, today we buy on-premises video management systems pre-installed on their own servers. The fault tolerance, if any, is limited just to the servers of that VMS. Typically, that means RAID for storage, which for a hefty recording server means days of rebuild time and sub-par performance, which is why many VMS systems don’t use RAID for their recording servers and so aren’t fault tolerant. Individual failover servers for each application isn’t cost-feasible, which is why most security system applications can’t survive a server failure.
Managing on-premises security systems deployed this way is complex because each application has its own hardware that has to be handled individually. Buying independent hardware for each system is costly. Hardware upgrades almost always require system shutdowns. The systems don’t scale incrementally and have to be over-provisioned to account for future growth, which is wasteful.
I use this diagram to provide a context for how IT for physical security systems is advancing in this direction. The IT world learned years ago that the piecemeal approach we’ve been used for nearly all physical security system deployments has higher hardware costs and operating costs and doesn’t provide the guaranteed uptime that critical security systems require.
Taking the evolvable intelligent infrastructure approach, any application running can have its compute, storage or network resources expanded simply by adding to or upgrading part of the infrastructure’s hardware pool and telling the infrastructure management console (a software application) which applications get their computing, storage and/or network resources expanded.
The virtualized resources can be expanded automatically without system shutdowns. The costs to manage the hardware infrastructure are significantly lower. The computer, storage and network resources allocated to any application can be expanded or reduced incrementally. This is much more efficient and simpler to manage.
There is much more to say on this topic, and we do that – including technology capabilities demonstrations – at the GSO 2025 event.
SIW: Best of luck and we look forward to hearing more from you at GSO 2025 this fall.
Bernard: Thank you Steve. We’ll be having many insightful discussions in the GSO 2025 event at the Vari headquarters.
