Ensuring the IT Buy-In for Video

Oct. 27, 2008
Clarity and compromise are key

The following is an excerpt from a somewhat fictional conversation between a director of IT and a director of security.

“You want to do what? So let me get this straight—you want to monitor 400 cameras over the network at 30 frames per second at 4 CIF? And you want to do this for how long? Do you have any idea how much bandwidth and storage that will take?”

The director of security, wishing to sound at least somewhat “up” on technology, utters a noise that sounds vaguely like “…petabytes?” but his voice trails off as he notices that the meeting is not going well. The room falls silent, apart from the angry buzzing emanating from the IT director’s head.

It may sound over the top, but this type of interaction isn’t far from what often happens when the security director approaches IT about putting video on the corporate network. As the shift continues unabated toward a more converged environment, the IT and physical security worlds are expected to coexist, whether they like it or not.

Start With a Strong Business Case

Before approaching IT with a proposal to run video over the network, ask yourself a fundamental question: Do I have a sound, supportable and metrics-based business or operational reason to transmit video over the network? For instance, would it allow for more operational efficiency in order to better service clients? Would it be more cost effective than adding more cameras onto the existing CCTV system?

Having this basic supportive information at hand will make the initial meeting with IT easier and show them that your proposal is based on more than a vague impression that it would be a good idea. You must show IT that the plan is based on a business case that has been derived from proper research and reliable, empirical information.

Know What You Have ...
In developing your business case and your network video plan, you must be aware of what systems you currently have available, as well as those systems’ abilities and whether they are meeting your operational, policy and statutory requirements. If you haven’t performed an audit already, this would be a perfect time to do it.
Also, before you ask outright if IT can make network video happen for you, you should talk to some IT technical staff to gather some data about the network and storage capabilities of your organization.

... and What You Need
After you prepare your business case, you must make sure you clearly know what you want from IT. Think about your needs in each of the following categories, and also about how the capability of existing systems will play into your final plan.

• Network type and use. Are you hoping to use the network as a simple transport medium or do you need IT to provide a secure method of transport? If the data network will be used simply as a transport mechanism to carry the video feed from one location to another, much of your discussion with IT will be limited to the bandwidth implications of this video traffic.

However, if you need to transmit these images in a secure environment—if, for instance, the images may be used in an evidentiary proceeding or if you must show compliance with certain privacy regulations—the conversation will be much more complicated. You will need to present your needs in this category to IT as “must have” components of the proposed architecture.

• Speed of transfer. Are there universal transfer rates in all sections of the network? In many organizations, the greatest resources are located at the center of the organization, while the perimeter may have less capacity or speed. If you want to pull video from a remote location, the speed of the network at that location may create some limitations.

• Bandwidth. The central problem with IP video running across the network is that it consumes network resources, or bandwidth, which is finite and costs money. Larger organizations may have robust network fiber connections that provide significant bandwidth for a reasonable number of cameras, but as with most technical projects, the devil is in the details.

You must think through not only how much bandwidth you may require to operate your camera infrastructure, but also when the peak times will likely be. IT services have peak operating times, such as when they are streaming live video for a video conference, or during fiscal year-end when everyone is busy accessing the network simultaneously.

• Storage. The relative cost of video storage on the network can be dramatically lower than DVR storage in the right circumstances. Determining the purpose of network storage is a key enabler in successfully presenting your case to IT. Will this storage system be the primary storage mechanism for your surveillance system? Will it be required to offer immediate access, real-time video quality and high-resolution images, or will it simply be an archive storage facility where you may access images infrequently? Will the storage system need to be backed up in the enterprise backup system?

Consider whether there are any potential regulatory issues created by your backup system. Even though some storage systems can encrypt data files, many will only store in unencrypted form. Finally, consider whether you need local access to video files. Central storage is great and cost effective, but if your main network cable is cut by the fiber-seeking backhoe in the street, your local access to files can be lost for days.

Storage, like most things, comes in tiers of quality. Tier 1 storage has more capacity than Tier 2, and so on. Tier 1 is also the most expensive. So it will be important to understand the storage capabilities and capacities of your organization and determine if they have sufficient storage capacity to meet your needs.

So, you will first need to determine if this will be your production, archive or backup storage system. Then, you will need to investigate the type of storage available and appropriate for your purpose. There are many factors in determining appropriate Tier level. The basic issues include:

- Speed of the Storage Disk: The speed of the disk used in the storage must be sufficient to meet the needs of what you are writing to it and pulling from it.

- Storage Controller: Does the storage controller have the speed and capacity to handle the job? With large data transfer, you want to ensure there will be no bottlenecks in the process, especially if these controllers have shared duties.

- I/O (IN/OUT) Capability: Can the storage system store and retrieve at a capacity that meets your needs? Some systems will complete one set of tasks before moving to another, creating a potential bottleneck zone.

Having all of this information at hand shows IT that you have put serious thought not only into your operational requirements, but also into how you will work with them to mitigate the impact on the network. This show of goodwill will help you reach a consensus.

What Worries IT?

Success starts with understanding the other side’s worries, what they need, and how you can make it easy for them to help you. If you are blessed with an IT department that is exceptionally customer focused, with unlimited bandwidth, and that is driven to help, this will be elementary for you. However, if your IT department is, like most, overworked and faced with continual resource shortages and increasing service demands, you will find your best success in being well prepared for the conversation by having done your homework in advance.

Availability of network resources is probably the number one concern for the IT director, especially during peak traffic times. Most organizations benchmark uptime of the network. This will be one of the worries that keeps them up at night, and they like to have end-to-end control of systems on their network to ensure this availability is maintained.

Technology they don’t control, and can’t service if an outbreak occurs, is another IT concern. So, if you manage the rest of the CCTV system and you’re asking them to handle only part of the total solution, be prepared for some questions.

Your first conversation with IT could go a number of different ways, and much will depend on the people and the organization, but here are a few other issues to consider.

• Data path: Where will the surveillance data travel across the network? Are there any threats to video images from third parties? Are there legislative issues such as privacy, or file security issues that may impact confidentiality? Video is simply another packet across the network and can be viewed easily if not properly secured in transit.

• Backup and recovery: In a disaster response and recovery scenario, will your data be available? You may want to consider a service level agreement (SLA) with IT so that your availability needs are clearly laid out and documented.

• Notification: What happens if there is a component failure in the processing or storage system? While you may have a service agreement on the specific reaction time, you may also want an alarm or notification indicating the area of failure.

If you have answers readily available to these questions in the meeting, your ability to move your project forward will increase exponentially and you will be seen as a partner rather than an adversary.

Be Ready to Compromise

Like almost every project, the ultimate solution will be based on compromise, whether it is in the area of budget, operational need or logistics. Go into the meeting with IT armed with the facts that relate to your system, pinpointing the points that are “must haves” for you and the areas that are open for negotiation.
For instance, in our fictional example from the beginning of this article, the security director can consider a number of compromises to address the IT director’s concerns. Is it really necessary to record everything on every camera at 30 fps and 4 CIF, or would setting the record rate down to 15 fps across the setup be acceptable? Simple math shows that this alone would reduce the requested bandwidth and storage requirements by 50%; music to that overworked IT director’s ears.
It doesn’t have to stop there. If the security director in the example runs selected cameras at just 7.5 fps and then has them jump to 30 fps only when an incident occurs, the requirements again decrease. By using a “change-only” format of compression—one that only transmits changes in the scene under surveillance—the security director can ensure that even less information is sent and therefore less bandwidth and storage is required.

Be willing to make some concessions to allow for a successful conclusion. Otherwise that angry buzzing sound coming from the IT director’s head may just go up a decibel or two.

Dave Tyson, MBA, CPP, CISSP, is the CSO at the City of Vancouver.

Gary Wilson, CPP, RPA, is the corporate security manager at the City of Vancouver.