Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

8/4/2014
12:00 PM
Fredrik Nilsson
Fredrik Nilsson
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Is IT The New Boss Of Video Surveillance?

IT's participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Here's why corporate infosec needs to pay attention.

A recent study by Enterprise Strategy Group (disclaimer: sponsored by my company) found that 91 percent of video surveillance deployments today involve IT departments. That’s up from 52 percent in 2011. What’s more, 47 percent of IT pros claim that they make the final video surveillance purchase decisions.

When ESG presented its findings to our management team, we were honestly quite surprised. As the market continues to shift from analog CCTV to IP video, we’ve certainly seen IT’s participation grow -- but these figures were much higher than we anticipated. In our world (physical security), video surveillance has traditionally been a task handled by facilities, physical security, and/or loss prevention groups.

However, as the migration to IP-based technologies continues to transform every aspect of the enterprise, IT plays an increasingly active role in deciding what IP video devices live on the network. While IT controls the network, they must work closely with their physical security counterparts. Together, they are both responsible for protecting the business, its people, and its property -- digital or physical -- so it’s important that they work together to meet these common goals.

Blurred lines
The move to IP-based video surveillance cameras means that IT must understand their impact on network performance, storage, and video quality. Additionally, these types of cameras now enable organizations to layer powerful applications (analytics or remote management) on top of the camera’s capabilities. Physical security must now understand the broad responsibilities IT has to serve the business across, not only security, but marketing, sales, and HR (to name a few). This often requires them to do more with less, since each department that they serve has its own priorities.

Why does IT need to pay attention to physical security? Simply put, safety and security are threatened from an increasing number of vectors. It’s not just hackers from afar; corporate espionage, insider threats, and safety concerns must be addressed on a continuous basis. Unauthorized access to a server room is just as problematic whether in-person or on the network. Theft of customer data, intellectual property, and/or corporate strategy plans are all costly in many ways. The importance of locking down the organization -- and having a clear trail of access for forensics -- is becoming more of a priority for IT.

Collaboration is the name of the game now -- and it is the path to creating more secure environments.

IT: influence and support vs. command and control
The reality is that IT already supports physical security and has strong influence on its infrastructure and technology environment. In larger IT departments where IT specialists exist, such as a storage specialist, they are already supporting network video and should care about which cameras and applications are pushing content to their storage. This means that IT needs to understand storage requirements and limits, as well as process orchestration, in syncing storage systems. Understanding details of camera technologies and applications helps IT influence good decisions based on bandwidth, storage, and management capabilities of cameras.

Additionally, IT often controls what gets on the network as well as budgets and approvals. IT also needs to pay attention to physical security and its technologies because the corporate network is the vehicle through which high-quality video data gets in the hands of security personnel and executives who need to know what’s happening when a situation unfolds.

The reason IT won’t become the full boss of surveillance is a matter of expertise. When IT absorbed and took over voice-over-IP technologies from telcos, there was a small learning curve for a new technology on the IT network. With physical security, it is much more involved. IT isn’t going to carry badges and arrest people, and they will not acquire state security licenses that are required by some states to install cameras -- both of which can be extensive processes. IT won’t create and maintain emergency response planning protocols or purchase and manage guard shacks, barriers, and other physical assets.

Over time, IT will exert greater influence over physical security tech implementations, while physical security will continue to own its piece of the corporate organization. In some instances, where facilities personnel own the physical security practice (instead of trained security professionals), IT will have greater oversight over physical security. In other circumstances where professional security, safety, or law enforcement departments exist (like on campuses), those organizations will take an “IT infrastructure-as-a-service” approach, giving physical security the IT capabilities they need to be successful.

The changing landscape of physical security, with its increasing reliance on the corporate network, will continue to strengthen the working relationship between IT and physical security, as well as IT’s involvement in the initiative.

Fredrik Nilsson has been responsible for Axis Communications North American operations since 2003. In this role,  he has been instrumental in leading the industry shift from analog closed circuit television to network video. Mr. Nilsson serves on the Security Industry ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.