What’s in a platform?
October 2017, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
There is still no clear winner when it comes to security management platforms. Open systems are generally seen as a better deal, but camera vendors are continually developing better platforms offering more functionality, intelligence and performance. Then we have a whole convergence aspect in which more products from different fields and industries are being integrated into the same management platform.
And then there’s the IoT and artificial intelligence (AI) which are supposed to be taking the world by storm. One can be excused if you raise an eyebrow or roll your eyes every time you read about IoT and AI, but while the robots won’t be taking over for a few years, the concept of intelligence in software and hardware is a reality and the work behind the scenes will amaze most people.
So, when looking for a management platform, what does one choose? Do you go for something your camera vendor supplies, an open system, a PSIM (Physical Security Information Management), or a CSIM (Converged Security and Information Management) platform, or something completely different – SIEM (Security Information and Event Management springs to mind)? Hi-Tech Security Solutions asked some industry experts for their input into the latest goings on in the world of security management platforms.
Before discussing the features and functionality of management platforms, it may be advisable to start at the same place as potential customers, in other words, what does one need to look for? A VMS is naturally useful, but there are many more security technologies one wants to manage on the same platform (and an increasing number of non-security technologies that are also able to provide useful data). So what does one need to look for and what questions should you ask to ensure your platform is a good long-term investment?
Genetec’s Brent Cary raises a few important points about what is important in a platform, starting with efficiency and unification.
“When you have people and assets to protect – either on one site or multiple sites – your operators need capacity to do multiple things at once. A unified security platform uses a collaborative, task-based approach where an operator can take any number of simultaneous tasks, while remaining focused on the specific activity at hand. A unified system delivers far more than simple security. It provides functionality and flexibility for the long term.”
Resiliency is also important, according to Cary. “At Genetec, we believe that the best solution is a resilient one. Security isn’t static. It must work on a day where nothing happens and on a day where every possible eventuality happens. It’s why the ability to respond effectively and efficiently is essential for our customers, whether they’re a supermarket, a secondary school or a city.”
Finally, reliability and security are also key. He suggests users take advantage of the most innovative possibilities for uninterrupted system access, data protection, and privacy. “When you have people and critical assets to protect, rely on a platform that provides continuous access and is engineered to limit system interruptions, all while offering enhanced IT-based security that prevents unauthorised access to sensitive data.”
Adlan Hussain from CNL Software.
Adlan Hussain from CNL Software believes that openness is probably the most important issue if you are using lots of technologies from a wide range of manufacturers. Ensuring your security platform developer can (and has a defined methodology for doing this) work with other security and non-security providers is essential.
“After this, you must look at what value they can bring to your processes. There is so much that can be done, technology can do so much, but what is valuable? Too much information is as bad as too little information, especially when time is a limiting factor. A security management system that is ‘pushing’ a limited amount of valuable data is much better than one that allows operators to ‘pull’ huge amounts of data.”
JOS Svendsen from Milestone Systems.
JOS Svendsen from Milestone Systems, a driving company in the move to open platform systems, says flexibility, scalability and adaptability are three main factors in selecting the right platform for a business video solution. “We live in an ever-changing world and the only way to keep up is to be agile. Flexibility means the platform can cover as wide a range of needs as technologically possible, leading to high return on investment from day one.”
Scalability is all about being able to cover customers’ needs, from a one-camera solution to global scale implementations using the same management interface and being able to gracefully add capacity and interconnects.
Adaptability to Milestone is a community game. “Total adaptability with add-ins done by partners paves the way for perfect solutions,” Svendsen adds. “Another core attribute is manageability. It does not matter if the systems have IoT or cloud components, a central management system will provide the business governance context and adherence to local legislation needed in any enterprise today and going forward.”
Bernard Senekal, CEO of Naxian.
Bernard Senekal, CEO of South African platform developer Naxian, takes the approach that security management is only one element of true integrated management. “Our ethos is that everything smart (commercial buildings, cities, retail, logistics and supply chain, banking, etc) needs to be secure first.
“You cannot, for, example have a smart building unless it is a secure building first. It is therefore imperative that an investment in an integrated security management platform is actually an investment in an IoT platform that allows for the integration of far more than just security assets. More specific than integration of systems, it is important to realise that systems have to collaborate in order to achieve immediate and maximum value.”
The value of openness
Most people today would agree that open systems are important as they make it easier to add or integrate different functions and features into your platform – supposedly with ease. But how does the user ensure they can integrate new systems, but retain the security of their operations and systems? In other words, how do you ensure integrations don’t open vulnerabilities that put data or people at risk?
Hussain explains that centralising all systems into one place can open up potential risks, or putting it another way “putting all of your eggs in one basket” can make you more vulnerable. That is why it is essential to select a system that is extremely secure and has high levels of authentication and user management. It is also essential to work with a reputable integration partner that understands IT
networks and cyber technology, not just security systems.
Svendsen advises that it is important to consider the meaning of the term ‘open’. Milestone has come up with five hallmarks that any customer should look for to determine if the investment they are about to make is truly in an open platform.
1.) Common external programming interfaces: The characteristic of this hallmark is having a common Application Programming Interface (API) that can be used easily by the partners and end-users.
2.) Published documentation: This one is extremely important because it often weeds out solutions that claim to be open, because you can integrate a third-party solution even though they do not offer a truly open and published Software Development Kit (SDK).
3.) Training: If a manufacturer’s open platform offers published APIs, and an SDK, you are heading in the right direction, but it only begins there. The next step is to train third-party programmers on how to write to those APIs and use the SDK.
4.) Project consulting: This means that the manufacturer takes the necessary steps to make sure that the integration to the open platform is a smooth and seamless.
5.) Security focus: In order not to make an open platform a security risk, interfaces have to be hardened and constantly reviewed for any security risks, all solutions have to be certified and good security practices have to be adhered to by all involved – partners, customers and the manufacturer.
The security of your security
On the topic of security, Cary says the latest version of Genetec Security Centre offers new video encryption and authentication enhancements. “The new security threat countermeasures include authentication and encryption methods to ensure that only authorised personnel can access the security system. To mitigate the risk of cyber threats, such as man-in-the-middle attacks, organisations will now be able to implement digital certificates to guarantee trust within the system and implement new levels of encrypted communications between all Security Centre components.
“By establishing a secure and trusted connection, Security Centre is able to authenticate communications within the system, validating and ensuring that data and video are not exchanged with outside sources. This also allows organisations to leverage specialised third-party claims services, including Active Directory Federation Services, to authenticate and manage Security Centre user credentials.
“When it comes to applications using the cloud, we ensure that the data is encrypted before it leaves for the cloud and the customer controls the keys.”
On the topic of security, Senekal once again quotes Furter’s Law, “Security is inversely proportionate to convenience”.
“This statement means that it is understood that the easier devices, systems, databases, people and process are to integrate/assimilate with and then to make use of through active interfaces, the more risk is presented to it/them,” states Senekal. “When building, delivering and maintaining solutions, one should always implement a healthy balance between convenience and mitigating security risk.
“We use very specific frameworks such as the NIST Cyber Security Framework that is a well-accepted global standard which focuses on addressing risk instead of compliance. This framework ensures that we consider risks such as malware, human error, advanced persistent threats, insider threats, third-party systems, denial-of-service attacks and, specifically in the case of electronic security systems, the threat provided by compromised systems (systems with known backdoors) while still providing a solution that is robust and user friendly.”
More than security
As noted above, today’s management platforms may initially be purchased for video surveillance and other security purposes, but we are living in a world where everything electronic wants to communicate and exchange data. And although the word convergence is probably overused, the reality is things are converging at a pace, to the extent that certain luxury cars use a converged physical and logical solution to secure the car and driver, and to ensure certain safety principles are upheld. The possibilities are almost endless.
Svendsen explains that an open platform can provide management of other types of systems: access control, building management and more centralising and streamlining management of related systems. “The use of open platform technology also enables users to move the use of video beyond security. Retailers can use video systems for video analytics providing insights on customer flow, efficiency of in-store displays and more.
“Similarly, manufacturers can use video for documentation and quality control. It could be a steel plant documenting that the cooling procedure of forged objects is according to specification; harbours using video to detect spills; zoos using video recording of the animals for research or educational purposes. The possibilities are there, it is just a matter of thinking a bit out of the box.”
Hussain concurs, noting that intelligence is key to expanding the capabilities of your management platform. “The ability to tie pieces of information together based on geo-location and alarm type can ensure threats are correctly identified and managed well before they materialise. Many of our customers are using security technology and people to drive better operational outcomes. For example, using CCTV to check damage on containers in a marine port, then using the security team to investigate if the damage if it is severe. Based on this, they can then make a call on whether it is travel worthy or needs changing.
“Typically, management platforms are sold as simple linear management of alarm and other security assets that trigger events and are managed by means of some operating procedures,” says Senekal. “Imagine the inclusion of things such as weather and traffic patterns, human resource databases and operational process systems such as warehouse management systems.”
Local or remote
Given the current trend to try and do everything on someone else’s computer, or to use more modern terminology, ‘in the cloud,’ it should come as no surprise that the potential of running your management system remotely is possible. Hosted services allow companies to do away with the requirements of buying and managing their own IT systems, allowing them to receive the service while the service provider does the IT work. This model does raise some security questions as it means your data is held by a third-party.
Hosting or cloud is not a given, however. Hussain warns that if the Internet connection is down or slow, and security cannot perform routine tasks, it will be a problem for most companies, small medium and large. “All of our customers to date have requested on site security systems, but are focusing on environments where security is mission critical.”
On the other hand, Cary says, “More organisations are relying on cloud services as departments look to shorten IT implementation times and reduce the need to manage and purchase their own infrastructure. Cloud deployment is lowering the cost to customers, eliminating capital expenditure for on-premises servers for storing video images and image management applications, as well as avoiding the added operational costs involved in having personnel dedicated to systems administration and maintenance of on-premises systems.
Naxian is pushing for adoption of Platform as a Service for its PSIM solutions going forward.
Where we’re at
The topic of management platforms is a broad field with far too many questions and options to fit into a single article. However, to gain an understanding of what end users can look out for in the coming year, we asked our interviewees to give us a broad idea of what they will be offering going forward.
Starting in Africa, there is nothing to report, yet. Senekal is a little secretive about Naxian’s plans, saying only that advancements in the company’s algorithms and artificial intelligence systems will be launched in November. (Hi-Tech Security Solutions will be looking to tell our readers all about it if we haven’t been replaced by algorithms.)
In order to minimise disk load for recording servers, Milestone has developed a new strategy for storing video in RAM before committing recordings to disk. “By fully utilising the large RAM capacity in modern servers, recorded video is kept in RAM until the VMS determines the video needs to be written to slower mechanical disks.
“In systems not using this technology, the video is always written to disk, no matter if it is necessary or not. Initial testing shows the savings in disk activity can be up to 80% and even more in scenarios with little or no motion. Reduction in disk activity enables the recording server to handle more cameras, be more resilient and run cooler. Since the disk load is reduced, less expensive disk drives can be used and the lifespan of the disk drives is prolonged, reducing maintenance costs.
“With increased integration and collaboration between systems and organisations, more entities are interacting with physical security systems and accessing privileged data,” says Cary. “Organisations are constantly increasing their efforts to control who sees their data and what they can do with it.
“With our close development relationship with KiwiSecurity, a video analytics and privacy company, we are now a globally recognised authority on privacy masking and analytic cameras. The process of privacy masking can automatically obscure individuals and vehicles through pixilation in live and recorded video. Our tools assure that a fully visible, high-resolution version is captured, encrypted and stored while the real-time masked feed is monitored.
Today, a variety of organisations are using the latest federated architecture to allow them to manage security systems and assets for vast geographic areas, says Hussain. These include both public and private organisations that have very different requirements for the technology, but have the same shared need to ensure mission critical levels of security across their enterprise.
He adds that federated architectures improve an organisation’s ability to identify and manage incidents by improving its security posture. “This is achieved by creating an optimised balance between enterprise-level policy enforcement and devolved empowerment of local security teams who have location-specific knowledge.
“It also improves its emergency preparedness by effectively distributing systems resources and allows better utilisation of human resources. An example of this is the ability to share the management of incidents and events with operators at other locations during peaks in alarm traffic. These two elements of systems and people are two of the largest costs for any security departments, so increasing their effici-ency helps to lower ongoing operational costs,” Hussain continues.
There is no easy solution when choosing a management platform, companies looking for a solution have their work cut out for them. These software systems are no longer simply a way to manage a few cameras or integrate your access control into your VMS platform. Of course you can do that, but the potential and opportunities are there to do so much more. It’s up to the end users to understand their current and future requirements and make a choice that meets their requirements for today and is expandable and scalable for future needs.
For more information, contact
• CNL Software EMEA, +44 1483 480088, firstname.lastname@example.org, www.cnlsoftware.com
• Genetec, email@example.com, www.genetec.com
• Milestone Systems, +27 (0)82 377 0415, firstname.lastname@example.org, www.milestonesys.com
• Naxian, +27 (0)87 820 0620, email@example.com, www.naxian.co.za