T's participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Here's why corporate infosec needs to pay attention
A recent study by Enterprise Strategy Group (disclaimer: sponsored by my company) found that 91 percent of video surveillance deployments today involve IT departments.
That’s up from 52 percent in 2011. What’s more, 47 percent of IT pros claim that they make the final video surveillance purchase decisions. When ESG presented its findings to our management team, we were honestly quite surprised. As the market continues to shift from analog CCTV to IP video, we’ve certainly seen IT’s participation grow -- but these figures were much higher than we anticipated.
In our world (physical security), video surveillance has traditionally been a task handled by facilities, physical security, and/or loss prevention groups. However, as the migration to IP-based technologies continues to transform every aspect of the enterprise, IT plays an increasingly active role in deciding what IP video devices live on the network.
While IT controls the network, they must work closely with their physical security counterparts. Together, they are both responsible for protecting the business, its people, and its property -- digital or physical -- so it’s important that they work together to meet these common goals. Blurred lines The move to IP-based video surveillance cameras means that IT must understand their impact on network performance, storage, and video quality.
Additionally, these types of cameras now enable organizations to layer powerful applications (analytics or remote management) on top of the camera’s capabilities. Physical security must now understand the broad responsibilities IT has to serve the business across, not only security, but marketing, sales, and HR (to name a few). This often requires them to do more with less, since each department that they serve has its own priorities. Why does IT need to pay attention to physical security?
Simply put, safety and security are threatened from an increasing number of vectors. It’s not just hackers from afar; corporate espionage, insider threats, and safety concerns must be addressed on a continuous basis. Unauthorized access to a server room is just as problematic whether in-person or on the network. Theft of customer data, intellectual property, and/or corporate strategy plans are all costly in many ways. The importance of locking down the organization -- and having a clear trail of access for forensics -- is becoming more of a priority for IT.
Collaboration is the name of the game now -- and it is the path to creating more secure environments. IT: influence and support vs. command and control The reality is that IT already supports physical security and has strong influence on its infrastructure and technology environment. In larger IT departments where IT specialists exist, such as a storage specialist, they are already supporting network video and should care about which cameras and applications are pushing content to their storage.
This means that IT needs to understand storage requirements and limits, as well as process orchestration, in syncing storage systems. Understanding details of camera technologies and applications helps IT influence good decisions based on bandwidth, storage, and management capabilities of cameras. Additionally, IT often controls what gets on the network as well as budgets and approvals. IT also needs to pay attention to physical security and its technologies because the corporate network is the vehicle through which high-quality video data gets in the hands of security personnel and executives who need to know what’s happening when a situation unfolds. The reason IT won’t become the full boss of surveillance is a matter of expertise.
When IT absorbed and took over voice-over-IP technologies from telcos, there was a small learning curve for a new technology on the IT network. With physical security, it is much more involved. IT isn’t going to carry badges and arrest people, and they will not acquire state security licenses that are required by some states to install cameras -- both of which can be extensive processes. IT won’t create and maintain emergency response planning protocols or purchase and manage guard shacks, barriers, and other physical assets.
Over time, IT will exert greater influence over physical security tech implementations, while physical security will continue to own its piece of the corporate organization. In some instances, where facilities personnel own the physical security practice (instead of trained security professionals), IT will have greater oversight over physical security. In other circumstances where professional security, safety, or law enforcement departments exist (like on campuses), those organizations will take an “IT infrastructure-as-a-service” approach, giving physical security the IT capabilities they need to be successful. The changing landscape of physical security, with its increasing reliance on the corporate network, will continue to strengthen the working relationship between IT and physical security, as well as IT’s involvement in the initiative.
0 comments:
Post a Comment