Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

8/4/2014
12:00 PM
Fredrik Nilsson
Fredrik Nilsson
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Is IT The New Boss Of Video Surveillance?

IT's participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Here's why corporate infosec needs to pay attention.

A recent study by Enterprise Strategy Group (disclaimer: sponsored by my company) found that 91 percent of video surveillance deployments today involve IT departments. That’s up from 52 percent in 2011. What’s more, 47 percent of IT pros claim that they make the final video surveillance purchase decisions.

When ESG presented its findings to our management team, we were honestly quite surprised. As the market continues to shift from analog CCTV to IP video, we’ve certainly seen IT’s participation grow -- but these figures were much higher than we anticipated. In our world (physical security), video surveillance has traditionally been a task handled by facilities, physical security, and/or loss prevention groups.

However, as the migration to IP-based technologies continues to transform every aspect of the enterprise, IT plays an increasingly active role in deciding what IP video devices live on the network. While IT controls the network, they must work closely with their physical security counterparts. Together, they are both responsible for protecting the business, its people, and its property -- digital or physical -- so it’s important that they work together to meet these common goals.

Blurred lines
The move to IP-based video surveillance cameras means that IT must understand their impact on network performance, storage, and video quality. Additionally, these types of cameras now enable organizations to layer powerful applications (analytics or remote management) on top of the camera’s capabilities. Physical security must now understand the broad responsibilities IT has to serve the business across, not only security, but marketing, sales, and HR (to name a few). This often requires them to do more with less, since each department that they serve has its own priorities.

Why does IT need to pay attention to physical security? Simply put, safety and security are threatened from an increasing number of vectors. It’s not just hackers from afar; corporate espionage, insider threats, and safety concerns must be addressed on a continuous basis. Unauthorized access to a server room is just as problematic whether in-person or on the network. Theft of customer data, intellectual property, and/or corporate strategy plans are all costly in many ways. The importance of locking down the organization -- and having a clear trail of access for forensics -- is becoming more of a priority for IT.

Collaboration is the name of the game now -- and it is the path to creating more secure environments.

IT: influence and support vs. command and control
The reality is that IT already supports physical security and has strong influence on its infrastructure and technology environment. In larger IT departments where IT specialists exist, such as a storage specialist, they are already supporting network video and should care about which cameras and applications are pushing content to their storage. This means that IT needs to understand storage requirements and limits, as well as process orchestration, in syncing storage systems. Understanding details of camera technologies and applications helps IT influence good decisions based on bandwidth, storage, and management capabilities of cameras.

Additionally, IT often controls what gets on the network as well as budgets and approvals. IT also needs to pay attention to physical security and its technologies because the corporate network is the vehicle through which high-quality video data gets in the hands of security personnel and executives who need to know what’s happening when a situation unfolds.

The reason IT won’t become the full boss of surveillance is a matter of expertise. When IT absorbed and took over voice-over-IP technologies from telcos, there was a small learning curve for a new technology on the IT network. With physical security, it is much more involved. IT isn’t going to carry badges and arrest people, and they will not acquire state security licenses that are required by some states to install cameras -- both of which can be extensive processes. IT won’t create and maintain emergency response planning protocols or purchase and manage guard shacks, barriers, and other physical assets.

Over time, IT will exert greater influence over physical security tech implementations, while physical security will continue to own its piece of the corporate organization. In some instances, where facilities personnel own the physical security practice (instead of trained security professionals), IT will have greater oversight over physical security. In other circumstances where professional security, safety, or law enforcement departments exist (like on campuses), those organizations will take an “IT infrastructure-as-a-service” approach, giving physical security the IT capabilities they need to be successful.

The changing landscape of physical security, with its increasing reliance on the corporate network, will continue to strengthen the working relationship between IT and physical security, as well as IT’s involvement in the initiative.

Fredrik Nilsson has been responsible for Axis Communications North American operations since 2003. In this role,  he has been instrumental in leading the industry shift from analog closed circuit television to network video. Mr. Nilsson serves on the Security Industry ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.