One way or the other, technology creates the imperative for change and drives continual, iterative efficiencies throughout the business world. The surveillance sector is not immune from the effects of technology’s advance, of course. For example, over recent years many town and city centre management teams across the UK have installed fibre optic cabling to enable companies to enjoy the benefits of broadband, ‘always on’ rapid access to both e-mail and the Internet.
For most companies based in major UK cities, broadband access is now becoming much more affordable. The creation of so much additional network capacity has also engendered an opportunity for companies to save money by working this telecommunication industry harder.
Advancements in Voice-over-IP technology, for example, make it possible to conduct telephone calls via the Internet to anywhere in the world at the price of a local call. It also provides the ‘piping’ down which the output from IP surveillance cameras may be routed.
As broadband access has continued to spread in the way that systems providers confidently predicted, so network managers have necessarily had to become experts in managing the capacity of the network – or in ‘bandwidth management’, as it has come to be known. Without proper bandwidth management, companies risk incurring downtime when employees are unable to use computing resources to file reports, draft articles, send e-mails and explore the Internet for market knowledge.
In short, most companies now depend on computing resources for their very existence. Every minute that the business isn’t able to send e-mail and access the World Wide Web represents lost productivity and/or revenue. The only question is how much revenue?
Bandwidth management solutions
In order to solve the all-important issue of bandwidth management and assure quality of service, sophisticated bandwidth management solutions have been created by the likes of Packeteer. These products work by giving priority to certain types of network traffic. They also provide the perfect tools for effective management of IP surveillance on the corporate network.
For the first time, managers can realistically expect to use existing network infrastructure put in place for computers to manage physical security around the building(s) or facility in which the company operates. The argument that live video or digital still images could never be streamed across the corporate network because it would hog too much network capacity no longer holds much water if bandwidth is properly managed.
And there are compelling business arguments for using the corporate network to route, manage and store surveillance camera output. As it stands today, CCTV technology demands its own dedicated coaxial cabling network. These cables are expensive to buy, install and maintain. Not only that, output from these cameras is generally being routed to dedicated monitors that are also far from cheap to buy, install and subsequently maintain.
On top of this, companies need to employ trained personnel to view these monitors around the clock. Output from CCTV systems is generally saved to time lapse video recorders which often become an easy target for theft. Tapes from these recorders wear out after being used for several ‘passes’ and need replacing. You’ll know the scenario by know.
In addition, the recorders themselves will require regular cleaning and maintenance work to be undertaken.
Plugging-in to the corporate network
The alternative for companies is to route existing CCTV cameras through a video server directly into the corporate network. In a ‘green field’ situation, companies can buy and install IP-based surveillance cameras for plugging directly into the corporate network. Such cameras have their own IP address, much like any PC.
In itself, this creates huge advantages for companies who wish to outsource the monitoring of their offices and facilities to a third party surveillance or monitoring centre. This centre will simply need a password and IP address, and is then able to access pictures from a camera placed anywhere in the world via the Internet.
With some of the more sophisticated networked cameras it’s also possible to have video pictures transmitted via the Internet to, for example, a remote monitoring centre. Alerts may also be issued if a camera has been disabled or motion has been detected across the field of view. Such alerts may be transmitted in the form of SMS messages direct to a mobile telephone or via e-mail to a PC to pre-agreed contacts who can then view images to assess the situation before deciding whether to send in an investigation team. Provided that they have an Internet-enabled mobile telephone, the security manager will be able to roam around offices and still be in touch with security ‘developments’. In years to come, those same managers will also be able to view images from these network cameras live on their mobile telephones. That’s real advancement.
The security manager’s role
What do all of these advances in surveillance mean for the security manager? What they clearly mean is that very soon – if not already – their role will be significantly affected by the actions of the network manager, the IT department head or the IT director. Not to say the Board of Directors.
If the Board decides that it wants to see more productivity from its investment in IT personnel and resources, the IT department might well look at offering to run the company’s specified surveillance equipment over the network and monitor it from inside the IT section.
In such a scenario the traditional security manager may indeed look vulnerable, but he need not feel so. After all, it’s he or she who has the real expertise in physical security.
The security manager knows how to set-up the cameras appropriately. He knows what vulnerabilities to look out for and how to make maintenance checks. If he puts his mind to it, he also knows how to get the best out of all this new gadgetry to ensure that a company isn’t vulnerable to an intruder walking in through reception and straight to an office computer.
The security manager can of course leave the actual integration of this new technology into the network to the IT department. That said, he’s more than likely to be advising the network manager on security policy which will then be used to configure these products.
By way of example, the security manager will have complete control over all operational procedures concerning corporate security. He’ll be closely involved in decisions about when there’s a need to start streaming video over the network, advising on areas that need to be more regularly scanned and when alerts should be routed his way outside of normal working hours.
The security manager will already have been involved in decisions to deploy door identity tags, burglar alarms and other security equipment. In short, security managers have a great opportunity to get together with network security managers and IT department heads to make sure that the company is impregnable – not only from the hacker coming in through the firewall, but from the impostor walking in through the front door.
There’s an ideal opportunity presenting itself here to look at corporate security in a completely holistic way and, in so doing, eliminate the security loopholes that have dogged UK businesses for too many years.
Social engineering to the fore
One of the major reasons why critical corporate data is lost is down to the process of social engineering. Social engineering techniques are used by impostors to evade the guard on reception and gain entry to a building unchallenged. These techniques may simply involve assuming a friendly tone and saying good morning as they enter the building.
For example, take the impostor with a handful of coffees who brings them to the front door and waits for an employee to hold the door open for them simply because they can see that the individual concerned couldn’t reach his or her tag and hold onto all the coffees at the same time.
Never mind the fact that that same employee has no idea who this person is and hasn’t been trained on what to do in these situations. Most people would simply hold the door open to someone whom they regard is in need of assistance. Once in, it’s easy to find a spare desk, lay your hands on a personal password for a desktop PC and then gain access to the company’s prize asset – its data banks.
Where, then, do security managers need to start?How do they guarantee and cement their role as the high tech ‘eyes and ears’ of the company, sealing off corporate premises against unwanted guests and offering the ultimate protection for the company’s Crown Jewels – namely its confidential information?
Multi-layered identification
The future lies in multi-layered identification and authentication. In the future, employees and contractors will only be allowed to enter corporate offices once they’ve gone through multiple checks.
Some experts in this area say that people should only be admitted to a building if and when they’ve been subjected to such checks.
The first of these checks is based on ‘something they have’ (formally an identity tag, swipe card or even a smart card). The second is based on ‘something they know’ (normally a pass number or word punched into a door keypad). The final level of authentication is based on ‘something they are’ (ie an iris or fingerprint scanner or camera link to the desktop of the person who is due to meet them, and who can be identified by the ‘new arrival’).
With all three levels of checks in place, the security manager can then rest easy in front of the monitor screens, viewing vulnerable locations around the office or industrial facility in the knowledge that they will not miss any really dangerous criminals.
Embracing this challenge will also assist the wider issue of security personnel achieving greater recognition, better working conditions and pay as laid out in ‘A Contract of Substance’ – an initiative that, although it has (temporarily, at least) ceased to exist, was rightly well-supported by Security Management Today.
The badge of professionalism
Gaining the badge of professionalism with the minimum wage to match will no doubt be a hard-fought battle for the industry. However, if security managers are prepared to work to optimise the use of new physical security technology such as IP surveillance equipment – as well as multi-layered identification and authentication solutions – this can only stand them in good stead for the future.
In a similar vein, if security managers can work with network managers in the IT department to consider, test and agree on a complete security solution which is also a good use of existing network resources, they’ll surely earn ‘Brownie points’ with the accounts department.
Dedicated professionals will also ensure that they remain a valued part of every blue chip company’s armoury. Who knows, they might even be granted the higher levels of income they so richly deserve. One can only hope.
