By Sean Robson
Physical security is a key element to consider when it comes to protecting your enterprise.
Physical security is becoming a key element to consider when it comes to protecting the enterprise. With a plethora of choices in the market, the question is how to pick the right technology and ensure effective integration into the security policy.
Physical security is becoming increasingly dominated by internet protocol (IP) based technologies and solutions. Datacentres which for so long have been serviced by more traditional options such as closed circuit television (CCTV) or physically-present security guards are now able to rely on a largely automated, integrated and networked solution.
"With the increase in IP based systems, it has become very easy to integrate all security solutions onto a single network. Physical security solutions for access control, fire detection and video-surveillance are installed and interfaced on an IT system using standard IP devices such as Ethernet cables, switches, servers and client devices. These solutions can then communicate with each other and be managed and monitored from a single control room," explains Gilles Ortega, regional manager of Axis Communications.
It is the play of IP. Bringing it all together makes a solution that is more powerful than the sum of its parts.
Magesh Srinivasan, regional marketing manager at Sony Professional Solutions confirms this rapid transition from analogue systems like CCTV saying, "We are seeing a huge transition to IP based technology and we are promoting technical awareness of this new technology, among both security consultants and end-users alike."
The advent of IP-based systems, biometrics and smart cards has meant that there is a plethora of different physical security technologies to choose from.
According to many players in the industry there are two aspects to be considered when making these choices namely the technology used and the features offered by the security system.
Indranil Guha, manager of IT infrastructure management at Dubai's Roads and Transport Authority, points out another aspect that should be considered before implementing a solution.
"There are certain governmental mandates that need to be fulfilled. For instance a firm cannot have a stand-alone IP system but must also install CCTV cameras, so in case there is a hiccup with either technology there is a back-up. We will, I believe, see more such mandates in the future," For Mohammed Sabunchi who is the director of IT infrastructure at the Dubai International Financial Centre (DIFC) it comes down to more than just what is purchased and implemented.
"The bottom line in my opinion is this - it is important to use the systems and procedures but just as important to maintain and improve them. It's not about just buying the best solution but also deploying and managing it well."
The old and the new
Physical security solutions have traditionally been broken down into three main areas - access control, fire detection and video surveillance. The advent of IP-based technologies is seeing these areas begin to merge and bleed into one another.
When there is an open architecture across networks, enterprises can do away with a single line to each individual camera and recorder. Single lines lead to increased expense and limited adaptability.
"It's about integrating building management systems with low current systems such as fire and life safety, access control and IP security systems or CCTV. More and more enterprises are beginning to have such systems deployed," agrees Srinivasan.
Niche technologies, such as smartcards and biometrics are now finding their way into the mainstream physical access technologies as enterprises look to more secure ways of safeguarding their datacentres. Biometrics as a technology to monitor and manage access to datacentres is growing in popularity among datacentre managers.
Part of the reason for this is that implementing the technology may mean something as simple as setting up a biometric device outside the datacentre and linking it to a central database.
Moreover, there is the growing awareness that fingerprints or retinal scans can prove to be much more secure than smart or proximity cards.
Radio frequency identification (RFID) is another technology that is seeing increased adoption among certain industries and selected pockets throughout the Middle East.
"We are seeing a growing trend towards RFID applications as they become more relevant in terms of critical solutions. For instance, in case of unforeseen disasters like fires or accidents, enterprises know where their assets and employees are located," says Murli Nair, CEO of Barcode Gulf.
According to Nair and his team, RFID technology based cards have been adopted more extensively in government organisations, as well as banks and financial institutions in the Middle East. They add that the trend is starting to move to larger enterprises in other verticals as well.
When it comes to recommending barcoding and RFID as elements of access control in the physical security system Nair points to two things, "You need to ask yourself, what are my needs, and then, can it be justified. It is initially a costly exercise and so I believe that the requirement should be critical enough to necessitate an investment in these technologies."
Divide and spend
As technologies continue to evolve, the modern organisation begins to incorporate physical security solutions as a part of overall security budgets, and CIOs and IT managers have to budget accordingly.
According to most industry stakeholders, average physical security spend will depend on the existing infrastructure of an organisation together with the specific needs of the enterprise.
"One cannot provide a generalised percentage of budget for physical security as cost estimation depends on the type of project. For example, commercial building projects and luxury real estate projects have distinctly different needs and requirements at the application level. Therefore the investment is dependent on the criticality of the desired application to the overall project," says Sony's Srinivasan.
Ortega was willing to recommend an idea of the breakdown and how the spending on physical security should be weighted.
"I recommend that it be broken down into thirds, a third for the IP cameras, a third for the software and a third towards associated equipment like recorders and monitors. I do believe though that whatever percentage of the budget is spent should ultimately add value to the project."
The RTA is an example of an end-user in the process of formulating the right mix of applicable technologies and budget.
Guha says, "Currently, we are spending a very small percentage of our budget on physical security but we are allocating a much larger share to it as we upgrade our existing solutions."
The RTA's physical security solution is currently comprised of CCTV and access control systems along with security guards.
"We are in the process of building a new office and that will be a 'smart' building, complete with IP cameras, motion detection, fire and safety protocols as well as CCTV," says Guha.The DIFC is another example of an end-user who has gone with an integrated solution to their physical security needs.
"We use a combination of CCTV, smart cards, secure containment under lock and key, and secure rooms with guards. We try to keep things separate and managed by us," explains Sabunchi.
As physical security technologies continue to increase, vendors are beginning to realise the need to provide customers with reliable standard-based technologies that can ensure interoperability.
Recently, Axis together with Bosch Security Systems and the Sony Corporation have risen to the challenge and are working together to this end as they prepare to create a new standard for the interface of network video.
The main goal of the new standard currently being worked on would be to facilitate the integration of various brands of network video equipment and to help manufacturers, together with software developers and independent software vendors, ensure product interoperability.
The companies state that the framework of the standard, incorporating the key elements of network video product interoperability, will be released in October 2008 in Germany.
Meanwhile, enterprises continue to face challenges internally - namely with the management and amalgamation of physical elements in security.
Integration of the physical security aspect into the overall security of the enterprise has led to the increasing emergence of chief security officers (CSO) in the Middle East.
"As a security solutions provider, Axis has witnessed the emergence of CSOs in large companies. Their responsibility covers both IT and physical security. In addition, they often manage IT and security owners in any particular enterprise and define the overall policy together with both specialists," Ortega confirms.
This has brought an added dimension to what has traditionally been a thorny issue in the world of physical security. Responsibility for physical security has long been divided or held by either the facilities team or the IT team which has often times led to conflict and confusion.
Sabunchi and his team at DIFC have taken a holistic approach to their management of physical security. The facilities department along with the IT department and in-house security all play a role in security management.
Sabunchi says, "The IT department sits down with the security team and explains our requirements and justifications, they then come back to us with possible solutions and when we both agree on the right one for implementation, we take it to the facilities management team. We find the system works quite well this way."
The RTA has gone a step further in embracing integration of the departments with the administration department in overall charge of security. The facilities management team and the IT department both give input and assistance.
Most industry insiders side with the thought that there is increased integration between the security team and the general administration team in most enterprises.
Many hold the view that the future will see no differentiation at all between these teams and that there will be one unified team that will manage the overall security system.
Anthony Fulgoni who is vice-president of international strategic sales at Proxim Wireless, which is increasingly seeing a demand for products that support the IP security market puts it succinctly, "It is the play of IP. Bringing it all together makes a solution that is more powerful than the sum of its parts."