23 Feb 2016

Editor Introduction

We hear that everything is going to the cloud – or is it? Security end users can be understandably confused by conflicting claims in the market from proponents of cloud-based or server-based systems. A number of major security companies are offering cloud video surveillance solutions apart from the traditional server-based systems. At the end of the day, how do you choose? What factors should be considered? We asked this week’s Expert Panel Roundtable: What factors should a customer consider when choosing between a cloud-based system and a server-based security system? Their answers offer plenty of useful advice about when (and when not) to opt for a cloud solution.

The initial consideration between a server-based and cloud-based security system is whether to spend the capital on kit plus an ongoing maintenance contract or ongoing service tied to a fixed term. The other major factor is the client’s perception of risk between an on-premise server-based system (with a corporate firewall, physical security and surveillance systems), compared to the infrastructure residing in the cloud or a remote data centre. Invariably the choices will be driven by security processes in place within the corporate environment and by ensuring the remote system is as impenetrable as the corporate network. Both options potentially leave the corporate network vulnerable to a determined cyber attacker, so the systems and access points to the network need to be sufficiently hardened to deter or prevent attacks. A full understanding of the potential vulnerabilities for either route needs to be evident in order to prevent potential attacks.

How is the system going to be used? What type of infrastructure does the customer have? Broadly speaking, cloud-based video and access control systems should be considered if the customer has a large number of relatively small sites that need to be managed centrally. Also, if there is a need to access data/video on mobile devices from remote locations, then cloud-based systems are essential. If video is being stored in the cloud, customers should make sure that there is enough bandwidth available to transfer the video, which may limit the number of cameras or the bitrates from the cameras. If bandwidth is limited, a "hybrid" approach could store video on site, but make it available via the cloud. Customers should also be aware of any regulations such as PCI (for retail) or HIPAA (for healthcare) that may affect where and how the data/video is transmitted and stored.

Greg Alcorn Synectics plc

The first thing that comes to mind is to consider flexibility and future proofing. If a customer is going to need the flexibility to change, modify or grow the system without spending thousands on infrastructure and hardware, then the cloud is a great place to start. As we’ve seen everywhere, when systems have moved to the cloud, endless flexibility and scalability are the primary benefits. ONVIF has been “cloud-conscious” for a while, which is why we have focused on providing standards that enable customers to deploy systems that maintain flexibility through an open interface in the cloud or on a server-based system.

Of course, the business need and intended use of the system guide the physical security specification. If the protected premises has an IT department to manage an on-site server as well as other updates that may be required, the total cost of ownership of a server-based system is manageable. Impact on bandwidth management, data security and 24/7 access to surveillance video are important considerations, especially with server-based systems. With cloud-based systems, bandwidth management is still a crucial consideration, but automatic backups, disaster recovery and software updates can be made automatically, without customer interaction. Availability is also possible remotely through a web connection anywhere, anytime, but trusting a third party with the storage, management and long-term availability of surveillance and potential evidentiary data can be a hurdle some end users are not yet ready to embrace.

Robert Lydic ISONAS, Inc.

This is one of the most pressing questions in the access control industry. Different vertical markets have different technology demands. The industry seems to be moving much more to the cloud for potentially greater security, ease of software updates, and the greatest ability to implement managed access control. Some keys in implementation of cloud technology are that the hardware needs to be able to operate independently of the cloud software in the event that the network goes down. The hardware should be able to make decisions locally and, when reconnected to the cloud software, auto-compile all of the data to the centralised database. Other considerations of cloud implementations are the physical install of the equipment. Integrators and end users should demand a system that is auto-configured from an IP perspective so that all they need to do is plug it in and through a web browser auto-enroll their reader controller.

Charlie Erickson 3xLOGIC, Inc.

There are two major considerations a customer must analyse: (1) What are the true benefits of one option over the other? (2) How do those benefits apply to my application? Server-based systems require a server to be managed and maintained, software to be loaded, and ongoing support. Computers fail and software needs to be updated periodically. Do I have the staff and equipment to properly support these needs? When factoring in the cost of purchasing the server, software and the ongoing support, is server-based more expensive than a hosted system for my application? Cloud-based requires connectivity at the device level to the Internet. Does my company have IT policies in place that limit device connectivity to the Internet? By definition, a hosted solution has far fewer items to install and support. Cameras and access control hardware rarely fail, so support is minimal in a hosted environment.

Editor Summary

As with so many questions when designing security systems, the choice of a cloud-based or premise-based system often comes down to the specifics of an application. Some situations point irrefutably to the cloud, while others present challenges (such as bandwidth) that cloud solutions still can’t overcome. There is also a comfort level with server-based systems that some end users can’t seem to overcome. At the end of the day, cloud systems present another useful choice to enable integrators and end users to maximise system value. Having choices is good – even if making choices can be perplexing.