Internet-Based Security System Service Almost Ready For Prime Time

Mar 1, 2003 12:00 PM

It wasn't that long ago that people advocating the use of a cell phone as a backup to a dial-out alarm system were ridiculed. Cellular back-up is routine today.

Similarly, while most everyone in the security industry regards viewing jerky and fuzzy video images over the Internet as routine, the idea of the Internet delivering a wide range of security systems services is often rebuked.

It is not difficult to understand why anyone might distrust Internet-based security, to wit:

• Many locations don't have high-speed Internet access.

• Some Internet Service Providers (ISPs) are known for not providing reliable service.

• Much of the networking hardware used on the Internet is unreliable.

• The Internet is an untrusted, public network.

• Network security hardware and software do not provide an adequate degree of security.

• Security practitioners often ask: “Why would anyone need this, even if it were reliable?”

These issues must be addressed before Internet-based security services are ready for prime time. The ongoing silicon-based industrial revolution is gradually chipping away at these problems, but not because the security industry needs it, but rather because “they” need it. Few would disagree that the driving force behind growth of the Internet is e-commerce. Because of this, the cost of bandwidth will likely decrease long before network security is substantially enhanced on the majority of the Internet. The resources being applied to solving these problems are relentless and immense, however. It is only a matter of time before these issues are no longer obstacles to the delivery of security services over the Internet.

What is Internet-Based Security?

The security industry is already familiar with using wide-area or local-area networks to send and receive security signals and data. Internet-based security is the next step in that progression. As soon as a network is connected to the Internet, any authorized computer with a browser can receive security services. For that matter, any security system, even a system that is not networked, can be potentially made Internet-based, fully or partially, the moment Internet access is provided.

Security systems services presently fall into one of two categories: proprietary and contract. Proprietary systems monitor and manage security systems within the structural organization of the owner of their owner. On the other hand, contract services, such as those provided by a commercial central station, provide the same type of service, but under “contract” to the owner of the security systems. Internet-based security systems services do not represent a new category. Rather, they represent an additional means of connecting a system to either a proprietary or a contract central station. Traditional central stations are connected to the security systems being monitored by means of a network connection (i.e. Ethernet), a telephone dial-up, direct hard-wire connections, satellite uplinks, or by radio signals.

Internet-based security services have already been available for a number of years, albeit in small ways. Childcare centers, for example, have allowed parents to view their children by means of live video over the Internet. The images are generally “snap shots” of a scene in the childcare center, but the growth in high-speed Internet access and constantly improving video compression technology are making live, streaming video commonplace. Some commercial services are now available to allow managers to view point-of-sale scenes to monitor employee conduct and even to provide audit capabilities by interacting with “intelligent” cash registers.

The future can be clearly discerned by observing what manufacturers are providing as standard features of security hardware and software. Product literature that cites either “IP-addressable” or TCP/IP (transmission control protocol/Internet protocol) reveals that the product has some potential for network-based or Internet-based applications. IP-addressable CCTV cameras are already common. It should be noted, however, that a device that is IP-addressable does not necessarily guarantee it can be used on the Internet. Such devices may only support a subset of the TCP/IP standard and require that a security network be configured in a specific way. Connecting this device to the Internet may conceivably require just as much as connecting any non-IP addressable device.

There are companies already marketing services to remotely record video scenes across the Internet and to provide customers access to those recordings on demand. Even more specialized security hardware, such as iris-scan biometric access control hardware, can be found that is TCP/IP-ready and can allow access to more than 100 doors over the Internet. The abundance of Internet-capable security hardware clearly suggests where manufacturers believe their future market will be found.

An important, related movement in the Internet industry is the development of application service providers, or ASPs. Playing video games on the Internet for example, is often an ASP service. The host provides the software — or, the application. The player uses the software from his or her personal computer. It is not much of a stretch, therefore, to envision how an ASP could provide security services. A commercial central station could operate a security ASP, just as an ASP could monitor security alarms that are reported across the Internet. It's capabilities could go further — for instance, a security ASP could maintain an authorized access database. If an employee is terminated for cause in one facility, it could be a long time before the database of a different facility owned by the same company is updated to delete access for that individual. A centralized database maintained by an ASP would provide a one-step remedy to that problem — all facilities would be connected to a single, master database. One startup company has gone further and is planning to connect police departments, enabling the police not only to view and hear what is happening at a crime scene, but to follow events as they occur before a police response arrives. The federal government could also benefit by viewing the images being monitored by a security professional operating an X-ray machine or explosives detector at an airport.

Why Would Anyone Want It?

There are many reasons why someone would want Internet-based security systems services.

• Cost savings. Assuming that all of the “bugs” can be worked out, possibly the most important reason for providing security by means of the Internet is that cost savings to companies and governmental agencies could be massive. On the other hand, however, it is possible that the cost of creating a secure connection over the Internet could be more costly than creating such a connection on a private wide-area network (WAN). The technology may be far easier to develop than to make cost-effective.

• The costs of developing the infrastructure for Internet-based security systems services will be developed primarily borne outside of the security industry. The same cannot be said for proprietary or contract central station services.

• As long as there is access to the Internet, any point in the world that has a PC and a browser can be provided with security systems services. This would be a boon to multinational corporations with plants and offices around the world.

• Companies with dozens, or even hundreds, of facilities and offices often contract individually for commercial central station services for each location. These costs can be significant. There are a limited number of commercial central stations that can provide services throughout the United States, and fewer that can operate internationally. Although such companies are increasingly creating their own proprietary centralized monitoring capabilities in lieu of contracting out, an ASP approach would allow them to cancel all local central station contracts and to avoid the costs and management burdens of running their own central station.

• The Internet would be an alternative to telephone dial-up connections, or could be a supplement.

• As noted earlier, the security ASP could maintain a master access control database that serves authorization data to countless locations.

• Hosted facilities would not have to purchase their own central station equipment and software or to subsequently maintain, repair and upgrade it.

• Hosted facilities would not have to provide personnel to monitor and manage security systems, and they would not have to train them.

• The ASP could purchase large amounts of network bandwidth and vast systems for storage and retrieval — things that individual facilities could not afford.

• Internet-based security services can provide video and audio surveillance from any location that has Internet access.

• Dial-up connections probably cannot compete with the wealth of intelligent data and signals available from a security ASP. Moreover, dial-up connections certainly could not manage video feeds to any meaningful degree.

• A security ASP could provide invaluable links to virtually limitless information and database resources that would be impractical for a traditional proprietary or commercial central station.

• Users could subscribe to security software, such as incident reporting software, thus avoiding the costs of training their personnel to maintain it. Obsolete software would be a thing of the past, as would expensive database conversions often required when software is replaced. Data conversions, however, could be expensive should a subscriber decide to switch to a different ASP.

Why Would Anyone Not Want It?

There are plenty of reasons why many may not want Internet-based security, or at least, not now.

Although the creation of a Virtual Private Network (VPN), and other related Internet security countermeasures, might significantly enhance the security of Internet-based security systems services, the potential perils of Internet security are chilling.

Here are a few:

• Hacker attacks on the security ASP would be relentless. A security ASP could become the Holy Grail of hacking. Granted the hackers are rarely successful in penetrating properly protected sites, one must assume that some sites will not be properly protected.

• If they can gain access, hackers could also willfully overload the ASP system, sending tens or hundreds of thousands of signals. A “denial-of-service” attack is becoming a growing problem for the Internet.

• An insider threat could be devastating to a far larger number of users.

Here are more downside issues relating to Internet-based security:

• An ASP with hundreds, or perhaps thousands, of subscribers could eventually be overwhelmed, especially if interactive services are required, such as live video to interview a person who has lost an electronic access card and requests a remote opening of a door. One may recall that America On Line (AOL) was overwhelmed by a growth in subscribers that overtook the capabilities of its hardware, as well as how long it took to upgrade the hardware to meet the demand.

• An Internet-based security systems service may not have as many features and capabilities as a proprietary central station using state-of-the-art management software.

• A security ASP may have difficulties in connecting with proprietary security systems software and hardware. Some manufacturers have willfully elected to make their products incompatible with the products of other manufacturers in order to inhibit customers from switching by making a conversion prohibitively expensive or by means of the protection afforded by licenses. Similarly, the ASP could also be designed to be highly proprietary in order to make it difficult for subscribers to switch to competitors.

• Although an Internet-based security systems service may eventually be able to provide supervision capabilities (the ability to detect that a connection to a subscriber has been lost or compromised), the technical challenge of constantly polling hundreds or thousands of subscribers is, at the very least, daunting for small ASPs. If this turns out to be true, it could mean that eventually all ASP services will be provided by mega-companies, and low competition generally equals high prices.

• Access to the Internet is notoriously unreliable. While it may be possible to construct a security ASP that has routes through various ISPs, the Internet still has choke points that can affect them. Current ASP concepts, however, have protocols to constantly try to get connected.

• Many locations don't have high-speed Internet access. High-speed access providers are driven by “population density” and “population wealth” considerations. They provide access to areas based on the economics of their installation costs versus the probable number of new subscribers. Moreover, the cost of installation is also an important factor. Areas that have out-dated cable equipment, for example, may find that the cost of upgrading and the cost of installation to individual subscribers makes high-speed connections impractical and cost-prohibitive.

• Some operating systems and network hardware and software are infamously unreliable and unsecure. Network hardware and software tend to crash. Redundancy and fault-tolerant equipment may mitigate the risk, but it is unlikely to be eliminated entirely. To get a sense of the problem, one has but to recall how many “security patches” are typically released by operating system manufacturers.

• Shortages in high bandwidth continue to be a nagging problem.

There is high confidence that the ASP concept will eventually become a player in how security services are delivered. Whether it will become the dominant force is far less certain. The question, therefore, is no longer when will Internet-based security systems services be available, but rather when, and if, they will be accepted.

For The Record

ABOUT THE AUTHOR

John J. Strauchs is CEO of Systech Group Inc., Reston, Va., an engineering firm that specializes in security, fire protection systems design and consulting.

ABOUT THE COMPANY

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

Systech Group Inc.

14

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue