Establishing a security technology facility plan is essential for the development of a comprehensive, layered and integrated security program. With any security program, the first step for facility managers is always to conduct a threat, vulnerability and risk assessment (TVRA) to determine what the issues are and a capital investment into technologies must be made. This is often missed, resulting in companies incorporating solutions without really understanding why they are needed.
Knowing how the facility should function is a key component of the TVRA. It should consider the realistic business threats, critical assets to protect, vulnerabilities associated with those assets, and risk mitigation measures that support buying down that risk.
One component of buying down risk is technology investment. Often, we are enamored of the latest camera, command center visualization tools, or access control function. All are necessary, but the first thing managers should think about is what the backend infrastructure should look like and how it can be set up to future-proof the system that will be implemented.
Preparing the backend
The backend is the heart of the system, and in simple terms it includes the following: a clean, designated space with proper cooling, network video recorder (NVR), cabling, power over Ethernet (POE), switches, facility power, and back-up power.
When building the backend, one of the most important decisions managers must determine is the capability and capacity of the NVR. This equipment, also known as a server or the “brain” of the system, is designed for IP-based systems. Some key considerations when picking the right NVR for your business include speed, storage, expected lifespan, and a redundant array of independent disks (RAID).
All of these components help protect data while ensuring that managers are getting the most from the system. Technology experts often talk about the main distribution and intermediate distribution frames (MDF/IDF). This is essentially the backend infrastructure, or the server room. These areas are designated for a purpose and connect the server functions to the devices that make up the technology package.
When building this system, consider the type of cable to use. Various options exist in the market from legacy CAT5 to fiber. The video surveillance system (VSS) will require proper cabling in order to obtain the maximum capability from the devices. We often see systems built around decent server capability, but lack the proper cabling to achieve their full functionality. This is due in part to poor planning and thought or budget constraints as the system is implemented. This decision should be weighed carefully due to the high cost of retrofitting a system from a cabling perspective after implementation.
Monitor technology changes
Additionally, it is important to look to the future and consider the constant evolution of technology. New and emerging technologies are always coming to market and changes from increased competition often take shape within 18-24 months. The system should be organized to support additional components or data layers if planning to use on-premises storage capability.
Cloud storage options are available that should be considered and tied to the plan on how to operate the facility and access the data. If data is onsite, then backend infrastructure must be designed to accept more capacity.
Finally, managers also need to be cognizant of the estimated life cycle of the system. A good technique is to develop a technology roadmap that considers by calendar quarter when devices will reach their manufacturer’s estimated lifespan.
In addition to the estimated lifespan of the hardware in your backend infrastructure, it is important for managers to consider the system’s software when developing a technology roadmap. Most NVRs are rebranded servers from major manufacturers that operate on a server software separate from your video management software (VMS). Just as in the case of hardware, the software will also have an end of life (EOL) as well as an end of service life (EOSL). What this means is that the software developer will no longer sell and may not support the version of the software that is running on your backend infrastructure.
Why does this matter if the system is still operational? When a developer stops supporting a version of their product, they may no longer develop critical security updates for the software, leaving backend infrastructure vulnerable to security threats. It is also important to note that the VMS running on your NVR will also meet an EOL and EOSL. While a security vendor may offer to update the VMS to take advantage of the most up-to-date system technology and capabilities, it may not be compatible with outdated NVR server software. EOL and EOSL dates are often made available months and, in some cases, years before the specified date. These dates should not come as a surprise to security and IT professionals. These considerations highlight the critical nature of developing a technology roadmap to pre-plan and coordinate EOL and EOSL dates between hardware and software to maintain a secure and reliable backend infrastructure.
Once this is organized and arranged managers can estimate when to sunset technologies promptly, allowing for seamless operation, cost-effective purchasing, a positive return on investment, a system lifespan that never reaches complete failure and peace of mind. Remember, security technology systems are not a set and forget tool. They must be monitored and maintained. Care must be given to the day-to-day operations, as system maintenance is as equally important as thoughtful design.
Bill Edwards, associate principal, leads Thornton Tomasetti’s Security Design & Consulting group. A retired U.S. Army Colonel, Edwards is an ASIS Board Certified CPP, PSP, and PCI.
Jake Ziegler is a future technology specialist at Thornton Tomasetti. Ziegler, a former member of the U.S. Army’s Special Forces, specializes in electronic security design.
