With IP blooming, software-as-a-service (SaaS) is the next natural step for physical security. However, IT complications have hindered real growth. Vendors are still sifting through limitations to deliver true plug-and-play, user-friendly and cost-efficient services.
Network administrators are notorious for rejecting security software on their networks. "Any application residing on the network is added work, which requires the right firewall, configuration of routers, maintaining and updating software patches, and so on," said Dorairajoo T, Executive Director of Securcomm Solution.
If devices are not true plug-and-play, installers need prior knowledge of the network infrastructure to address compatibility issues. The hardware specifications, therefore, are of paramount importance, said Terence Lee, Director of Product Management, APAC, Ingersoll Rand Security Technologies.
Plug-and-play devices in video, access control and intrusion detection automatically seek the host server, allowing installers with minimal IT knowledge to deploy the system. This connectivity makes plug-and-play devices critical for system success. "With systems that do not have self-discovery, you'd have to purchase IP addresses and network address translations to get the network camera connected to the hosted video system," said Fredrik Nilsson, GM of Axis Communications. A specific box solution with routers can often solve the problem, but adds a layer of cost and complexity.
With devices that can automatically connect to the server, there is no port-forwarding involved, making the service more secure. This is particularly appealing when installing cameras at remote sites. Cameras are plugged in and immediately dispatched to the right hosting company, rather than being forwarded to outside servers before reaching their final destination, Nilsson said.
A common problem with software-as-a-service (SaaS) deployment is incompatibility between user protocols, platforms and browsers. While this also occurs with traditional security systems, the issues are magnified when all management and services are conducted through the Internet.
Integrated home management solutions must support different wireless protocols. "Solutions need to push all the information from various devices (such as security panels, cameras, thermostats and so on) through the Internet to vendors' hosted servers. Platforms need to take into account a number of wireless solutions available to residential users, such as Wi-Fi, Z-Wave, ZigBee and GPRS protocols," said Gregory Roberts, VP of Marketing at iControl Networks.
Aside from supporting communication protocols, existing systems often require flexibility to add new features. Most third-party SDKs for video surveillance only work on the Internet Explorer platform, particularly for DVRs. In hybrid systems for larger installations, SaaS providers are at the mercy of the DVR manufacturer. "We end up having to work with whatever platforms the DVR supports," said Steve Van Till, President and CEO of Brivo Systems.
A way to avoid installing custom browser plug-ins would be to use a Flash client, providing cross-platform functionality for all major browsers across Windows, Apple and Linux, said Steve Roskowski, CEO of Viaas. This is a departure from traditional plug-in based models demanding separate installation, development and support for each browser and operating system.
For access control, there are fewer compatibility issues. New develop-ments are moving away from machine-dependent models to embed the application on devices, such as a controller. Access control systems today have controllers connected to a cloud cluster, which connects to a host computer where the SaaS software resides, Dorairajoo said. "We're trying to remove the host computer, which is machine dependent, meaning that you will no longer need the power of a computer to run the SaaS." This translates into more secure and reliable services, as operating systems are prone to various manipulations.
Widespread skepticism of data security is shared by users. SaaS vendors typically reassure users that data is as secure as online banking — the premise being that if users trust online banking, they can trust SaaS. Internet security is becoming more robust, as SSL and VPN encryption assuage most user concerns.
However, the moment data enters the Internet, it is susceptible to hacking. Most security advisors prefer an environment not open to the World Wide Web and its risks. "The problem with user name and password authentication is that a lot of programs on the Web copy your keystroke. The moment you key in, the program recites it into the background and sends it to the Web-browser's originator," Dorairajoo cautioned. Antiviral software rarely picks this up as a priority threat.
Some SaaS vendors will partner with managed IT security service providers to oversee the data and protect against hacking, said Jon Ramsey, CTO of SecureWorks.
Despite SaaS being readily available and mature in other industries, it is untested for physical security. The concern about vital and personal information being viewed by unauthorized people is why users continue to err on the side of caution.
That said, while remote video management software offers enhanced functionality and features over exiting analog solutions, IMS Research projected that its proliferation will be a gradual and evolutionary process, rather a than rapid and revolutionary one. Analog cameras and DVRs will be preferred for low-end surveillance applications for many years to come.