Home Infrastructure Security and the Internet of Things

Security and the Internet of Things

by Benchmark

Ask a dozen people to explain the Internet of Things, and the odds are you’ll get a dozen different answers. One thing is certain, and that is putting the hyperbole to one side, the predicted phenomenon is coming. Some might argue that it has already arrived, albeit in an embryonic form. Here, with the assistance of leading providers in the security market, Benchmark considers the potential it offers to the security systems sector.

[dropcap]W[/dropcap]hilst many people like to herald the Internet of Things (IoT) as a complex technological advance, the concept is actually quite simple. Indeed, rather than being a brave new world, it could be argued that it is simply an upgrade of current established M2M (machine to machine) communications.

The core concept of IoT is the ability to connect devices. Whilst the accepted internet is a network of computers, predominantly with human operators, IoT brings smart devices into the mix.

As an example, consider central heating in a residential application. Typically, a boiler will operate on a timer schedule, and heating levels will be set via temperature controller. Thermostatic valves will then regulate the output of individual radiators in order to maintain relatively consistent temperatures.

In today’s world of mobile smart devices such as phones and tablets, internet connectivity, apps and automation, some level of control can be exercised over heating remotely by the home owner. So, how might IoT impact of this scenario?

Connected temperature sensors – both internal and external – might be used to automatically control times when the boiler is operating, in accordance with pre-set thresholds. This would ensure consistent and comfortable temperatures without any interaction from the user. They still would be able to override the configurations. Connected automatic valves would even allow the adjustment of temperatures in specific rooms.

Taking things a step further, the heating system could utilise shared data from, for example, a local weather forecasting station. This would enable automatic adjustments for changes in climate, including the occasional freak hot or cold days that the UK seemingly struggles with.

Additionally, the heating system could share data with other household systems to create an accurate energy use record, and manufacturers of such devices are claiming energy savings of around 20 per cent where intelligent systems are deployed.

This example only looks at a localised use of IoT technology. The potential for businesses and organisations using IoT is immense, especially when you consider national and international opportunities.

The scope of IoT is enormous. Ranging from household devices and appliances, mobile systems, entertainment, through to IT systems, process machinery, building management, transportation and medicine, there isn’t a lot that won’t be covered as IoT spreads its footprint. Admittedly, in the early days, the security systems sector will only be interested in a few areas.

The ability to interface with audio will open up a range of possibilities. Audio is increasing being seen as an essential element of security and business intelligence, and in truth security manufacturers haven’t been the best at audio delivery. IoT could allow connectivity to best-of-breed audio devices.

Intelligent lighting control is another area that could benefit security. Whether this is in the form of lighting control when spaces are unoccupied, or the management of lighting for enhanced security, the options are manifold.
When it comes to site management, elements such as electronic signage could offer benefits when connected with business intelligence solutions.

For the security sector, it is not a case of struggling with the enormity of IoT, but selecting the right devices that can add value to security systems.

How important are Open Platforms to IoT implementations?
Justin Hollis, Marketing Manager, Samsung Techwin Europe
Any manufacturer of electronic security solutions which buries its head in the sand and ignores the added value made possible by of the Internet of Things (IoT) is likely to have a limited future. The potential for IoT to deliver real life benefits to end-users will drive our industry’s innovators to capitalise on the opportunities, and those companies that don’t will find themselves left out in the cold at some point in the future.

I joined Samsung Techwin Europe because I was excited about where the electronic security industry was going with open platform technology and the building blocks necessary to embrace IoT. However, it’s not good enough to simply say you have an open platform. It genuinely needs to be sufficiently flexible to interact with whatever hits it.
Applications should not be restricted; they should be able to share video formats as well as event and alarm information and raw data, and true open platform devices should additionally have the flexibility to handle more than one application simultaneously.
However, it is a question of timing. Although IoT is not new (the term was originally coined by British entrepreneur Kevin Ashton in 1999), from almost nowhere everyone now seems to be talking about it. Those who attended IFSEC 2015 will have noticed that the exhibition was buzzing with speculation and conjecture.

I recently came from another technology sector (the mobile telephone industry), where the conversation is alight with the Internet of Things. That industry is currently caught up in the opportunity to link diverse elements together, but conversation mainly runs deep on the subject of data protection.

The issues include who decides how data is shared between systems, and where is permission passed off between one platform and the next.

Ironically, security runs at the heart of this conversation, but we are talking data security encryption with protocols, not surveillance. In this sector the conversation is advanced with all the usual protagonists like Google, Microsoft and Cisco engaged, but no one has yet answered how to ignite relevance of the Internet of Things to the consumer. After all, why should someone link their car to their fridge?

As ever, the key to launching all new technologies lies in the B2B arena where the benefits can be easily understood and are certainly more tangible. It is a lot easier to convey the economics of convergence to an IT manager, as opposed to fickle convenience values for a consumer.

For example, it would be relatively easy to generate interest when approaching a customer with the proposition to bring air-conditioning, lighting, surveillance and access into a single interface. Just think of the headcount resource savings. Just think about the management of only one system.

It is very important to understand the potential value of machine-to-machine opportunities and prepare a product strategy accordingly. As a consequence, it is vital to have the most open platform language on the market to ensure that your own kernels of technology manage to interact with those of others.

Without this kind of preparation in place, manufacturers may end up with the inability to interface and become irrelevant within the context of the future shape of the market.

But herein lies the irony … none of it is relevant yet!

In the meantime, customers can take advantage of the benefits offered by open platform technology, which until recently would have been regarded as ‘pie in the sky’. However, it is already delivering added value to customers by allowing them to tap into selective on-board data analytics.

Partnerships with other sectors
Mike Sussman, Technical Director, TDSi
The Internet of Things (IoT) is being touted as the next big evolution in technology, with security being firmly included in its sphere of influence. Whilst there are huge potential benefits to be gained from having all these systems connected to one another, it is worth examining some of the issues that could stand in the way of complete and hassle-free integration.

One of the key issues which continues to persist is a lack of shared technical knowledge between security providers and some other parties involved in IoT. Security is a complex and sometimes finely-balanced commodity which doesn’t necessarily lend its self well to outside influences, especially those which have little understanding of security protocols.

There are many ‘hobbyist’ products that are available that can be used to perform simple tasks, such as opening car park barriers, and without knowledge of security or operational discussions risks can be introduced into the business.

The obvious answer is for the various parties to share knowledge and training on how systems interact and the Operational Requirements (ORs). Whilst this works very well for commonly integrated systems (for example, a physical access control systems and a business database system), use of IoT could introduce any number of seemingly unrelated technologies that need to work together.

The physical security sector has been quick to get up to speed with IP-based technology, something which has helped us move to integrated systems. Unfortunately this has not always been the case in reverse, with some IT providers being slower to catch up with the intricacies and benefits of integrating with physical security systems.

Conversely, some installers and integrators do not understand the intricacies of IP configuration such as firewalls, VLANs and SSL which can also compromise security. Equally, the security industry will probably not understand the intricacies of all other IoT devices, so ensuring both sides work well together is a considerable challenge.
Sometimes a lack of confidence on both sides can make true integration far more challenging.

A badly integrated IoT element could actually compromise security systems. Generally most organisations are protected by Firewalls, but a connected IoT device may not uphold this level of end-point security. A simple IoT device could be used to perform a straightforward task, but there is no guarantee it will include SSL encryption. This would leave a relatively humble IoT device as a worryingly weak point in the security of an IP network.

An IoT device could also be used to compromise security on an even wider level. Imagine something as humble as a refrigerator – something which could easily become part of an IoT network. It could monitor temperature or the space available inside, or even keep an inventory of the contents. All this data tells a lot about the users, from shopping habits to when they are in the building (or out of it).

The system could be maliciously tampered with, with the intent of spoiling the contents (leading to food poisoning or even the destruction of stored medicines). Furthermore, if the refrigerator was used as a ‘back door’ to a business network, the targets could be even more serious. This might even include the device being used to compromise the integrated security system.

The question of who is responsible for the components used in IoT is also a potential risk. In a typical business the different facets traditionally had specific owners: the IT department, the security team, etc.. However, IoT will see many areas of definition blur together and the responsibility for these crossover areas needs to be defined to ensure security and resilience of the business systems.

This is made more complex when Bring Your Own Device (BYOD) systems join the mix. The security on an employee’s smart device is unlikely to match that of company assets, yet the access to restricted parts of the network will need to be the same and could represent a weak spot in security.

Overall IoT promises to provide benefits for security, offering greater choice and options to customers, installers, integrators and manufacturers. It also brings potential risks which are by no means insurmountable, but do need the right consideration, planning and cooperation to ensure the benefits outweigh the risks.

IoT and system infrastructure
Neil Staley, Product Marketing Executive, Mayflex
The Internet of Things (IoT) will have – in fact, is having – a massive effect on the infrastructure being used for security solutions. This is because the use of propriety infrastructure will become obsolete for systems that want to take advantage of the benefits of being part of the IoT.

Structured cabling solutions that allow for TCP/IP and Ethernet will become the medium of choice. This will see an end to separate infrastructure for alarms, CCTV and access control.

IoT really means true integration of systems; all systems will run on the network. Buildings will be designed with standards-compliant structured cabling solutions built into the very fabric of the structure. This will guarantee that the service required for the client will work, no matter what and where it is to be deployed. This future has already been seen and has started with the introduction of EN50173-6.

The CENELEC standard, ‘EN50173-6 Information Technology – Generic cabling systems – Part 6: Distributed building services’, highlights how the future is going to look. The standard is readying the market for installing points for the network to be accessed. If end users want an IP-based access control solution, for example, the infrastructure will be close by to allow the service to be deployed.

Once services, no matter what, are using the TCP/IP Ethernet protocol, they are ready and able to join the IoT. An ISO11801 structured cabling solution gives the ability to do that, so in that lays the answer. If the solution currently doesn’t use this type of system, then it will have to in the future if it wants to join the IoT party.

Drivers for IoT adoption
James Smith, Marketing Director, Wavestore
Installers and systems integrators operating within the electronic security industry – as they have done in the past with other new waves of technology – are likely to view the Internet of Things (IoT) as an opportunity to generate new business, as well as providing their existing end-user customers with added benefit from their investment in video surveillance solutions.

As more and more disparate devices and technologies become ‘smart’ and network-enabled, the possibilities for integration and creating highly useful solutions for end-users are practically limitless. The opportunity comes from the fact that we’re already able to do a lot with intelligence gathered from video and a host of other data sources, such as that obtained through analytics or even plain old ‘dumb’ sensors.

The usefulness in combining video with data collected in real-time has very clear benefits and is being driven by advances in technology, open platform interoperability and reductions in cost.

As an industry, we have the ability to clearly demonstrate these benefits and work with end-user customers to provide solutions that solve important business and operational problems.

As with most technology, the IoT vision talked about by major world-leading technology companies seems like Utopia, and that is great as it sets a stage for discussion and drives innovation across the various industry sectors and markets. The challenge is that in practice, adoption will have to find its feet and interoperability will not be as simple as plug and play.

As we know only too well from previous experiences, many different companies will adopt lots of different ways of doing things, and there will be a number of issues to overcome. Not least of these is the security of the actual devices themselves which, bearing in mind that our business is security, is a major consideration.

Providing a flexible, open platform infrastructure that is able to embrace IoT is therefore incredibly important in facilitating these integrations over time; there will be many more devices from many more manufacturers that will have the capability of being part of the same solution, and this must be allowed for at an early stage.

This will ensure that end-user customers can take advantage of the many opportunities that will be opened up in a way that protects their investment into the future as technology cycles play out. The good news is that the security industry already has experience of this as we are already doing it to a certain level.

Today there are a myriad of integrations that speak different ‘languages’ to both hardware devices and software platforms in order to form seamless solutions. This proves that we are good at it as an industry, with robust, reliable operation at the core of what we are already able to provide.

So, what can we expect into the future? We will definitely see greater integration between specialist devices and machines in order to create more deeply connected solutions. However, technology that is more personal to us in our daily lives, as well as technology that operates successfully in the consumer world, will undoubtedly start to augment our industry solutions to provide enhanced benefits to the end-user.

Although we do not know exactly what the future holds, one thing is for sure: IoT widens the scope of what we, as an industry, will be able to deliver, but we must embrace it.

The role of Open Platform VMS will be essential in bringing together specialist security systems with other devices and commonplace commodity items. This will enable the creation of seamless, secure, robust and reliable solutions that will make a positive difference to the end-customer and further increase the value of our industry.

IoT and access control
Tim Northwood, General Manager, Inner Range Europe
Most LANS allow computers or other IP-enabled devices to make outgoing connections to the internet. However, LANS can present a major obstacle to incoming connections from the Internet, making the traditional process of enabling connectivity between devices located within a customer’s LAN and remote installer software a major headache for system integrators and other remote administrators.

Firewalls and routers can cause major issues for security system integrators when working remotely via a LAN connection. For example, gaining access to ports and applications to complete routine system maintenance or conduct fault finding can result in lengthy negotiations with customers’ IT departments or having to regularly travel to site to carry out necessary work.

When a LAN connection is the only choice, delivering a proactive remote service to support your customers security management systems can become complex and result in significant time wastage and escalating support costs, for both the integration company and customer.

Pioneering security system manufacturers now offer secure cloud services that deliver hassle-free, highly secure connection of hardware and software over the internet. When accessing a system controller located on a customer’s LAN, system integrators gain the ability to securely access clients systems via the internet, without ever touching any routers or firewalls.

The functionality of secure cloud services for IP connectivity is a game-changer for IoT interoperability within the access control market. Eliminating the need to connect to the internet via a LAN makes IP connectivity incredibly straightforward.

For users, the key benefits of secure cloud services for IP connectivity include a reduction of wasted resource time granting remote access via LAN connections, a reassurance that IP access is totally secure, increased responsiveness of remote support to deliver fast and efficient resolution of any issues, and a reduction in the number and associated costs of system integrator visits to site for fault finding, training support and routine maintenance.

There are also benefits for systems integrators. The approach simplifies the process of gaining remote access to security management systems, it ensures secure IP access without the need for a LAN connection, and enables responsive customer support service to quickly address security system issues and offer remote guidance for end users, thus creating a real competitive advantage for system integrators. In addition it can minimise the number of visits to customer sites, thereby reducing the overhead costs of support and maintenance, and gives the ability to conduct fault-finding remotely, identifying part requirements before leaving for site.

IoT and reducing system complexity
Peter Kim, Senior Director, IDIS
The Internet of Things (IoT) has a rather loose definition and means many things to different people. In essence, you can define it as anything that communicates on the internet, so anything that has a unique ID can be seen as an IoT device. In terms of video surveillance, we tend to think of sensors or controllers, IP cameras, NVRs, etc..

IoT devices are good at doing simple things, such as sensors and controllers to manage building access, lighting and temperature, but to really create a value-added application, a system needs logic built into the back end.

IoT seems straightforward enough, but its low power requirements and the limitations of computing power often prevent more sophisticated applications, and typically, the application logic is held in a back end server or an IoT hub.

An NVR or VMS can be considered to be an IoT Hub, providing alarm and event history tagged to the video, while the data can be accessed from a remote network connection. However, such systems create complexity from the number of IP addressable devices.

From a surveillance perspective, having a separate dedicated IP camera network decreases this complexity. Installers and operators only have to deal with one IP device: the NVR.

The NVR hides the complexity of all its sub-devices and IP cameras. If you have 32 cameras, typically, you are looking at dealing with 32 IP cameras, a VMS (or an NVR) and a remote app PC. This translates to 34 IP addressable devices. However, with the right system, you would need only one NVR and one remote app PC. All the IP cameras would be hidden as everything is accessed via the NVR. This can reduce complexity.

PSIM can be seen as an even bigger IoT Hub, but in most cases, PSIM systems require bespoke integration work, which can be costly and demand constant maintenance.

For small to medium surveillance systems, an NVR will be a perfect fit to work as an IoT Hub for alarm I/O, motion detection, audio detection, video/audio, VA data, etc..

There is the development of a standard protocol for NVRs, ONVIF Profile G, but there is still a lot of work to be done. The role of NVRs will be crucial as an IoT Hub to reduce system complexity.

IoT and small business applications
Paul Routledge, Sales and Marketing Manager, D-Link UK
Much of the hype surrounding the Internet of Things (IoT) is to do with its impact in the domestic sphere, particularly when it comes to home security which, after energy management, is the market most likely to be disrupted by the spread of IoT technology. That said, there are implications further up the scale for buyers of both corporate and small business security systems, with IoT likely to have an impact on enhanced support for mobile monitoring.

Indirect remote access via on-site management consoles and NVRs has long been available to users of security systems. However, with the advent of IoT it becomes possible to not only connect to these more easily, but also to individual cameras, sensors and other remote security devices. Add local intelligence to those devices – along with email alerting plus custom smartphone and tablet apps – and IoT facilitates a new layer of visibility with huge potential value for business security users.

This is likely to have an impact in the SMB market where users are more likely to be involved and take a hands-on approach to security, but it will also affect larger installations. Even where security is mostly outsourced it is important not to overlook the peace-of-mind value afforded by this kind of direct mobile overview.

The second area where we expect IoT to have a major impact is in the proliferation of cloud-hosted Video Surveillance as a Service (VSaaS) solutions, which will increasingly start to replace local recording. A number of cloud-based VSaaS solutions are available already but the spread of IoT will enable complete security systems to be deployed merely by attaching cameras and other edge devices to the Internet.

We don’t, however, expect rapid change. Whilst IoT will have a fairly immediate impact on home security – indeed, we’re seeing this already – traditionally cautious business buyers will need longer to understand the implications and potential benefits. IP surveillance is a fast-growing business.

Research from IHS suggests the market for IP surveillance is growing at around 19.3 per cent a year and analogue video cameras are already being outsold by the IP equivalents for smaller businesses. However, it will be some time before larger businesses are prepared to embrace IoT, no matter what the hype promises.

IoT and security delivery
Frank Graham, Business Development Manager, Mobotix
The Internet of Things (IoT) is a broad technology category that has gained a lot of interest in the last few years. According to research by Gartner, by 2020 there will be somewhere in the region of 25 billion IoT connected devices. However, other researchers and vendors make widely differing predictions, simply because the growth of certain use-cases is hard to predict.

Growth is predicted to come from a number of areas including automotive, smart cities, manufacturing and related logistics processes. Another area where IoT is likely to have a major impact is in security. The successful transition towards IP as a security platform has proven a major advantage. In addition, sensors have started to switch to short range radio transmission and Wi-Fi standards. A large proportion of security systems are well placed to participate in an IoT ecosystem as internet access replaces dedicated lines to connect remote sites to monitoring centres. This process is further accelerated as propriety signalling protocols are replaced by IP-based options.

Although hyped, IoT has some limitations in a security context. For example, wireless-based transmission can be problematic, while the shared nature of internet bandwidth can make it impractical for large scale video transfer and analysis. In some instances, organisations insist on closed networks for security. The proprietary nature of many systems, and the lack of internet accessibility, could be benefits when it comes to protecting systems from hackers.

Yet there are areas where innovative thinking combined with IoT technology can unlock significant benefits and new security services: for example, linking door entry systems to smartphones to authorise remote entry is an easy-to-implement option. Other areas like in-camera analytics combined with people counting and beaconing technologies can be used for site security and to generate better insights into human behaviour.

The key to unlocking these new use-cases is the deployment of flexible and open security systems that offer interfaces and methods of exchanging data that can be processed by other software applications. For the security industry, this means the adoption of emerging IoT protocols and wireless technologies that allow data from CCTV, alarm systems, access control and analytics systems to be successfully integrated by third party software.

However, with extreme competition across the security sector, few vendors are investing in the R&D needed to unlock the potential.

As other vendors within the security space start to follow this approach and embrace more open platforms, the potential for unlocking new exciting security applications will grow and allow the industry to share in the multi-billion dollar service revenues on offer.

Related Articles