Peace of Mind for Security Applications

Duncan Cooke

Duncan Cooke

Heightened security awareness has meant that, more than ever, it’s now crucial for security applications such as access control, intruder alarms, perimeter protection, fire safety and video management to be fully-operational around the clock. The possibility of unplanned downtime if one of these applications fails, and particularly so when they’re part of an integrated or Physical Security Information Management solution, represents a major threat to organisations now increasingly reliant upon all of their electronic security and building management systems on a 24/7/365 basis. Duncan Cooke airs his detailed views on this hugely important subject.

Having achieved true integration of a diverse range of electronic security systems, regretfully security personnel at high security or in mission-critical environments are still not guaranteed peace of mind. At the risk of stating the obvious, it’s simply not enough to integrate electronic security systems. They all need to be working as close to 100% of the time as possible.

Yet, with IP network-based access control and video surveillance – as well as fire, intruder and perimeter protection solutions – now increasingly reliant on software-based management, even a well-designed and maintained system is vulnerable to downtime because of a simple server fault.

Further, we cannot ignore the threat posed by cyber criminals. The Petya and WannaCry ransomware have both made headline news of late. Sadly, it appears that not a day passes without some organisation being held hostage by encryption-based ransomware.

A matter of compliance

While protection of people, assets and property is of paramount importance, video surveillance and access control are increasingly being used in support of compliance issues so any unplanned downtime of such systems could have a major impact on operational activity.

Indeed, in some cases it may result in a temporary, but nonetheless costly closure of a facility. Government regulations and local licensing laws, for example, will in many countries stipulate that a sporting event with the general public in attendance cannot take place unless the safety officer can certify the venue’s video surveillance system is operational and 100% effective. Understandably, the same rules may be applied to night clubs and other environments where members of the public are likely to gather in large numbers.

Health and Safety compliance is no less an issue within the industrial/production world. Consider the requirements of a food processing plant where the consequences of anyone with an expired hygiene certificate being allowed to work in a food processing plant could be huge. An inspector might insist that all on-site foodstuff is destroyed and all machinery cleaned to avoid the slightest risk of contamination.

A network-based access control, supported by Microsoft’s Active Directory, will provide a powerful tool to ensure compliance by generating reports which list those members of staff who are in need of refresher training or whose hygiene certificate is due to be renewed. However, the system needs to be working effectively 24/7/365.

Available options

The IT industry offers a wide range of options to keep your security software applications running or quickly restore them to full working order. Perhaps the most simple approach to server availability is to have basic back-up, data replication and failover procedures in place, which will help speed up the restoration of an application and assist with data preservation following a server failure.

However, if back-ups are only occurring on a daily basis, there may only be a guarantee of 99% availability, resulting in up to 87.5 hours of unplanned downtime per year.

High availability systems can deliver 99.95%-99.99% uptime. This still represents up to five hours of downtime per year. It’s only continuous availability solutions that are able to deliver 99.999% uptime. That’s the equivalent of just five minutes of downtime per year.

How does continuous availability work?

Supported by specialist continuous availability software, two servers are linked and continuously synchronised via a virtualisation platform that pairs protected virtual machines together to create a single operating environment. If one physical machine should fail, the application or software platform will continue to run on the other physical machine without any interruptions. In-progress alarms and access control events, as well as data in memory and cache, are therefore preserved.

Simply put, continuous availability means that no single point of failure can stop a security software platform from running and, unlike high availability, back-up and failover solutions, there’s no restart or reboot required and, therefore, no downtime.

If a hardware component fails, a continuous availability solution will substitute the healthy component from the second system until the failed component is either repaired or replaced. Most importantly, those manufacturers who specialise in continuous availability are able to offer the option to provide end users with automatic monitoring and diagnosis of their security solutions so that potential problems can be anticipated before they occur.

It’s a solution that’s likely to be popular among installers of electronic security systems who may have limited IT knowledge. As well as being quick and simple to install, no application, software or server modifications are needed to provide continuous availability out-of-the-box. 

Case for virtualisation

The physical security sector is starting to recognise the significance of the Internet of Things. It presents installers and system integrators with opportunities to generate new revenue streams, while at the same time offering end user clients maximum benefit and high RoI by delivering truly integrated solutions.

The emergence of smart buildings has created a need to monitor and control many disparate systems – security, IT, lighting, HVAC and more. Virtualised platforms are really the only cost-effective means of accomplishing all of this, but could mean businesses are opening themselves up to having a single point of failure which may be their downfall. Herein lies a major justification for the deployment of a continuous availability solution.

Worldwide, there are some excellent examples of where continuous availability has made a significant contribution to providing security and operations management with peace of mind, keeping those nightmare scenarios at bay.

McCarran International Airport, the primary commercial airport serving Las Vegas, all-too-often experienced unplanned downtime of its Pegasys 2000 access control and badge tracking system. When the access control system failed, the airport was forced to deploy personnel to monitor every door within the airport’s secure areas and alert the Airport Control Centre of any potential security issues. As well as the additional labour costs incurred, system downtime could also result in Federal Transportation Security Administration (TSA) fines and penalties, potentially including the shutdown of operations and associated revenue losses for the airport and the airlines it serves.

Furthermore, there were also issues with the Vanderlande Baggage Handling System deployed to help with the screening, storage, sorting and transportation of arrival, departure and transfer baggage. These outages required costly human intervention in order to maintain customer service levels, minimise safety risks and ensure compliance with the TSA’s requirements.

Since the deployment of a continuous availability solution, the airport has enjoyed zero unplanned downtime of the two systems. Even when the airport opened a new terminal, increasing its annual capacity to approximately 55 million passengers, the solution played a key role in allowing IT staff to seamlessly scale the physical security and baggage handling systems in order to meet the expanded requirements, while also ensuring continuous availability.

A hydroelectric dam in the Pacific North West region of the US is another good example of a mission-critical security system being supported by a continuous availability solution. In order to meet North American Electric Reliability Corporation Critical Infrastructure Protection compliance rules, the dam required around-the-clock protection. This meant that a continuous availability platform for the security and event management system was crucial.

Working in support of the C•CURE 9000 system, the solution provided has negated the risk of up to $1 million per day in penalties which comes with compliance failure.

Do you need continuous availability?

Your response to the following questions will go a long way towards helping you decide whether an investment in a continuous availability solution is required:

*From what failures does the business need to be protected?

*How much unplanned downtime can the organisation tolerate?

*What skills are you are willing to acquire to manage the solution properly?

Duncan Cooke is Business Development Manager (UK and Europe) at Stratus Technologies

*If your mind is still not made up, download a free copy of the Availability for Dummies (http://go.stratus.com/availability-for-dummies) Handbook. As well as helping you to select the availability option that best matches your needs, the Handbook also describes how the latest computing trends, such as virtualisation and cloud computing, are impacting availability and, indeed, increasing the need for downtime prevention strategies and solutions

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts