This week’s Expert Panel revisits a classic question that has been around since the advent of IP video: Should an enterprise’s video system have its own network, or should it share the corporate network? Our panelists' responses reflect new IT trends, technology changes and shifting priorities that are impacting how the question is approached. Rising concerns about cyber-security (such as fears that video might provide a hacker entry into the enterprise system) are one new aspect. New trends like virtualization are also changing the economics of IT systems, while bandwidth demands continue to be an issue. Let’s take a look at our panel’s latest takes on this classic network video system dilemma.
As with many decisions, the answer is often dictated by costs. The question of whether a video system is part of a network or has its own is driven by operational and/or maintenance costs, specifically. At some point in time, the maintenance and human resources expended upon separate networks becomes inefficient. In most cases, it just becomes more operationally efficient to maintain one network and to centralize the network.
On the face of it, far fewer vulnerabilities are present if the video system stands alone, because (il)legitimate users of the corporate network will not have a readymade connection through which they could cause trouble. However, if we consider that our vulnerabilities might be data loss and corruption, unauthorized viewing, denial of service, etc, then a standalone system is not immune. Any of its network points might be misappropriated for hacking; such as camera, PC workstation, Wi-Fi, etc. How many standalone systems enjoy their own robust intrusion detection, logging, network management, fail-over servers, etc.? Not many. Corporate networks will likely have the critical mass and importance to warrant protection measures to this extent. Finally, if access to the video system via the Internet is requested by users then particularly robust and well-managed measures are vital. So being part of the corporate network can have its benefit accordingly.
My interpretation of the question is that it's not simply about using the same network infrastructure (that is, switches, routers, etc.) for IT and video security, but more broadly, using the complete IT infrastructure including storage and virtualization, for example. With that said, there are both pros and cons. The pros include: cost optimization and using shared resources, such as network components, storage and servers; virtualization, used by some of the most sophisticated IT infrastructures to optimize performance and further reduce cost; better IT security; and better infrastructure management (by IT departments). However, video is bandwidth and storage intensive, so the IT infrastructure would need to be designed to handle it. Further, a lot of IP cameras/NVRs are not very secure and may pose a risk to the general IT network. Finally, security departments as a cost center might not be recognized as a high priority by IT departments.
Video should be a part of the corporate network as soon as it is installed. The exception [when a separate system might be appropriate] would be the very small retail or residential application where cost or ease of installation is paramount.
It can be combined any time IT and security feel it is good time to do it. If video is thrown in the cabling network with IT's typical network traffic, then naturally the network switches can prioritize and reserve network bandwidth capacity for mission-critical video and the run-of-the-mill IT traffic. IT and security can assign a high priority to video traffic to guarantee its timely delivery and situational awareness. That is all fine as long as the network is up to the task of handling bursts of computer data traffic combined with steady state 24/7/365 streaming video traffic. I prefer the separating of different types of data traffic on a network. It is a good way to optimize overall network traffic flows and quality of service (QoS), video delivery, to increase overall network security and control.
Video systems should be a separate network when the bandwidth usage and numbers of the camera count grow. If the cameras are on a smaller scale and the IT department can handle the bandwidth, then it can be on the corporate network. But if it’s larger, then it should be separate network. An independent network is always safer than a full network as there are fewer chances for a security breach.