This is the sixth article in the award-winning “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress, also published on SecurityInfoWatch.com.
By Ray Bernard, PSP, CHS-III
Article updated in September 2017 because the number of manufacturers with published system/product hardening guidance increased from eight to twelve.
Several security industry companies have asserted that network-friendly meant “works well over a network,” but their concept of “works well” was too shortsighted. It is one thing to work well when three devices are talking on a benchtop network. It’s completely another to work well in a corporate network environment with hundreds or thousands of active devices connected.
All-in-one RWOB
MAXIMIZE YOUR SECURITY OPERATIONS CAPABILITIES
Upgrade your security operations effectiveness through Security Technology Strategic Planning. Provably get more for your company's security technology investment.
★ ★ ★ GET NOTIFIED! ★ ★ ★
SIGN UP to be notified by email the day a new Real Words or Buzzwords? article is posted!
Real Words or Buzzwords?
The Award-Winning Article Series
#1 Proof of the buzzword that killed tech advances in the security industry—but not other industries.
#2 Next Generation (NextGen): A sure way to tell hype from reality.
#3 Customer Centric: Why all security industry companies aren't customer centric.
#4 Best of Breed: What it should mean to companies and their customers.
#5 Open: An openness scale to rate platforms and systems
#6 Network-friendly: It's much more than network connectivity.
#7 Mobile first: Not what it sounds like.
#8 Enterprise Class (Part One): To qualify as Enterprise Class system today is world's beyond what it was yesterday.
#9 Enterprise Class (Part Two): Enterprise Class must be more than just a top-level label.
#10 Enterprise Class (Part Three): Enterprise Class must be 21st century technology.
#11 Intuitive: It’s about time that we had a real-world testable definition for “intuitive”.
#12 State of the Art: A perspective for right-setting our own thinking about technologies.
#13 True Cloud (Part One): Fully evaluating cloud product offerings.
#14 True Cloud (Part Two): Examining the characteristics of 'native-cloud' applications.
#15 True Cloud (Part Three): Due diligence in testing cloud systems.
#16 IP-based, IP-enabled, IP-capable, or IP-connectable?: A perspective for right-setting our own thinking about technologies.
#17 Five Nines: Many people equate high availability with good user experience, yet many more factors are critically important.
#18 Robust: Words like “robust” must be followed by design specifics to be meaningful.
#19 Serverless Computing – Part 1: Why "serverless computing" is critical for some cloud offerings.
#20 Serverless Computing – Part 2: Why full virtualization is the future of cloud computing.
#21 Situational Awareness – Part 1: What products provide situational awareness?
#22 Situational Awareness – Part 2: Why system designs are incomplete without situational awareness?
#23 Situational Awareness – Part 3: How mobile devices change the situational awareness landscape?
#24 Situational Awareness – Part 4: Why situational awareness is a must for security system maintenance and acceptable uptime.
#25 Situational Awareness – Part 5: We are now entering the era of smart buildings and facilities. We must design integrated security systems that are much smarter than those we have designed in the past.
#26 Situational Awareness – Part 6: Developing modern day situational awareness solutions requires moving beyond 20th century thinking.
#27 Situational Awareness – Part 7: Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.
#28 Unicity: Security solutions providers can spur innovation by envisioning how the Unicity concept can extend and strengthen physical access into real-time presence management.
#29 The API Economy: Why The API Economy will have a significant impact on the physical security industry moving forward.
#31 The Built Environment: In the 21st century, “the built environment” means so much more than it did just two decades ago.
#32 Hyper-Converged Infrastructure: Hyper-Converged Infrastructure has been a hot phrase in IT for several years, but do its promises hold true for the physical security industry?
#33 Software-Defined: Cloud-computing technology, with its many software-defined elements, is bringing self-scaling real-time performance capabilities to physical security system technology.
#34 High-Performance: How the right use of "high-performance" can accelerate the adoption of truly high-performing emerging technologies.
#35 Erasure Coding: Why RAID drive arrays don’t work anymore for video storage, and why Erasure Coding does.
#36 Presence Control: Anyone responsible for access control management or smart building experience must understand and apply presence control.
#37 Internet+: The Internet has evolved into much more than the information superhighway it was originally conceived to be.
#38 Digital Twin: Though few in physical security are familiar with the concept, it holds enormous potential for the industry.
#39 Fog Computing: Though commonly misunderstood, the concept of fog computing has become critically important to physical security systems.
#40 Scale - Part 1: Although many security-industry thought leaders have advocated that we should be “learning from IT,” there is still insufficient emphasis on learning about IT practices, especially for large-scale deployments.
#41 Scale - Part 2: Why the industry has yet to fully grasp what the ‘Internet of Things’ means for scaling physical security devices and systems.
#42 Cyberspace - Part 1: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#43 Cyber-Physical Systems - Part 1: We must understand what it means that electronic physical security systems are cyber-physical systems.
#44 Cyberspace - Part 2: Thought to be an outdated term by some, understanding ‘Cyberspace’ and how it differs from ‘Cyber’ is paramount for security practitioners.
#45 Artificial Intelligence, Machine Learning and Deep Learning: Examining the differences in these technologies and their respective benefits for the security industry.
#46 VDI – Virtual Desktop Infrastructure: At first glance, VDI doesn’t seem to have much application to a SOC deployment. But a closer look reveals why it is actually of critical importance.
#47 Hybrid Cloud: The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
#48 Legacy: How you define ‘legacy technology’ may determine whether you get to update or replace critical systems.
#49 H.264 - Part 1: Examining the terms involved in camera stream configuration settings and why they are important.
#50 H.264 - Part 2: A look at the different H.264 video frame types and how they relate to intended uses of video.
#51 H.264 - Part 3: Once seen as just a marketing term, ‘smart codecs’ have revolutionized video compression.
#52 Presence Technologies: The proliferation of IoT sensors and devices, plus the current impacts of the COVID-19 pandemic, have elevated the capabilities and the importance of presence technologies.
#53 Anonymization, Encryption and Governance: The exponential advance of information technologies requires an exponential advance in the application of data protection.
#54 Computer Vision: Why a good understanding of the computer vision concept is important for evaluating today’s security video analytics products.
#55 Exponential Technology Advancement: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#56 IoT and IoT Native: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#57 Cloud Native IoT: A continuing look at what it means to have a 'True Cloud' solution and its impact on today’s physical security technologies.
#58 Bluetooth vs. Bluetooth LE: The next 10 years of security technology will bring more change than in the entire history of the industry to now.
#59 LPWAN - Low-Power Wide Area Networks: Emerging IoT smart sensor devices and systems are finding high-ROI uses for building security and safety.
#60 Edge Computing and the Evolving Internet: Almost 15 billion personal mobile devices and over 22 billion IoT devices operating daily worldwide have shifted the Internet’s “center of gravity” from its core to its edge – with many implications for enterprise physical security deployments
#61 Attack Surface: (Published as a Convergence Q&A Column article)An attack surface is defined as the total number of all possible entry points for unauthorized access into any system.
#62 Autonomous Compute Infrastructure: We’re on the brink of a radical new approach to technology, driven by autonomous operations.
#63 Physical Security Watershed Moment: We have reached a juncture in physical security technology that is making most of our past thinking irrelevant.
#64 Access Chaos: For 50 years we have had to live with physical access control systems that were not manageable at any large scale.
#65 AI and Automatiom: Will engineering talent, business savvy and capital investment from outside the physical security industry bring technology startups that transform reactive security to proactive and preventive security operations?
#66 Interoperability: Over the next five years, the single greatest determinant of the extent to which existing security industry companies will thrive or die is interoperability.
#67 AI Model : One key factor affects the accuracy, speed and computational requirements of AI
#68 Interoperability – Part 2: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#69 Interoperability – Part 3: There are two types of security system interoperability – both of which are important considerations in the design of security systems and the selection of security system products.
#70 Operationalizing AI: AI is not a product, but a broad category of software that enables products and systems to do more than ever before possible. How do we put it to good use?
#71 Shallow IT Adoption – Part 1: It’s not just about being IT compliant, it’s also about leveraging IT capabilities to properly serve the needs and wants of today’s technologically savvy customers.
#72 E-waste – an important security system design issue: Now e-waste is an important design issue not just because of growing e-waste regulations, but because educated designers can save enterprise security system customers a lot of money.
#73 LRPoE - Long Reach Power over Ethernet: A dozen factors have improved the business attractiveness of network cameras, making it more desirable to place cameras further from existing IT closets than the 328 foot limitation of standard Ethernet cable.
#74 NIST Declares Physical Access Control Systems are OT: Does it really mean anything that OT has joined the parade of labels (IT, IoT, and then IIoT) variously getting applied to security systems?
#75 Future Ready: Google sees the term "future-ready" trending up across many subject domains. But does that term apply to the physical security industry and its customers?
#76 Data KLiteracy: AI needs data. Thus, the ability of any department or division in an organization (including security) to use AI effectively depends on its ability to effectively obtain and utilize data – including security.
#77 Security Intelligence (upcoming): AI brings two kinds of intelligence to physical security systems – people bring the third.
More to come about every other week.
The term “network-friendly” started popping up in the physical security industry around 2003, and was in use in the IT domain earlier than that, in recognition of the facts that some applications and systems performed better over a network than others, and some created less of a burden on network resources than other apps and systems.Since the term first appeared in the physical security industry (in the early 2000s), rarely could the sales people of the companies who used the term define it clearly when asked. Without a definition, specifiers and end user customers took it simply as a marketing hype word, primarily because early network-connected devices and systems had or caused mysterious troubles of one kind or another. For example, several brands of network cameras would go offline if a network administrator ran the popular Network Mapper program (commonly called “nmap”) to scan the network. This did not happen with cameras from Axis Communications, but that’s because Axis came from the IT world and had a very thorough understanding of networking.
Several security industry companies have asserted that network-friendly meant “works well over a network”, but their concept of “works well” was too shortsighted. It is one thing to work well when three devices are talking on a benchtop network. It’s completely another to work well in a corporate network environment with hundreds or thousands of active devices connected.
Network Neighborhood
Rodney Thayer, a network researcher at Smithee, Spelvin, Agnew & Plinge, Inc., uses the concept of a “network neighborhood” to provide a context for discussions about what it means to participate in a shared network infrastructure. Of course, how a “good neighbor” is defined is very dependent upon what neighborhood you’re talking about, and that’s the point. It’s also one of the reasons why no formal definition for network-friendly has been established, despite the widespread use of this important term.
What network-friendly means depends on what the network is, and when we use the term “network” in this context, we’re not just talking about the connectivity from one point to another. A residential or industrial neighborhood is more than its streets, intersections, and traffic lights. Similarly, an electronic network neighborhood includes not just network paths and connections—but all the devices connected to the network. It is important to remember that just as residential and business neighborhoods change over time, so do device network neighborhoods. Being network-friendly must also take that aspect of networks into account.
The Importance of Network-Friendly
Renting a home or office in a neighborhood does not automatically make a person a good neighbor. Likewise, the ability for a device to connect to and communicate across an IP network does not make that device a good network neighbor.
This is why members of the World Wide Web Consortium (W3C), an international community that develops standards for the Web and is led by the inventor of the Internet—Tim Berners-Lee, established a community group for Network-Friendly App and WebApp Best Practices. As their home page explains, this group was formed because network-friendliness of mobile applications is a critical issue facing the mobile industry.
Over the past six months, I have had many executives, sales people and developers from over a dozen physical security industry manufacturers proudly tell me that their product development strategy is “mobile first”. Yet the developers I talked to didn’t have a concept for a network-friendly mobile application, and I’m willing to bet that their company’s executives and sales people don’t either.
They should have been aware of, and their developers should have been applying, the 98-page guideline document titled, “Smarter Apps for Smarter Phones”, whose version 4.0 was published by the GSM (Global System for Mobile Communications) Association in 2014. The following three paragraphs are from this guideline’s Introduction. Note that “signaling” is a telecommunications term for messages in a cellular phone network that convey cellular connection management information. The amount or quantity of these messages is the “signaling load”, which is discussed below.
The rapid rise in demand for mobile data has taken key [cellular network] industry stakeholders by surprise, particularly the [cellular] network operators at the forefront of delivering services to customers. A direct consequence of the huge success in the uptake of data services is a greatly increased signaling load at the [cellular] network level independent of the volume of data traffic. End-users and application developers are largely unaware of increased signaling load as this is only visible to [cellular] network operators/service providers. However, increased signaling load impacts smartphone users, who can experience rapid battery drainage, unresponsive user interface, slow network access and non-functional applications.
As use of smartphone applications increases, so does the signaling load on a disproportionate scale. This is caused by a number of factors, but aspiring enthusiasts, (perhaps with a background in developing desktop applications), who are translating their ideas into network-unfriendly apps that can be easily installed on smartphones, are amongst the main culprits.
As a result, [cellular] network operators are facing the challenge of unprecedented signaling load that is out of proportion to the level of data usage.
Did you know that how a mobile app is engineered can impact the battery life of the mobile device? Manufacturers with a “mobile first” strategy should make sure that any client-server and web application developers get education on the full engineering scope of mobile app development, or are supported by development team members who do have such education and experience.
Security Industry’s Key Technology Weakness
As the physical security industry history shows, it has not been good at fully understanding and making best use of information technology advances, and it does a very poor job of adopting information technology practices. The fact that the industry continues to take important IT concepts and turn them into marketing buzzwords (the reason for this article series) is just one aspect of a larger situation.
This is a key weakness of the industry. It threatens to deprive the industry’s customers of the full benefits of advancing technology. It assures that the customer technology experience will not be a smooth one. It handicaps systems integrators, and leaves them rightfully distrustful of new electronic security devices and systems.
One Example: SNMP
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks. When network devices support the SNMP protocol, they can be monitored and managed using network management software such as the SolarWinds products, What’s Up Gold, or OpenNMS. SNMP was initially defined in 1988, and has been updated several times over the years.
The security industry began putting devices on IP networks in the late 1990’s. Every such device should have had support for SNMP. The reason that some cameras would go offline when a network administrator would run Nmap, is that the camera software was programmed only for its own communications protocol, had insufficient error trapping, and thus would malfunction when SNMP messages were received.
The Security Industry Association established its SNMP working group in 2013, about 15 years after it should have been established. This means that for 15 years, security industry manufacturers did not consider SNMP important enough to warrant the establishment of guidance or standards for networked physical security systems and devices—even though they were manufacturing network devices and systems.
One result was that security system integrators could not use standard network tools to manage security system networks. What a disservice! Thus, for a decade and a half, many IT professionals have looked upon electronic security systems and their devices with disdain, much to the disadvantage of integrators and their end user customers.
Fortunately, this physical security industry picture is changing, as is witnessed by the fact that as of September 2017, twelve manufacturers now provide security hardening guides and other cybersecurity advice for the deployment of their products and systems. However, catching up with information technology is a long road and broad road, one that continues to place challenges at the industry’s doorsteps. Right now, IoT devices and systems are bringing another realm of engineering into the security arena. Will it be embraced with full understanding that includes the adoption of the relevant engineering good practices? Time will tell.
What Does Network-Friendly Mean?
Because the term network-friendly has different requirements for different technology contexts, it is not practical to study them all. So, what are integrators, security design consultants and end users to do? A simple and practical approach—when someone asserts that a product or system is network-friendly—is to ask outright, “Exactly what do you mean when you say network-friendly?” Hopefully, before too long, we’ll start hearing some very good answers.
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.