Information. Insight. Influence.

Twitter Blog YouTube Linked In SIA is proud to sponsor
the ISC Expos and
Feb 28
Examining Video Surveillance Total Cost of Ownership
DeanDrako.jpgHow do you calculate the total cost of ownership (TCO) for video surveillance, and why is it important to communicate to your customers?

Join Dean Drako, President and CEO of Eagle Eye Networks, at ISC West, April 6, 2017, from 10-11 a.m. for a discussion on video surveillance TCO, including the framework and core financial factors to consider when determining TCO for a video surveillance system.

Register here for ISC West! Choose this and other education sessions at

SIA: Does TCO for video surveillance differ by sector, or size and type of an enterprise?

Dean Drako: Yes. TCO for video surveillance analysis varies by size of enterprise. A small business customer has a very different set of costs and ways of estimating those costs than an enterprise. The enterprise will typically be more sophisticated and complete. For example, an enterprise might have a fixed cost for Gigabyte of monthly storage that the physical security organization is internally charged. It is very unlikely that a small business has such a charging structure. It's very unlikely that the small business has accurate internal measurement of its cost per gigabyte of monthly storage.

TCO for video surveillance analysis also varies based on sector due to benefits and requirements of the industry. For example, a multi-site franchise owner has costs associated with maintaining equipment at a every location, but he also get additional benefits from centralize management when using a cloud system — both of these factors need to be included in a proper TCO Analysis. Some industries have requirements for offsite video storage or video retention — meeting these requirements needs to be included in the TCO calculation whether they use a cloud solution or not. Someone with very remote locations needs to include travel to and from the location as part of their TCO analysis. There are many factors that are industry specific which influence the TCO.

SIA: What are some of the core financial factors to consider when determining TCO?

Dean Drako: To accurately consider TCO the initial expenditures costs for hardware, software, design and installation must be determined. Then the ongoing costs including operational, maintenance, and replacement costs over the time period must be added to this initial expenditure. It's key to incorporate all the costs associated in order to get true TCO Analysis. It's pretty easy to look at the initial costs of purchasing the software, the hardware, and the installation. What is often not considered in the analysis of the initial expenditures is the design time from staff, the initial setup and installation of computer equipment by the IT team, the time needed to cybersecure the initial installation, the security configurations needed (firewalls), Antivirus software, and the physical space needed. What is often not considered in the ongoing costs, but must be included to do a proper analysis are items such as 1) Electricity, 2) network bandwidth for remote access, 3) IT time to maintain the OS on computers (both servers and clients), 4) IT Time for video software upgrades, 5) computer backups, 6) Cybersecurity reviews and checks, 7) camera maintenance and replacement, 8) disk drive replacements (5% fail per year), 9) on-going training costs, 10) video retrieval costs for third parties, 11) Indirect labor costs, 12) travel time to perform maintenance, 13) travel time to restart cameras, 14) management time, and 15) alerting systems for monitoring the systems operation.

SIA: Why does TCO vary when video surveillance requirements change?

Dean Drako: TCO will go up when more cameras are needed, more retention is needed or when more features or functions are needed. For a cloud-based solution TCO will go down when fewer cameras are needed, less retention is required, or sites are closed. TCO will not go down as much in a traditional on premise solution because the hardware has already been purchased and you typically can’t return it. The real issue is the waste created when requirements are changed with a traditional on-premise solutions. When video systems are purchased and installed they are designed to meet the current requirements. When the requirements are changed, new equipment needs to be purchased, and some of the old equipment may have to be discarded.  This creates inefficiency, which can greatly increase the TCO. Obviously, with a true cloud solution, where you pay for what you use monthly, the customer can vary requirements and only pay for what he uses. There is no inefficiency in this case. 

SIA: What’s the number one takeaway that attendees of this session will have?

Dean Drako: Attendees of this session will depart with a better understanding of the TCO of a video surveillance system and how a TCO can be calculated for different customers. We will cover all the factors that need to be included. This TCO analysis training will provide a powerful sales tool for attendees to assist the customer in analyzing their true TCO, all the benefits, and thereby helping to close sales.
Feb 27
Security Tech and Critical Infrastructure Protection

Security Industry Association Director of Industry Relations Ron Hawkins recently delivered a presentation on critical infrastructure protection at the Energy, Utility & Environment Conference. Here is a condensed version of his remarks.

The risks and security challenges that utilities must manage have increased substantially in recent years. Electricity, obviously, has always been part of the national critical infrastructure, but as threats have evolved, the grid has become more of a target. National Security Agency Director Adm. Mike Rogers said last year, "It is only a matter of the when, not the if, we're going to see a nation-state, group, or actor engage in destructive behavior against critical infrastructure in the United States."

The threat has been most clearly seen in Ukraine, where Russian hackers launched multiple attacks against that country's electric grid that plunged portions of the nation, including the capital of Kiev, into darkness.

But it is not just a cyber-issue.

In 2013, gunmen took out 17 transformers at the Metcalf Transmission Substation near San Jose, Calif. in what appeared to be a professional job. Then-FERC Chairman Jon Wellinghoff described it as "the most significant incident of domestic terrorism involving the grid that has ever occurred." And last year, The Wall Street Journal reported on "dozens of break-ins … that show how, despite federal orders to secure the power grid, tens of thousands of substations are still vulnerable to saboteurs."

So, utilities, like other facilities, are fighting a two-front war, and weaknesses in either one can create vulnerabilities in the other. Insufficient physical protections can allow on-site access to computer systems, and inadequate cybersecurity can be exploited to manipulate networked physical defenses.

I would like to discuss four key aspects of security technology and how they relate to critical infrastructure protection—robotics; cloud, mobility and the Internet of Things; big data; and cybersecurity.

Security work can be tedious, and no person can maintain constant awareness for an entire shift. But a machine does not get tired or distracted or bored. So, we are now starting to see robots doing patrol duty, especially when the work is, as one member of the security industry put it, "dull, dirty or dangerous." They are intelligence-gathering devices that can collect and relay sights and sounds, rapidly read and process license plates, and even test the air for dangerous chemicals, all while adding a new level of deterrence.

Robotics can be deployed both on the ground and in the air, and unmanned aerial vehicle (UAV) technology, in particular, holds both promise and risk for critical infrastructure sites. On the positive side, drones can be equipped with cameras and sensors and used by security teams. The drone regulations announced by the FAA last year, though, are strict, limiting their use to line-of-sight, under 400 feet, during the day and not over people. These rules will likely evolve—waivers are already possible—and the standard use of automated drones beyond line-of-sight should be not too many years away.

But technology, of course, can be used for either good or bad. Many people in the energy sector have serious concerns about people flying drones over their sites, whether simply to see what is going on, to gain business intelligence or for more nefarious purposes. And countermeasures remain challenging. Geofencing can be defeated, and jamming a drone, using GPS spoofing, or shooting it down will probably result in legal ramifications. About the only thing that can be done, at this point, is to gather as much information as possible and try to locate the operator.

Those robots and drones will be connected to the Internet, and with more and more cameras, card readers, alarms and other equipment going online, security has become a component of the Internet of Things. As with drone technology, this can be very good, with Internet connections enabling such things as mobility and cloud storage.

Mobility makes data available anywhere, not just in a security operations center. This can improve the response times and effectiveness of security personnel. The cloud, meanwhile, in addition to providing a secure storage solution, allows facilities and enterprises to increase efficiency through building automation and to implement security-as-a-service.

With all of these devices tied into the Internet of Things and generating vast amounts of information, what, exactly, can be done with it? Big Data, when handled correctly, enables such things as video analytics and predictive analysis. Both technologies are still in their relatively early stages. But while they're not yet at the point that is depicted in some moves and TV shows, they can be, like other security technologies, a force multiplier. Even simple analytics like line-crossing, are useful tools, and predictive analysis has the potential to connect disparate pieces of data to identify possible vulnerabilities and threats—especially insider threats.

However, just as drone technology can both create and solve security challenges, so, too, can the networking of security equipment. With everything online, a security system, if it is not deployed correctly, can be vulnerable to anybody with an Internet connection.

It is essential, then, that physical security and cybersecurity be brought together. U.S. Cyber Consequences Unit Director Scott Borg said, "As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organizational level."

Without this collaboration, somebody, whether onsite or far away, might turn out the lights.

1 - 2Next