Cisco Systems on Convergence, Location Awareness and Pelco

| 0 Comments | 0 TrackBacks
The Network-Driven Approach to Security Convergence

Security Squared's Sharon J. Watson caught up with Steve Collen, director,Steve-Collen.jpg business development (pictured), for Cisco Systems, Inc.'s Physical Security Business Unit at the ASIS International Show late last month in Anaheim. Just the day before we spoke, Cisco and Pelco had announced their strategic partnership in the video space. We asked about that as well as about Cisco's vision and strategy for physical/logical convergence.

What follows is a transcription of our conversation on the show floor, edited for clarity.

*****

Steve Collen: Basically our vision is that we start off by using the network as a platform and on top of that platform we are trying to deploy lots of interlinked applications. From my particular perspective, those are physical security applications. So my ideal customer is basically someone who has deployed a Cisco routing and switching infrastructure, they've already deployed a Cisco voice system, they've already got Cisco network security, courtesy of Fred Kost and his team, and basically the physical security stuff is just another application they are able to overlay on that.

An example is a video surveillance system. They've already got the network running, now they need to put video on it, they're going to put in loads of Cisco IP cameras. Now to your point here, for that to work, we have to have an identity and policy component in place. If I am the user of that application, you have to know who I am. If it's cameras, you have to give me the ability to access certain of those cameras at certain times of day. So the identity component is definitely fundamentally important to us.

That's basically our vision. Today we have three basic applications of the vision that run across the network. One is video surveillance. The other is physical access control, so literally the door systems that allow you in or out of the building. The third thing is something that we call IPICS [IP Interoperability and Collaboration System], which is a notification system. So if there is an event, IPICS means you can route information about that event to your cell phone, to an IP phone, to a UHF radio.

Outside of that core of three systems, for us to actually deliver our vision means we have to go out and have a lot of technology partners.
Just to give you an idea, a really good idea of a technology partner for us would be a PSIM vendor, so a VidSys or an Orsus or a Proximex. Another good example would be a camera vendor. Another would be a mass notification system. Underlying all of that is the desire to move toward open standards wherever we can in this industry. So our vision really only works if everything can talk to each other, using IP as the interchange mechanism.

We have lots of discussions about how logical security and physical security tie together, and it's definitely our intent to do that. There are not a lot of products in the industry today that support that capability. But it really plays to our strengths if we can deliver, for example, if our access control, once you're in the building, can activate your wireless laptop connection. We know you're in the building--that's the physical security side--we can then activate a logical security policy component on top of that.

So we can do bits and pieces of that today. We want to deliver a lot more. I'm not really aware of anyone else who is aggressively pursuing that vision today in the marketplace.

SJW: What about a company like Johnson Controls, which also has a broad ecosystem of partners, though not necessarily in the networking space? I see Cisco has a relationship with them.

SC: They're an interesting partner. Part of our vision is to deploy connected buildings and building management systems, so Johnson Controls' capabilities as an integrator in that space are really interesting to us. They're basically a strategic alliance partner with Cisco. That means there are lots of relationships dotted all across Cisco with physical security partners.

SJW: Why Pelco? They don't strike me as the most open of companies.

SC: There's the old Pelco, and there's the new Pelco. They've been aggressively adding resources to their IP programs, specifically to their IP camera programs, and interestingly, when we looked at the technology in the marketplace, they had a more advanced offering than anyone else. So they are serious about the market they are moving into very quickly.

We had lots and lots of discussions with them leading up to our announcement about the brand connotation, that is, what would co-branded products mean to the customer and the channels. Was that a good thing, was it a bad thing. We had lots of discussions about potential channel conflict. On balance, [they have an] ability to deliver really good products and to help us in those conversations where there is a traditional buyer as well as an IT buyer. Both sides will sometimes face resistance as far as that's concerned. Maybe the phy-sec team needs a bit of pushing toward Cisco, the IT team needs a bit of convincing that Pelco is a good partner.

So there were a lot of discussions leading up to the announcement yesterday. Now we just have to deliver.

SJW: What do you mean by Pelco having the "most advanced" offering?

SC: We had a number of technical criteria on the camera side we needed any partner to meet. Without boring you with the details, there were five or six variables that, if we were going to partner with anybody, they had to do these things. Actually Pelco was the only company--and we compared a lot--that could meet these criteria. That was an interesting and pleasant surprise. Pelco has relationships with other parts of Cisco, and we had to be very cautious about working with them because of these factors that I've mentioned, even though these other areas of Cisco are already teamed up with them. So it was good to get a product that was basically cutting edge. So far, they've been great to work with, very proactive in the relationship.

I also really like the fact on the camera side of things--you know, they have like, a thousand years of experience in cameras--they are able to show us valuable lessons in terms of what a camera should do, such as capabilities in a challenging environment.  I'll give you a trivial example: If you put a camera out in the heat of day, it's 40 [C], and then it's night and it's 10 degrees [C], the expansion of the components in the camera will cause the focus to shift during that period of time. So they have auto-focusing abilities in their products to offset that heat differential. That's the kind of value and experience that they bring to the relationship with us, which is really good.

SJW: Tell me about the size of the customer you're going after with that relationship. When you talk about an ideal customer with all that Cisco infrastructure deployed, my perception is that's a bigger company.

SC: Our products are exclusively focused on enterprise accounts, which are the larger accounts for Cisco. We have additional product sets from other parts of the company that go out to the lower end of the market but for us it's really the enterprise. So a typical customer for us might be a K through 12 school district, maybe 25 schools, or it might be a university or it might be a casino. Broadly speaking, it's got to be someone big, with significant purchasing power and an IT department that's into Cisco. A typical surveillance deal for us would be worth between $200,000 and $1 million. It could be significantly larger, but that would be a good spread.

We've done various database exercises where we've said, okay, we'll pull up our Cisco routing and switching customers. We'll then say, how many of those have network security; of those, how many have IP telephony; and of those, how many have deployed Cisco wireless services. Generally, once we've gotten to that point, we know they'll buy anything with "Cisco" on the box.

So then we say, 'hey, we've got this great video surveillance system for you.' So far, that has worked out well. Pelco will help us in those scenarios where there is also a physical security team that's saying, where are we going to deploy this on the network, this is going to be our system, Mr. IT department, how do we work together to make that go smoothly?

SJW: One thing I wanted to come back to: You said there were bits and pieces available to tie together physical and logical identities. I think I've talked to people who can do a pretty good job of that. For example, PlaSec is here with an appliance that talks to the door over there and to the enterprise directory there.

SC: That bit is there. We do that, and there are other companies that do that. It's really when you need the identity component as the building block...for example, I need to know where in a particular building you are at any point of the day. If I know you are physically in the data center, I'll give you access to three applications. If you're in the building but not in the data center, I only want to give you access to one application. So it's linking identity to and bringing this location awareness into play. That's just one example.

Yes, you need the identity piece in place and you need the linkage, but there are many more possibilities. Location is a good one. So do they need to integrate with an LDAP? Yes, but you need more than that.

SJW: The location awareness needs to come more from the network elements?

SC: Yes. There are different ways of doing location awareness. Those range from RFID tag integration to an awareness of where your wireless on your laptop is broadcasting from, so there are different ways of solving the problem. But basically you couple the identity with the location awareness and then execute a policy based on that. It's multifaceted...It's possible there are companies out there doing all that I haven't seen. Definitely it's a good space to be moving into.  

SJW: So even if you know the IP address of a camera on the network, you still need the camera integrated with a network element before you could train it on someone in the data center?

SC: That takes you to the next level. We know that you're in the building, we know somehow where you are. An example of policy is if you are there, we will train an IP camera on you. For that to happen, you need to know where the camera is in relation to that specific individual. That's a good example of policy being applied on the knowledge of where both of the endpoints are.

There are different ways to know where a camera is. All of our cameras have GPS coordinates worked into them; that's one way. Another way is to do integrated mapping, where you have a map of the person's location, a map of where the camera is and you correlate the two.

SJW: I'm still trying to get my head around the location possibilities.

SC: There's actually a lot of stuff to get your head around because you're building these systems to have multi-elements from lots and lots of different vendors. Like that thing we were just talking about, you've got cameras and you've got doors, your RFID tag might be integrated in your badge. There's probably a PSIM component in there as well to apply the policy, there's your LDAP database that's in there, we're probably applying some degree of firewalling to allow your network activity based on where you are.

That's why system integrators are so important in this marketplace. When you think about all of those elements, who is going to actually deploy them? It's got to be somebody who knows all of those different things. One of the negating factors we've seen in the marketplace is the number of system integrators who have extensive IT, network security and physical security skills. There aren't that many of those guys out there. That's an interesting dynamic.
 
# # #

The Network-Driven Approach to Security Convergence

Security Squared's Sharon J. Watson caught up with Steve Collen, director,Steve-Collen.jpg business development (pictured), for Cisco Systems, Inc.'s Physical Security Business Unit at the ASIS International Show late last month in Anaheim. Just the day before we spoke, Cisco and Pelco had announced their strategic partnership in the video space. We asked about that as well as about Cisco's vision and strategy for physical/logical convergence.

What follows is a transcription of our conversation on the show floor, edited for clarity.

*****

Steve Collen: Basically our vision is that we start off by using the network as a platform and on top of that platform we are trying to deploy lots of interlinked applications. From my particular perspective, those are physical security applications. So my ideal customer is basically someone who has deployed a Cisco routing and switching infrastructure, they've already deployed a Cisco voice system, they've already got Cisco network security, courtesy of Fred Kost and his team, and basically the physical security stuff is just another application they are able to overlay on that.

An example is a video surveillance system. They've already got the network running, now they need to put video on it, they're going to put in loads of Cisco IP cameras. Now to your point here, for that to work, we have to have an identity and policy component in place. If I am the user of that application, you have to know who I am. If it's cameras, you have to give me the ability to access certain of those cameras at certain times of day. So the identity component is definitely fundamentally important to us.

That's basically our vision. Today we have three basic applications of the vision that run across the network. One is video surveillance. The other is physical access control, so literally the door systems that allow you in or out of the building. The third thing is something that we call IPICS [IP Interoperability and Collaboration System], which is a notification system. So if there is an event, IPICS means you can route information about that event to your cell phone, to an IP phone, to a UHF radio.

Outside of that core of three systems, for us to actually deliver our vision means we have to go out and have a lot of technology partners.
Just to give you an idea, a really good idea of a technology partner for us would be a PSIM vendor, so a VidSys or an Orsus or a Proximex. Another good example would be a camera vendor. Another would be a mass notification system. Underlying all of that is the desire to move toward open standards wherever we can in this industry. So our vision really only works if everything can talk to each other, using IP as the interchange mechanism.

We have lots of discussions about how logical security and physical security tie together, and it's definitely our intent to do that. There are not a lot of products in the industry today that support that capability. But it really plays to our strengths if we can deliver, for example, if our access control, once you're in the building, can activate your wireless laptop connection. We know you're in the building--that's the physical security side--we can then activate a logical security policy component on top of that.

So we can do bits and pieces of that today. We want to deliver a lot more. I'm not really aware of anyone else who is aggressively pursuing that vision today in the marketplace.

SJW: What about a company like Johnson Controls, which also has a broad ecosystem of partners, though not necessarily in the networking space? I see Cisco has a relationship with them.

SC: They're an interesting partner. Part of our vision is to deploy connected buildings and building management systems, so Johnson Controls' capabilities as an integrator in that space are really interesting to us. They're basically a strategic alliance partner with Cisco. That means there are lots of relationships dotted all across Cisco with physical security partners.

SJW: Why Pelco? They don't strike me as the most open of companies.

SC: There's the old Pelco, and there's the new Pelco. They've been aggressively adding resources to their IP programs, specifically to their IP camera programs, and interestingly, when we looked at the technology in the marketplace, they had a more advanced offering than anyone else. So they are serious about the market they are moving into very quickly.

We had lots and lots of discussions with them leading up to our announcement about the brand connotation, that is, what would co-branded products mean to the customer and the channels. Was that a good thing, was it a bad thing. We had lots of discussions about potential channel conflict. On balance, [they have an] ability to deliver really good products and to help us in those conversations where there is a traditional buyer as well as an IT buyer. Both sides will sometimes face resistance as far as that's concerned. Maybe the phy-sec team needs a bit of pushing toward Cisco, the IT team needs a bit of convincing that Pelco is a good partner.

So there were a lot of discussions leading up to the announcement yesterday. Now we just have to deliver.

SJW: What do you mean by Pelco having the "most advanced" offering?

SC: We had a number of technical criteria on the camera side we needed any partner to meet. Without boring you with the details, there were five or six variables that, if we were going to partner with anybody, they had to do these things. Actually Pelco was the only company--and we compared a lot--that could meet these criteria. That was an interesting and pleasant surprise. Pelco has relationships with other parts of Cisco, and we had to be very cautious about working with them because of these factors that I've mentioned, even though these other areas of Cisco are already teamed up with them. So it was good to get a product that was basically cutting edge. So far, they've been great to work with, very proactive in the relationship.

I also really like the fact on the camera side of things--you know, they have like, a thousand years of experience in cameras--they are able to show us valuable lessons in terms of what a camera should do, such as capabilities in a challenging environment.  I'll give you a trivial example: If you put a camera out in the heat of day, it's 40 [C], and then it's night and it's 10 degrees [C], the expansion of the components in the camera will cause the focus to shift during that period of time. So they have auto-focusing abilities in their products to offset that heat differential. That's the kind of value and experience that they bring to the relationship with us, which is really good.

SJW: Tell me about the size of the customer you're going after with that relationship. When you talk about an ideal customer with all that Cisco infrastructure deployed, my perception is that's a bigger company.

SC: Our products are exclusively focused on enterprise accounts, which are the larger accounts for Cisco. We have additional product sets from other parts of the company that go out to the lower end of the market but for us it's really the enterprise. So a typical customer for us might be a K through 12 school district, maybe 25 schools, or it might be a university or it might be a casino. Broadly speaking, it's got to be someone big, with significant purchasing power and an IT department that's into Cisco. A typical surveillance deal for us would be worth between $200,000 and $1 million. It could be significantly larger, but that would be a good spread.

We've done various database exercises where we've said, okay, we'll pull up our Cisco routing and switching customers. We'll then say, how many of those have network security; of those, how many have IP telephony; and of those, how many have deployed Cisco wireless services. Generally, once we've gotten to that point, we know they'll buy anything with "Cisco" on the box.

So then we say, 'hey, we've got this great video surveillance system for you.' So far, that has worked out well. Pelco will help us in those scenarios where there is also a physical security team that's saying, where are we going to deploy this on the network, this is going to be our system, Mr. IT department, how do we work together to make that go smoothly?

SJW: One thing I wanted to come back to: You said there were bits and pieces available to tie together physical and logical identities. I think I've talked to people who can do a pretty good job of that. For example, PlaSec is here with an appliance that talks to the door over there and to the enterprise directory there.

SC: That bit is there. We do that, and there are other companies that do that. It's really when you need the identity component as the building block...for example, I need to know where in a particular building you are at any point of the day. If I know you are physically in the data center, I'll give you access to three applications. If you're in the building but not in the data center, I only want to give you access to one application. So it's linking identity to and bringing this location awareness into play. That's just one example.

Yes, you need the identity piece in place and you need the linkage, but there are many more possibilities. Location is a good one. So do they need to integrate with an LDAP? Yes, but you need more than that.

SJW: The location awareness needs to come more from the network elements?

SC: Yes. There are different ways of doing location awareness. Those range from RFID tag integration to an awareness of where your wireless on your laptop is broadcasting from, so there are different ways of solving the problem. But basically you couple the identity with the location awareness and then execute a policy based on that. It's multifaceted...It's possible there are companies out there doing all that I haven't seen. Definitely it's a good space to be moving into.  

SJW: So even if you know the IP address of a camera on the network, you still need the camera integrated with a network element before you could train it on someone in the data center?

SC: That takes you to the next level. We know that you're in the building, we know somehow where you are. An example of policy is if you are there, we will train an IP camera on you. For that to happen, you need to know where the camera is in relation to that specific individual. That's a good example of policy being applied on the knowledge of where both of the endpoints are.

There are different ways to know where a camera is. All of our cameras have GPS coordinates worked into them; that's one way. Another way is to do integrated mapping, where you have a map of the person's location, a map of where the camera is and you correlate the two.

SJW: I'm still trying to get my head around the location possibilities.

SC: There's actually a lot of stuff to get your head around because you're building these systems to have multi-elements from lots and lots of different vendors. Like that thing we were just talking about, you've got cameras and you've got doors, your RFID tag might be integrated in your badge. There's probably a PSIM component in there as well to apply the policy, there's your LDAP database that's in there, we're probably applying some degree of firewalling to allow your network activity based on where you are.

That's why system integrators are so important in this marketplace. When you think about all of those elements, who is going to actually deploy them? It's got to be somebody who knows all of those different things. One of the negating factors we've seen in the marketplace is the number of system integrators who have extensive IT, network security and physical security skills. There aren't that many of those guys out there. That's an interesting dynamic.
 
# # #

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/122

Leave a comment