Training: Remote Video Surveillance MonitoringBy: John Honovich, Published on Jul 18, 2010
This report explains and examines the fundamental technical and operational issues in using remote video surveillance. We cover the two primary approaches: (1) watching your own video surveillance remotely or (2) hiring a outside monitoring service to perform monitoring for you.
Remote video surveillance is a core benefit of today's video surveillance systems over classical closed circuit systems. Minimally, remote monitoring can reduce management costs as it provides visual insights into ongoing on-site activities. Additionally, remote monitoring has the potential to improve guard efficiency and reduce the overall cost of performing security. Potentially, remote monitors can watch video from many sites, focus on key events and dispatch responders more efficiently than dedicating operators locally.
However, to achieve these objectives, requiring navigating a number of important technical and operational issues.
These key elements we examine inside include the following:
- Analog vs IP Remote Monitoring
- 'Opening Up' Networks
- Technical Steps (Firewalls & IP Addressing)
- Policy Review
- Who Views Remotely?
- 'Plug N Play' Remote Access Options
- Remote Viewing Software
With those basics in place, we examine the use of 3rd party providers to perform remote monitoring including the following key elements:
- DIY vs Service Provider
- Guard Replacement
- 3rd Party System Interoperability
- Monitoring Service Options
- Use of Video Analytics
The core issues in remotely watching video are basically the same for analog and IP cameras. If you read IP vendor marketing material, it would appear that this is something novel or unique to IP. However, this is, at best, misleading.
At a basic level, connecting your video system to an IP network is needed. However, essentially all analog cameras/systems are connected today to networked enabled DVRs. While you will not make a direct network connection to an analog camera, the DVR acts as a proxy to the broader Internet. The remote viewer connects to the DVR which retrieves and sends the feed originally from the analog camera.
Whether you are connecting to an IP camera, a DVR, an NVR or VMS software loaded on a PC, you face the same fundamental issue of remote viewers retrieving video from the local/on-site video sources.
'Opening Up' Networks
The primary technical challenge in remote video monitoring is that networks are almost universally designed to prevent, by default, access to internal resources. Alternatively put, without configuration changes and/or policy review, it is generally not possible to access a video surveillance system from a remote location.
Some services are set up to be remotely accessible but video surveillance is generally not one of them. For instance, the most common example of a service that is remotely accessible are websites. However, they are generally run in specialized setups such as DMZes or in data centers, designed to allow remote/public access to sites.
Video surveillance is almost always designed to be an internally facing service with the primary goal of allowing on-site personnel such as operations or security managers to access video.
Providing on-site access, therefore, requires 'opening up' the internal video surveillance system for external access.
The first of two key elements in 'opening up' is on the technical side. Networks are generally designed to restrict access from insiders into the internal resources. At its most basic level, this is accomplished by a firewall - a specialized appliance or service - that monitors and filters our requests from outside the network. The general accepted philosophy is to deny everything that is not essential. Indeed, by default, almost everything is blocked except for the most basic services such as email and web browsing.
The second technical issue is enabling the outside world to connect to the IP addresses of video surveillance devices inside the network. In most cases, the addresses of video surveillance systems are not directly accessible by remote users. The challenge comes from the use of private and/or dynamic IP addresses. We reviewed this in great detail in the last two videos of our IP networks training report.
To accommodate these two constraints, organizations often choose among these two options:
- Providing VPN access: Enables a user to connect to a remote network and access resources in the same manner they do when they are physically on-site. This eliminates the firewall and IP issues as actions work as they do locally. This only provides access to specified, trusted users on specific machines.
- Open up general access: Enables any user to connect to the specific service (like a DVR or VMS) from any computer. This is generally done by opening up a port in a firewall, and forwarding IP addresses. With this approach, as long as you know the IP address and have the appropriate viewing software, you can access the system from virtually anywhere.
While accomplishing both of these are common IT practices, it does require some knowledge, time and review to accomplish. For smaller organizations (homes and small businesses), this can be a technical problem as the resources are often not available internally (requiring coordination and execution of a small project). For larger organizations, this is almost never a technical problem as the steps involved are well understood. However, this is regularly a policy problem.
Opening up or providing remote access is something most large organizations review carefully and allow only with careful deliberation. While it may not be technically difficult to open up access, doing so can increase risk and probability of an outside attack. For that reason, many IT organizations would prefer not to grant access. Even if it is provided, it could take weeks or months to pass a required audit.
Who Views Remotely?
A key element in the decision is who wants remote access. You may be familiar with TV shows or movies showing the police remotely accessing a bank, school or store's video surveillance system. However, this is more hope than common occurrence. While it's not technically difficult to allow this, approving ongoing access for the police or outside entities raises both concerns from IT (as to Information Security risks) and for operations (risks of unuathorized monitoring of internal facilities).
Because of this, the most common form of remote access is for an organization's staff to have access on their IT authorized devices (such as laptops) through VPN access.
'Plug N Play' Remote Access Options
Because technical issues can be a barrier for smaller organizations and policy concerns can block larger ones, providers have sought to develop solutions that provide immediate remote access without requiring any on-site technical changes. In this way, a video surveillance system can be installed and accessed immediately without having to change configurations or acquire approval.
This approach, to provide 'plug n play' remote access is a hot recent trend within video surveillance systems. These systems 'phone home' to their provider's central 'cloud' service, identifying themselves and synching up with the central service. This allows users to go to the provider's website and access their video surveillance like they would their email. In general deployments, this approach is still quite rare and is in use by far less than 1% of all video surveillance systems. However, because it eliminates major pain points in using remote video surveillance, we expect this to grow significantly in the next few years. We cover 'plug n play' approaches in-depth in our Managed/Hosted Video Comparison report.
Remote Viewing Software
Regardless of how you setup your network for remote access, you will need some sort of remote viewing software. While it's technically possible to do so through a website (like we describe above with the plug n play offerings), most video surveillance systems are still accessed today through thick clients - applications that must be installed on a PC.
Almost all video surveillance systems are accessed through proprietary monitoring software. You generally need the software from the specific manufacturer to view video managed through that system. If you do not have it, then you are likely not going to see any video. This is a problem for police or other first responders (even if they can get network access).
In addition to the traditional approach, the number of mobile applications have literally exploded since 2009. It is now increasingly common for a video surveillance system to have a remote monitoring mobile application (the most common is an iPhone app). This expands remote access from PCs to mobile phones (again presuming remote network access).
Part 2 - Remote Monitoring Service Providers
Establishing remote access to one's video surveillance system is only part of the solution. The other element is to determine whom will monitor and when the video will be remotely monitored.
DIY vs Service Provider
The most common remote monitoring option is for members of an organization to remotely view their own video surveillance. Common examples of this include line managers remotely monitoring their employees and security managers checking to see if any problems have occured at the facility when they are at home.
The main limitation of 'Do It Yourself' Monitoring is that it depends on the organization having someone available to conduct monitoring. Most commonly, this is done sporadically on in response to an incident. Only large organizations can usually justify dedicating someone to watch video internally.
Many organizations desire monitoring. Today this is most commonly accomplished through the use of security guards/patrols. For instance, over 1 million security guards are estimated to work in the US alone. A common security guard responsibility is to patrol areas, looking to spot any problems.
The effectiveness of security guards is debated. Security guards often receive little respect and the pay tends to be relatively poor (e.g., a common joke among ASIS members is that companies lose security guards when they go to a lunch at a fast food restaurant, the guard takes a job there for more money). Despite this, the security guard market is rather significant - over $10 Billion in the US alone (similar in size to the video surveillance market). Another issue is that many security guards are restricted from intervening in an altercation (the so-called 'observe and report' [link no longer available] approach.
Because of various concerns about security guard's effectiveness (and cost effectiveness), many security managers are open to considering approaches that would reduce the need for guards.
Also, organizations who cannot justify hiring a guard may also benefit from having their facilities monitored by lower cost means. This provides an opportunity for video surveillance systems to provide a low cost substitute.
Monitoring Service Options
When using remote video surveillance, a number of approaches can be considered:
- Continuous: The off-site monitoring service can monitor one's cameras constantly. In this approach, the service replicates 'full' monitoring that an organization could historically do at their own site. This outsources the functionality and may moderately reduce costs but does not offer significantly greater efficiencies.
- Periodic: The off-site monitoring service checks in periodically to view a customer's cameras. This approach is a 'virtual' roving patrol. The service provider can have their staff view each cameras once an hour, every 30 minutes, etc.
- Triggered by Intrusion Alert: Video can be used to visually verify when intrusion or burglar alarms are triggered. This can eliminate false alarms and help responders deploy more acurately.
- Triggered by Analytic Alert: The monitoring service can view surveillance video whenever an alert has been triggered by an on-site analytic system. This can greatly improve efficiency as it can increase probability of finding a valid incident and reduce the need for continuous or periodic monitoring.
- Escorting: Monitoring the movements of specific individuals is often desired. Two primary motivations exist for this: (1) "Peace of Mind" for individuals on-site to ensure that nothing happens to them as they move about (e.g., going to their cars after hours) and (2) Site regulations that require guests to have someone continuously verify that they stay out of restricted areas.
- Quaterbacking: Remote monitoring providers can work with on-site guard staff to provide guidance on where the guards should go. This is most valuable in responding to an incident. The remote monitoring provider can provide a 'God's eye view', helping the guards to respond safely and quickly. Additionally, the remote monitoring provider can make less guards more effective by providing them accurate guidance on activities.
The application we believe has the most impact in changing security monitoring is triggering monitoring by video analytics. Using people to monitor small areas (and only one spot at a time) is inherently ineffecient. Most of the time in most places bad things do not happen. However, since it is not easy to know exactly when, a significant portion of a guard's time will be waiting or watching for the next incident. Video analytics has the potential to reduce this inefficiency by identifying specific events. However, as we examine below, important issues remain.
Technical Setup for Remote Providers
The same fundamental technical issues exist for remote monitoring whether one is doing it themselves or outsourcing to a service provider. As a policy matter, implementation can be somewhat more difficult than for DIY because one must review the security/trust of sharing with a 3rd party.
One way that service providers attempt to simplify the technical issues is to recommend or require the use of their own video surveillance recorder or an approved system. This can reduce the technical complexity and, in some cases, can include a 'plug n play' remote connection that reduces or eliminates changes to provide off-site access.
3rd Party System Interoperability
Nonetheless, for remote service providers to grow, it becomes essential to support 3rd party systems. Most users already have a DVR/NVR/VMS in place and will be reluctant to swap out for a new 'approved' or provided system.
Two challenges exist in supporting 3rd parties: (1) the video surveillance market is incredibly fragmented (with dozens of offerings in any one region and few offerings more than 10% market share) and (2) no standards to integrate with 3rd party recorders. To provide support for more than a small segment of the market, providers will be forced to develop proprietary interfaces to many systems. This can be costly and be blocked or delayed by manufacturers who are not interested or view the remote provider's offering as a competitive threat.
Integrating with 3rd party systems simply enables access of video. It does not open up or provide remote access. Providing remote access is almost always an additional step beyond simply having an interface to a 3rd party recorder.
The same issues exist for integrating with Point of Sales systems in retail and for video analytic systems.
Use of Video Analytics
Finally, while we believe that video analytics can be a major benefit for remote monitoring providers, using analytics in these offerings has two major issues:
- Shortage of analytic systems that provide effective alerting without triggering significant volumes of false alerts. False alerts reduce the efficiency of monitoring providers. Nonetheless, even a moderately accurate system can provide benefits.
- Problems with integrating video analytic systems with on-site recorders/cameras and with the remote monitoring provider. This is not an issue with analytics but reflects the fractured market and the challenges of integrating video analytics with existing systems and then integrating both into the remote monitoring provider's monitoring system.