By Dimi Sandu, Head of Solutions Engineering (EMEA)
Planning redundancy when it comes to your security systems is paramount, as any gaps become vulnerabilities, and can be exploited by an attacker. Consider a regular home camera system, used by the owners to keep an eye on the property while away. At any point, an intruder can cut the power, bringing down with it not only the network infrastructure, but also the devices themselves.
This is why most security systems, even the more advanced consumer ones, will have redundancy features (e.g. a home intrusion system with a backup battery and access to the telephone line; once the power is cut, the main unit will remain operational, using an automated call and voicemail to alert the owners of the event).
When it comes to a corporate environment, redundancy becomes even more important, with not only greater financial losses in case of a break-in, but also other legal and brand implications (think of a workplace accident or customer issue that was not recorded).
So how do we think about redundancy? As with everything, we can break it into multiple levels, making sure that if any component fails, it will not affect the overall functionality of the system.
1) Device redundancy
This is probably the simplest to fix but the most commonly overlooked part, with a great number of administrators not aware if their cameras or alarm sensors are currently operational.
From a reactive point of view, always make sure your security systems can send alerts and test them regularly to make sure they are actually working (don’t figure it out after an incident occurred!).
Your IT/facilities team or your maintenance provider must get a spare installed and configured within an agreed SLA (Service Level Agreement), depending on the severity of the fault and the impact the downtime has on your business (e.g. a faulty camera in a hallway might not need fixing right away, as opposed to one facing a busy production line).
From a proactive point of view, make sure that cameras or sensors in critical areas are doubled up, so if one fails there is another one that can cover the space. It is always a good idea to stock at least one spare part and keep it in a location where it can be shipped quickly, without impacting the overall SLA. Your security integrator or vendor can also help with this, depending on your contract (do take into account supply chain issues!).
CCTV cameras also require recording storage, making the NVR a critical component. Regardless if the footage is kept on it or on an external storage system, one must also consider a way to back this up, preferably off site (so major incidents will not wipe out the entire recording). More modern hybrid cloud solutions store on camera, offering native redundancy by eliminating this single point of failure, however, an administrator should always consider an external backup mechanism for devices placed in critical areas.
2) Network redundancy
Modern security systems rely on the LAN (Local Area Network) to communicate and operate. If the LAN has issues, it can impact many things, such as long term recording, live viewing, and alerts. There is only one component that can be a single point of failure (if it fails, the device stops operating), and that is the cable attached to the camera and the switch port that it connects to. As the vast majority of cameras only work with one cable, there is nothing much an administrator can do, except follow the points listed before, and double down on the devices installed in critical areas.
Upstream, the LAN will be composed of a tiered network, composed of switches and routers, which should be set up redundantly (so if one component fails, be it a cable or device, there is another similar device to take over the tasks, in near real time).
There are many ways to achieve LAN redundancy, with various degrees of cost and complexity, from running multiple cables between devices to doubling them up and synchronizing their operation, however, they are beyond the scope of this article and very complex for someone not familiar with the technology. An administrator should always ask their IT team about how they implement redundancy, or how they are planning to do so if this is not yet available.
One common single point of failure is the Internet or ISP (Internet Service Provider) line. If the CCTV or alarm system is not required to be operated remotely (e.g. all the recording and security is done locally), issues with the Internet line will not impact the operations.
However, if the security team is not local, or the backup recording does require Internet access, backing up the ISP line becomes critical. This can be done in a few different ways, such as purchasing an additional redundant ISP connection (I mark this in bold because certain providers resell other 3rd party products, especially in more remote regions, and a failure at upstream points, such as the local exchange, will impact both lines). Luckily, these days, with the improvements of cellular Internet (such as 4G or 5G), one can opt for a cellular backup instead of a wired one.
3) Power redundancy
Alas, all the systems above need power to operate, and without it, everything will stop working. Most commercial buildings should provide redundancy to this aspect, either by purchasing a separate power line or running backup generators. Keep in mind that LAN routers and switches also have power redundancy options, in the form of backup batteries or UPS (Uninterrupted Power Supply) systems, that can be connected to multiple devices at the same time.
To sum up, redundancy is critical for any enterprise security system or home deployment. And, in itself, it represents a balance between cost and performance, something an administrator must weigh carefully, by running a cost benefit analysis of each part of the system.
For more videos on physical security & networking, follow Dimi on his YouTube channel: https://www.youtube.com/c/DimitrieSanduTech