I have always been fascinated with Architecture, in fact, I seriously considered making it my career. On a recent trip to Italy, I visited the Pantheon. The Pantheon is one of Rome’s best preserved ancient monuments and a testament to their architectural skill and engineering. Emperor Hadrian built the Roman temple in 126 AD.
This building has lasted for almost 2000 years, and it is a remarkable example of Roman architecture. It reflects their commitment to excellence in design disciplines, infrastructure, and the process of construction. It is also one of the most remarkable examples of the use of concrete. It contains a self-supporting roof that has a diameter of 43 meters (142 ft.).
IT systems architecture has historically not been developed with the same level of discipline, and as a result, we have security leaks in most systems that demand continuous patching and maintenance.
Criminals are no longer just thugs that wait in alleyways for unsuspecting people to come by. They now include extensive cybercrime networks that span the globe and spend vast amounts of time and money looking for how to exploit any weakness in an IT system architecture. In fact, a new Ransom as a service offering has just come on the market. This advancement in Cybercrime has further reinforced why Security Management has become the top issue facing the IT industry today. One new study estimates that cybercriminal revenues hit $1.5 TRILLION annually.
To address this reality, the architecture of a Virtual Concierge system must be developed with great discipline. A virtual concierge security system’s goal is to make residents feel secure to and sleep better at night. A crucial component of achieving this goal is to ensure the system itself cannot be hacked or compromised.
A Virtual Concierge solution is built on three fundamental architecture components. They are:
The functions that this system must support drive the decisions of the components of the architecture. My last blog covers examples of Virtual Concierge functions. In this blog, we will discuss a basic Virtual Concierge security system architecture. More advanced IoT solutions such as audio response, scene recognition, facial recognition, and gunshot detection features can be added to this architecture but are not be covered in this blog.
Fig 1. Virtual Concierge Technical Architecture outlines the critical components of the overall architecture.
The software stack consists of four categories of functions. They are:
The software stack consists of several software products, some of these are embedded in infrastructure devices such as Card Key readers, Card Key controllers, a Video Recorder appliance others are resident on servers located in the cloud.
The main software components are:
The physical infrastructure of Door control consists of the following items at each door:
Card Key Controllers
The door lock modules are integrated into Card Key controllers in each building which facilitate the movement of data from the LAN to the door lock module components.
Each building’s main doors are monitored by a video camera. All video camera data for the complex is stored on the Video Recorder appliance. The Video Recorder appliance is connected to the Entry Controller software. Security may need to be able to remotely open any door based on visual authentication. The video monitoring system must be able to provide immediate real-time access to every camera.
Video capture is critical to ensure that all at-risk locations are monitored well. This includes hallways, outside door entries, and parking lots. However video monitoring is expensive and determining the right number of cameras to deploy takes time, and it is recommended that in addition to the camera locations mentioned above that you review where security incidents have happened before, and ensure these areas are well covered.
Visual recognition and scene recognition software is the next component to be considered for this system. This software is centrally located and provides a control center the ability to see issues faster than an agent can see them. Scene recognition technology raises a flag when something unusual is occurring. Facial recognition software is also available to provide more in-depth protection.
Gateway application, Entry Controller application, and Print Servers
These applications run on dedicated servers and provide centralized data management functions.
Security is a critical component to the architecture, and are several crucial security areas that need to be considered in your Technical architecture.
Card Key scanner
Security starts at the Card Key reader. Old Card Key readers only read the cards and did not encrypt the data. As a result, they can be easily compromised using BLEKey technology. To address this issue, your Card Key readers must have an encryption strategy.
Centrally Managed Distributed Smart Firewall
The data from the card keys are consolidated and presented through the firewall. The Smart firewall ensures that there is no unauthorized access to the LAN from the outside and also provides that no unauthorized access to the central control system happens as a result of one of the Card Keys readers or the local area network being compromised. The Centrally Managed Distributed Smart Firewall monitors all data and identifies transactions that are not what is expected from a Card Key Controller and shuts it down if detected.
The entire Card Key controller and video monitoring LAN must be on their own Virtual LAN and designed to be separate from any other LANs in the complex.
Security systems have failed in the past because they were placed on local servers and backup and patch management disciplines were not consistently implemented. Also, physical access to these servers was often limited to just a locked closet. Both of these weaknesses must be addressed, and it is recommended that all servers be located in a class four data center that with professional managed services will ensure that all the servers, storage, and network technologies are well maintained, kept up to date, and the data is consistently backed up.
A robust technical architecture is mandatory to demonstrate to residents that security is much more than Card key management. It’s a commitment to excellence regarding all your resident’s safety and data.
Bill Dupley is the Digital Strategist for FoxNet Solutions. Formerly the Cloud Chief Technologist for Hewlett-Packard Enterprise Canada, Bill has provided Hybrid IT and IoT Strategic Planning advisory and planning services to over fifty Private and Public sector clients to help them migrate to a Hybrid IT Cloud Operating model. These transformation plans have helped both government and industry reduce the cost of IT, re-engineer their IT governance models, and reduce the overall complexity of IT. Bill is also a member of the Open Alliance for Cloud Adoption Team and has co-authored several documents on Cloud Maturity and Hybrid IT implementation.