Cyber Security Essentials: Why you should care about your network architecture

When you build a house, you don’t start by getting the contractors to build and finish one room, then get someone else to build the next. You might later find that windows are in the wrong place, or the plumbing isn’t set up properly throughout the house. What you actually need, of course, is to begin with the house design and work out how everything will fit together.

The same is true for your security system network architecture. If you don’t plan properly, your system may not be set up to cope with changes you make in the future, such as adding new devices or remote sites. Weak network architecture also makes it more likely you’ll have vulnerability in cyber security defences.

Let’s start by getting back to basics: what is your network architecture - and why should you care?

What is network architecture (and what does it have to do with the importance of cyber security)?

Network architecture refers to the layout of your network, i.e. the hardware, software, connectivity, communication protocols and modes of transmission that make up your security system. Modern security systems are becoming more complex, with a greater number of devices connected to internet networks. This is great for enhancing system capabilities because users can access live video at any time, from multiple sites, from any authorized computer.

When teams monitor multiple sites from one main control room, there is added complexity. Imagine an organization which owns multiple factory buildings that contain high-value assets and machinery: the central security team needs to be on high alert for any sign of vulnerability in the security systems at every single site.

There is also an increasing threat that internet-connected devices (such as IP security cameras) can be used as a gateway for criminals to hack into your network. The possible consequences of cyber security attacks are huge: ransom pay-outs, data theft and even businesses being closed down altogether. All organizations are at risk of a cyber attack, yet smaller businesses often feel the effects more seriously, with 60% closing for good within 6 months of an attack.

The design of your network architecture therefore needs to be a greater priority than ever. To learn more about the different types of network architecture available, you can attend the upcoming CPD Webinar: How to enhance your cyber security with Surveillance Network Integrity.

In the meantime, you may be asking: what types of architecture are available?

Centralized vs Distributed Architecture: reducing vulnerability in cyber security

There are primarily two types of architecture that organizations choose when managing the security of multiple sites: centralized and distributed.

This article isn’t going to tell you which to choose - there are arguments to be made for both models, and real world examples that can help you to make your decision.

Centralized Architecture: 

This type of network architecture centers around your central security office. Your Network Video Recorders (NVRs) are located in a central Control Room, connected by routers to your workstations and cameras at different sites. It may be easier to keep your system secure from cyber security threats because all your protection efforts can be concentrated in one place

But what happens if you are the Security Manager at a university which is about to open a new campus? The new buildings’ security assets must be integrated into your central Control Room. This will involve additional hardware and probably more bandwidth to cope with increased network traffic. If your calculations aren’t right, your network could fail because it is overloaded.

What does this mean? It means that if a cyber criminal manages to get onto one of your cameras, one server failure could bring down your entire CCTV network and leave you without protection for the people and property you are responsible for.

An important step is to ensure you know who is in charge of cyber security in each of your departments, clarify who needs access to sensitive information and define who has the responsibility of educating those involved, for example through cyber security training.

Distributed Architecture: 

The main difference between centralized and distributed architecture is that in distributed architecture, your NVRs are kept close to the cameras which they are recording.

Instead of protecting your recordings in one location, as you would in a centralized architecture, you deploy the same level of security at all of your different sites. You need to prepare your network carefully in order to eliminate vulnerability in cyber security because there are more places which need to be kept secure. On the other hand, because you are recording locally, the network traffic going through your core router is reduced substantially, providing bandwidth and hardware cost savings, because you don’t need to purchase one incredibly powerful router.

It is much harder for criminals to launch a cyber attack on your system because the equipment is more distributed; which makes it more difficult for hackers to find and bring down the important server hardware in the first place.

Also - and vitally important for your cyber security - each remote site can function as an “island”. So if a cyber attack does stop connectivity to your core network, all your cameras at your remote sites will continue to be recorded. And if one NVR is taken down, it doesn’t affect your other NVRs or your cameras: you will still have access to live video, ensuring more robust site security.

Critically, your CCTV network won’t fail due to a problem in just one area.

What next?