For technology managers who need the highest level of security, a comprehensive video, audio, and data protection strategy ensures real-time delivery of video and data. Best practices include securing data with strong encryption, classifying network traffic with appropriate Virtual Local Area Network (VLAN) tagging so it can be routed to the correct network, and prioritized and controlling user access through the use of access lists and permissions from Lightweight Directory Access Protocol (LDAP) or MS Active Directory. The most imperative tactics in a robust security strategy are constant system monitoring and the implementation of timely system upgrades as new vulnerabilities are discovered.
The first and most important aspect of securely sharing video, audio, and data in real time is to identify who is receiving the data, where they are, and how they are going to receive it. There are different solutions for various locations and delivery methods.
In an operations center where network bandwidth is not an issue, physical security exists, and everyone is within earshot or eyeshot of one another, video resolution, low latency, and audio fidelity are essential. These situations are where tools like video walls, ultrahigh definition displays, and annotation/white board systems may already in place. Since users can see and hear each other and share information easily, synchronization and timing are essential. Being able to share data on a wall allows everyone in the room to experience it at the same time. Design of the AV architecture is focused on performance, lower latency, and high bandwidth and will probably rely on technologies like HDBaseT, HDMI, Display Port, AVB, and Video over IP.
Because these technologies were not necessarily designed with security in mind, selecting a complete infrastructure for securing AV is paramount. A well-designed video and audio switching and control architecture can provide much of the security that the AV technologies lack. One key best practice is to apply access control lists in video switchers, which can limit access to video and audio by source and destination. These access control lists make sure that classified information is only routed to authorized destinations. Display wall processors, multiviewers, and switchers ought to be managed cohesively so that video and audio can be controlled and access permissions can be limited on an end-to-end basis.
WHAT ARE THE CHALLENGES OF REMOTE WORKERS AND SECURITY?
In addressing the security challenges of delivering video, audio, and data to remote users, network transport security is the first element of a multilayer security deployment. Never assume that the network is secure when streaming video and audio. Secure the streams using strong encryption either in the streams themselves or by using a Virtual Private Network (VPN).
Whether they are video/audio/data sources or destinations, endpoints that support VLAN tagging are best. That way, connections to endpoints can be segregated for both security and priority. Endpoints should also support strong encryption such as AES/128 or greater and user authentication. Many organizations use LDAP or Microsoft Active Directory to handle user permissions. It’s advisable to have endpoints that can access these repositories of user and device accounts and perform authentications on the network.
Each device needs to use authentication with a unique password. If a device is lost or stolen, the password can be revoked and the device is kept out of the network. If one device is stolen on a system with shared passwords, the entire network is compromised.
For roaming users, utilize VPNs to create tunnels to secure access to the network. When choosing a VPN technology, consider what latency it might add to the video and audio stream. There are many different VPN implementations, some of which provide substantially better video and audio performance than others.
In addition, video and audio content should be encrypted using technologies such as HTTPS or VPN tunneling to authorize access to the content. Since video and audio have to be compressed to travel over these remote connections, the tradeoff between compression and quality must be addressed. You can have high frame-rate, high resolution, low compression, low latency, or low bandwidth, but you can’t have it all. Picking the right codec/compression technology depends on your needs. A highly flexible compression technology like H.264 or H.265 is generally a good approach, as it can be tuned to meet many needs.
COMMON MISCONCEPTIONS ON MULTIMEDIA COLLABORATION SECURITY
The most common misconception about multimedia collaboration security is the assumption that the network is secure. Securing multimedia by employing strong encryption in video and audio streams themselves or by using a VPN will help mitigate vulnerabilities.
Additionally, many AV systems on the market try to use “security through obscurity.” This approach uses either a proprietary transport protocol or some other hiding mechanism, under the claim that this secures the system. Without a strong cryptographic algorithm, your AV system is not secure.
Also, many AV systems rely on securing access to the video switching and control system as the only way of locking down access. This is one facet of security, but securing the content itself is also crucial. Protecting data with strong encryption, classifying network traffic with VLAN tagging for routing to the correct network and prioritization, and controlling user access through the use of access lists and permissions from LDAP or MS Active Directory are also essential for multimedia security.
What it all boils down to is this: security is never complete. At best, you can only say that on this day, at this time, to the best of your knowledge, the network and video/audio are secure. It is necessary to check for vulnerabilities every day and to keep your systems up to date.
Bob Ehlers is the vice president of Vertical Markets and Strategy at RGB Spectrum (www.rgb.com).
3D VIDEOWALL: “GREATER THAN 8K”
|An interactive videowall from Planar helps Samtec enhance the attendee experience at its Indiana HQ.|
The videowall from Planar, a Leyard company, comprises fifteen 55-inch Clarity Matrix Multi-Touch LCD Video Wall displays in an array of five-wide by three-high configuration (5x3). With its interactive capability viewers can select a Samtec product, scale it up or down, and using familiar smart-screen gestures, view it from all sides and inside-out to explore its unique properties.
“While this is but one capability of the videowall, it is a critical one because it gives visitors the ability to really see into our products, many of which are microscopic in size, in a way that even having the product in-hand does not allow. That deep-dive look reveals Samtec’s many aspects of product differentiation and exceptionalism,” said Ashley Quinlan, manager of communications at Samtec.
Quinlan and her colleagues at Samtec were joined in the planning, selection and installation of the new videowall by David Perry of Fivestone Studios (Nashville, Tennessee), experts in building immersive digital experiences, and Marc Theodosiou, a long time visual and audio technology strategist, also based in Nashville.
The videowall is a platform for myriad critical Samtec content, ranging from still images to videos to 3D product representations. Therefore, image quality was a key requirement. Clarity Matrix MultiTouch meets this with a total display resolution of 9600 x 3240, “which is effectively greater than 8K,” said David Perry, producer at Fivestone Studios. “We also needed a virtually seamless surface so as not to distract from this stunning content.” A tiled bezel width of (5.5mm), vibrancy, and brightness (800 nits) and consistently high color saturation delivered on this requirement as well.