Pierre Racz: Vulcans Never Bluff
More than any other software company serving the electronic security industry, Genetec has embraced cloud. Genetec’s founder and CEO Pierre Racz sees cloud as a logical progression for all businesses based on economies of scale and the outsourcing of non-core competency.
In the same way Goscinny and Uderzo’s character Obelix fell into a cauldron of magic potion as a baby and was blessed with superhuman strength, Pierre Racz’s intrinsic nature and long tenure as master of his own business have imbued him with superhuman honesty. Racz swings truth beams across the dark spaces of the electronic security industry like a light sabre. Conversations with the man burst in a series of vivid exposures, revealing intricacies of technology, flaws of competitors and ways in which the future will be just like the past.
Racz has been writing code for 36 years and engineering video surveillance software for nearly 18 years, so it comes as no surprise that he sees electronic security through this prism. But far from being a cognitive bias, his opinions are predicated on real world experiences with Genetec’s high-end global client list. Combined with a gravitational attraction to straight talk, the empirical nature of Racz’s experience with progressive corporations gives his opinions an intense value.
I spent time with Racz at a round table with a bunch of security magazine editors from North America. It goes without saying that when it came to cloud none of us editors had much of a clue but we were all accurately reflecting our industry’s fears, based on lack of familiarity with cloud-based networking technology. Our local worries provided the perfect substrate from which Racz conjured up interstellar cloud.
JA: What is cloud?
PR: Cloud is a label for services provided via the internet. For instance, storing data and software at a location on the internet, not on an end user’s premises in a local server. Instead, data, software and processing power resides on a server in a remote data centre. Most of us use the cloud without knowing it – cloud is behind banking systems, online retail; as well as storage services like iCloud, Amazon and Google Drive. It’s not a mysterious new technology. Cloud has been around a long time.
JA: Some people in Australia are not convinced cloud is coming. Partly it’s our poor bandwidth and high costs but there may also be a lack of understanding of the ways cloud will benefit organisations large and small. I think there’s also a small-town idea of cloud as a repository for alarm event snapshots, or a vehicle for RMR. In the Australian security industry, cloud is not seen as a generational change in computing, not seen as the inevitable progression.
PR: The cloud is coming – absolutely. There’s a simple analogy – just imagine yourself 100 years ago. Every company had a whole group of people to run the electricity manufacturing plant that was used to power their industrial facilities. None of that exists any longer – we have outsourced that role to the utilities. There’s so much technology behind that simple wall socket or light switch that gives high availability and electrically clean power supplies. Utilities are good at generating reliable power.
In the same way our electricity distribution grids have been a huge success, outsourcing of non-core competency is happening in computing. As an end user you should be able to plug into a network and find storage and computing capacity immediately available. This should be predictable, well-managed, secure and reliable. We take those qualities for granted with electricity and we should also take them for granted with cloud – wherever a customer is in the world, they should be able to access core network functionality.
As well as being about leveraging expertise, it’s about economies of scale. There’s the purchase and maintenance of hardware, the effort companies go to in order to secure on-premise network rooms, the cost of onsite IT teams. And for most companies there are compromises at each layer. But the most expensive thing of all is cooling. For smaller organisations they simply have to pay the power bills for cooling but Microsoft has combined its computing facilities with water purification plants and in doing so has halved its power bills, making cloud services less expensive for end users. These sorts of economies of scale are the driving force behind the cloud – they are drawing big companies to more affordable cloud and in time, smaller companies will move across, too.
When we talk about core competency, let’s go deeper. Microsoft has 16 major data centres globally that are the size of football fields. These sites are extremely secure and their supporting systems are as good as it is possible for them to be. All their systems, including power and storage, are redundant. Their storage arrays are not stuffed into hot, humid basements, not located adjacent to poorly secured general office space only to be thought of when something breaks. We have a lot of high end clients with degrees in security management, criminology and sociology, but not necessarily in technology. Microsoft is an expert in data centres. Our customers are experts in something else.
“100 years ago every company had a team of people to run the electricity manufacturing plant powering its industrial facility. None of that exists any longer – we’ve outsourced power generation. It’s the same with cloud”
JA: Something I see in Australia is the assumption that cloud is for small players – 24-hour retailers and small organisations whose needs are small enough to remain within a particular bandwidth headroom – typically ADSL2+, which here is alleged to be 12Mbps down and about 1.8Mbps up, though this depends on contention, distance from the exchange and how many kids are avoiding doing their homework at a given moment. Who do you think cloud is for?
PR: There are many variables when it comes to using cloud and we have multiple products to suits customer needs. For large end users it’s about economies of scale but there are also smaller players who find cloud works for them. Some will keep the last 30 days on-prem (on-premises) but duplicate the last 24 hours in the cloud for protection against disasters, or damage or theft of the device – that’s what hybrid cloud gives smaller end users. It also lets customers try features before they buy – like Genetec’s Mission Control. If they like these features they can put them on-premise, or leave them in the cloud. Certainly, cloud first is our strategy.
JA: You are approaching this with a different mindset to that other people are projecting – they’re catastrophizing minute risks into prophecies of doom but you see cloud as the logical next step in computing.
PR: It is the logical next step in computing. You have to imagine this in terms of scale. When it comes to large customers, we use Dell containers that might have 1000 servers inside them and are located in football field-sized data centres. These centres are highly secure, the data is encrypted so that it is highly secure and at every layer, the economies of scale are completely different.
But yes, it’s a whole different way of thinking. Through key partnerships with global providers, Genetec retains enormous storage and processing capacity in the cloud and we make it available to our clients at the least possible capital expense to them. We are saving the end user money. Once they are passed a certain size in terms of network demand, cloud makes perfect sense and once customers need this capacity for other parts of their business, adding CCTV is easy.
JA: How deep is Genetec into cloud technology, are you fully invested in cloud as the ecosystem of networking’s future?
PR: We have a hybrid cloud, cloud first strategy. Genetec has embraced cloud and is moving many of its services into the cloud, believing that if data is properly protected and encrypted, cloud is far more secure than local storage models. Our partnership with Microsoft basically gives us a footprint in many data centres in many countries in the world. In the US we have 4 regions plus the government cloud, we have Brazil, Ireland, the Netherlands, Australia, Singapore, Hong Kong and Japan, with Mainland China and India coming online soon.
This gives us a lot of capability to support clients wherever they are in the world, as well as giving us a lot of flexibility when it comes to data sovereignty. We leverage this partnership on behalf of our clients through multiple Genetec products. Stratocast is a totally cloud-based CCTV solution with cameras linked directly to the cloud and can also be federated back into Genetec Security Center. We have cloud archives, which is our tiered storage within the cloud which enables any Genetec VMS system to have cloud storage.
There’s also our new automatic license plate recognition (ALPR) managed service, AutoVu, which can be hosted and managed in the cloud allowing a smaller city or law enforcement agency to go ahead and deploy cameras in vehicles and not worry about having a to accommodate locals servers or fight with an IT department about bandwidth, processing power and storage capacity.
We have created a solution that allows companies to start testing the cloud – we call it hybrid cloud because our system can have as much or as little cloud as customers want out of the box. You can have zero cloud or all cloud, and unlike others in the industry, we offer anywhere in the middle, which is very useful.
A user might keep their first 30 days on-premises and the next 365 days in the cloud at reduced resolution. Some major clients are beginning to want to keep 730 days (2 years) of storage for regulatory purposes. Some major clients are beginning to want to keep 300 days of storage for regulatory purposes. Managing such a large storage array is a big problem – the best place for this is the cloud and those customers are implementing such solutions.
JA: Are some video surveillance tasks more suited to cloud than others?
PR: Anything possible with a local computer system is possible in the cloud. But some things are more attractive for particular end users. If you consider ALPR, it’s relatively computationally heavy. Our Sharp camera is actually a PC with 2GB of RAM. It needs a lot of processing power. Ordinary CCTV cameras don’t have the processing power to do as a good a job as Sharp at ALPR so with AutoVu services in the cloud handle processing so end users can employ standard IP cameras to handle their LPR needs in real time.
For many users, it’s a very inexpensive option that allows them to access needed services immediately with no capital outlay. For instance some clients in North America pay $US200 for a 200MB symmetrical connection, which is great. With this connection it’s nothing for them to have 10 ALPR cameras in the cloud and they don’t have to install the computing power on-prem to handle the task.
For us there’s a sales advantage in that we can offer this service at a lower cost to the end user than a server-based solution. Additionally, if something goes wrong we are in a much better position to help our customers. At all layers, cost savings go directly to the end user. No up-front cost, no maintenance, no power demand, no need for network level physical security levels for one network single room. And all this means greater reliability. Cloud is not for everybody but there are many applications that cloud is perfect for.
JA: An anthropologist or sociologist could explain why this is so, but observation indicates humans have an instinct to clutch those things that are important very close to them. It’s the same with data. We’ve also had some widely publicised breaches of consumer cloud services – private celebrity photographs spring to mind. What about security of data in the cloud? Can end users feel their sensitive data is entirely secure in a cloud environment?
PR: Unsecure data or miss-handling of evidence takes place much more often outside the cloud than inside it but the handful of instances it takes place in the cloud are huge media events. Done properly, cloud is way more secure. Our answer is that data is encrypted at the application level before it goes into the cloud.
The way we do it is that each of the cameras has an individual label and you have to provide a key to access them so these sorts of security breaches are simply not possible. For instance, we can configure the system so that the cryptographic keys that allow access to cameras are changed every 5 minutes. You can’t decrypt 256-bit cryptography in 5 years, let alone 5 minutes.
If someone can decrypt an end user’s video stream they will have broken 256-bit peer-reviewed cryptographic techniques and the global financial system will be wide open to them. It really is something people need to get comfortable with but it’s not a major issue. We are quite confident that unless you are careless with cryptographic keys, no one can access your data in cloud. Really, the only way to get into encrypted data streams is to insert key loggers into hardware to capture passwords during hardware manufacture.
JA: Is there any concern with storing video footage outside a country when it comes to data sovereignty?
PR: There are unfounded concerns about this. Major providers in this space, like Google, Amazon and Microsoft, are fighting this battle on behalf of their customers. The countries in which we have data centres have no such problems.
JA: Is there a downside to cloud? For instance, in Australia there can be issues with bandwidth, latency, contention through oversubscription and uptime, especially outside of metropolitan areas.
PR: Let’s go back to our analogy of electricity generation. I have seen MTBF (mean time between failure) figures from power companies that suggest the probability that you’ll have failures of more than 24 hours, once every thousand years, and data centres have generators that can cover longer periods than that. This means buying a 24-hour UPS for your company’s use is not a good investment. Each year, statistically, there might be an outage of ten minutes, so buying a UPS that can handle short outages of one hour is a good investment.
The same analogy can be used for cloud. You will have network outages – for instance Microsoft’s SLA is 99.95 per cent uptime – this translates into 4 hours of downtime per year. What this means is that you need local recording capacity able to handle say, 24 hours per year. This will cover your cloud-based system completely – it’s essentially a local software UPS.
In any case, whatever reliability that you want, we can engineer it. You have to assess how much you reliability you are prepared to pay for. For instance, banking networks are designed to 99.999 – 5 minutes of downtime per year and these are very expensive networks. Even airports don’t engineer to that level – they build to 99.90 – about 8 hours of downtime per year.
Is there a downside to cloud? It’s a trade-off. For some users who already have the network capability there might be no associated costs. Many large organisations keep all their sensitive documents in the cloud – this is a process that is already taking place. What is it to them to include video surveillance cameras? It’s nothing to them, it’s not a problem. But there are other customers, for instance those in the Canadian North where the internet service is not so good, and cloud is not for them.
JA: What about those end users who say they absolutely cannot accept the loss of network connection, ever?
PR: You have to design your system taking into account the requirements you have. Perhaps as a hybrid system, with the main part in the cloud and a supporting part installed locally to handle network downtime. Something we’ve not touched on is the reliability of local networks handled by local IT staff, or by contractors. They are often not reliable at all.
Let me tell you a story – there was a North American organisation that had an on-premises CCTV system that was recording all the video relating to particular serious crimes in a single storage bay.
A major failure occurred to that storage bay and it was offline for 2 months. As the organisation was rebuilding from the failure they had no access to that video evidence and this impacted on criminal cases – the criminals walked free based on lack of evidence. This organisation has now moved to the cloud and wants no more on-premises storage.
JA: From Genetec’s point of view, what other trends is the team working towards, what’s in the front of your minds?
PR: High performance computing is an area of focus for us – this relates to 4K – we are one of the first VMS’ to be able to handle 4K – we now have hardware accelerated decoding where we can do four 4K cameras per graphics cards on a run-of-the-mill Dell Corsair. It’s important, especially for users like casinos that move a lot of high quality video around. We have created reference architectures and get high performance at a reasonable cost – we can do 800Mb bandwidths out of the box, which is strong and we are working on stronger performance still.
JA: Do you see 4K as being the next big thing – as being a new standard for CCTV cameras?
PR: No, not yet. Integrators are comfortable with HD, they know how much storage they need, how much bandwidth they need. 4K is leading edge and ideal where you want wider field of view, deeper fields of view for stadiums, highways, airports and large public spaces but inside a room like this one, it’s just not necessary.
JA: Do you think 4K and the cloud are technologies that are at odds with one another – one technology dependent on maximising restricted bandwidth, the other pushing hard on the boundaries of resolution?
PR: No, they are not at odds with one another. To paraphrase Wayne Gretsky: “Don’t look at where the puck is, look at where it’s going”. The only thing going faster than Moore’s Law is network bandwidth availability. Canada is a bad example but in Sweden you can get 200Mb symmetrical for $E15 as an individual and $E35 as a company – that’s very affordable. In the US in places it’s about $US50-60 and in Japan, the equivalent of $US40. Then there’s hybrid – you can trickle off to the cloud at lower bandwidth, or you can store alarm events or IVA events. What all this means is that when the market is ready for 4K and improvements in compression and low light capability make 4K ready for the market, networks will be ready for 4K.
JA: Genetec started out behind the scenes engineering solutions for other companies and is now one of the leading players in VMS globally. It looks like you are the last man standing – a privately-owned software company combining all the best qualities of the old school – medium-sized, light-footed, passionate, able to inspire loyalty. What do you think about the consolidation of the software industry?
PR: What we are seeing is the weaker players dropping out of the market – in my opinion they are giving up. We’ve been doing this for 17 years – there’s an equation about software development which states “effort X time to the fourth power, equals a constant” meaning that it's tough to break into software development now and we have mathematics on our side. Certainly latecomers have been flattering us with their imitations but it’s very hard for them to duplicate our capabilities, especially to the depth we have developed them. Competitors can’t handle forward or backward compatibility, they can’t handle complex security models.
JA: What about camera makers and corporates getting into software development very late – what are their chances outside proprietary solutions?
PR: Making software by non-software companies is difficult – if you look at some of the big companies gobbling up smaller players, they will face a challenge, in my opinion. Non-software companies that apply corporate operations models to software development tend to fail. The software industry is in a process of natural selection and you will see fewer players but among the leaders you will see Genetec. Genetec has always been a company that has been able to adapt quickly and turn on a dime and it’s one of my focuses to ensure we continue to do it. ♦
John Adams with Pierre Racz