End users want simplicity, so how does a corporate organisation balance AV that’s easy to use with the demands of network security? Paul Milligan gathers expert opinions.
All end users want simple AV systems, things that you don’t need to read a huge manual to use or have a CTS in programming to operate. This has always been the case but the launch of Barco’s ClickShare in 2012 took the popularity of one button control to a new level, and you’ll face a sea of disgruntled users now if simplistic controls aren’t on the menu.
The other side of this coin is that to make AV systems so simple to use that user control is reduced to one or two button presses requires clever products, smart programming and a network that can host a range of devices (including personal devices) to accommodate BYOD (or BYOM). Corporate organisations also have to deal with visitors coming into their offices who want to present to an audience, or want to access the internet to grab a presentation hosted in the cloud, for example.
That also presents huge challenges because no IT team wants a stranger wandering around their network unsupervised. So how does a corporate organisation balance security with ease of use? Can you provide both or is there a trade-off? We asked a cross-section of the AV industry to find out.
Providing easy-to-use systems that are also secure isn’t difficult, says Rainer Stiehl, Extron’s vice president of marketing for Europe. “The key is thinking about security from the outset and fully integrating it into system design. Security issues, like many design considerations, become harder to resolve the later they are addressed.”
You shouldn’t have to compromise on either says Joel Mulpeter, senior director of product marketing, Crestron. “Obviously security is a zero trust game. Everything needs to be secure otherwise it can’t go into corporate environments. At the same time, it can’t get in the way of people just using the room, they need to be able to go in and just operate the room. The odds are that 99% of the people that use a meeting room don’t know about the technical background of it, they simply want to meet, and technology can’t get in the way of that.”
AV-over-IP security has typically been approached in a security-by-obscurity fashion says Jim Kidwell, principal product marketing manager, Audinate. “Security is mainly addressed by configuring AV-over-IP systems on their own networks and air-gapping them.
This approach has benefited integrators and end-users for many years, yet with the pressures of modernisation, AV/IT convergence and cost-cutting, it may not be satisfactory in the near future. Converging AV and standard IT networks and opening networks to the internet expose security concerns that have been previously overlooked. Now, these concerns are not insurmountable. With some planning, it’s not difficult to establish modern, secure AV-over-IP systems.”
Creating easy-to-use systems for complex spaces requires an integrator that has a thorough understanding of both the technology within a space as well as the desires of the people using it, says Jeffrey Veatch, product manager, workspace solutions, Harman Professional Solutions. “User interfaces can be designed to simplify any technical complexities and control systems can marshal disparate systems into a cohesive unit, but a considerate integrator is required to make that happen. As a manufacturer, we provide tools, like Muse Automator, which make programming simple, and provide templates for user interfaces, but only the integrator can sit with the customer, discuss their specific needs, and deliver a bespoke solution.”
It becomes difficult because the simpler the hardware, the less features they generally have says George Pierson, integrated network services consultant for integrator Yorktel-Kinly. “We find if we go for the very lightweight systems where you don’t really want the user having to do very much, then those devices are generally cheaper. But if you want to do something a bit more complex and more integrated, then really, you’re adding quite a lot of devices into the picture at that point.”
To find a solution to this question, is it typically one product (or platform) that can do this, or is it normally a clever mix of products that provides ease of use and security? It’s a combination of factors says Mulpeter. “It’s making sure the UC provider platform has the security it needs so people can join calls with remote participants who are not within the tenant, whether they can do BYOD calls or not.
All those bits of functionality that happen on the Teams or Zoom site. For the in-room experience it’s making sure that product is secure and allows them to do content sharing, automate the room, BYOD, because you’re interacting with the hardware to enable BYOD. But if you want to disable that, then that can be done in the room as well. And then it’s making sure all that works harmoniously, so the platform and the products are working hand in hand.”
In simple applications, like huddle spaces, straightforward conference rooms, or basic presentation spaces, a single product designed for the application can deliver a simple to use and secure solution says Veatch. “Delivering a customised solution that precisely meets the needs of an individual customer does require a combination of products from different manufacturers, fortunately for integrators this has become more straightforward due to technologies such as Dante, which creates networked AV compatibility between streaming devices that support it, regardless of manufacturer.”
Staying within a single manufacturer can provide you with an easier ride, says Pierson. “If you stay within an infrastructure, Q-SYS or Crestron for example, then it’s less challenged than having to work out different manufacturers’ security abilities and requirements. Whereas if you have multiple devices from different manufacturers and they’ve all got to be maintained, sometimes during the patching of a device it stops working with another one because you’ve gone past a level of security where the other one hasn’t reached yet.”
Staying within one manufacturer’s ecosystem doesn’t mean you can stop being vigilant though he explains. “Even if you stick with a specific manufacturer, keeping it up to date is easier but it doesn’t necessarily mean you are secure because you’re at the reliance of the manufacturer having done their bit on their side. Look at a Windows updates, you only get the update when Windows provides the update, you can’t necessarily fix it for them.”
We asked our panel for the best advice on providing easy-to-use systems that offer network security, and the answers, like this from Rainer Stiehl, were pretty unanimous “Address security from the outset of the design process, and involve AV, IT, and network security teams from the beginning. If products require specific security features, requirements, or certifications, ensure that all equipment and systems meet those requirements.”
Start with security by design, adds Veatch: “Choose products that support industry-standard technologies like 802.1X, LDAP, and X.509 certificates. Look for manufacturers with proven track records of delivering secure products with JITC or other government certifications.”
Addressing evolving end-user needs with security in mind ensures the system remains scalable and flexible for years to come says Kidwell. “Modern AV-over-IP systems must deliver security while allowing expansion without the limitations of closed architectures that restrict product selection. AV-over-IP-based systems on a platform like Dante provide easy interoperability, product selection, connectivity and security options to configure flexible architectures for the life of the system.”
Is there a compromise to be had at the very heart of this issue, do you have to lose some ease-of-use functionality to provide the level of security organisations are demanding? Not necessarily says Stiehl. “Again, this can depend upon how well and how early security is integrated into the overall system design. For example, a wireless presentation system might employ simple display codes to manage who connects their laptop to a local display. Other options, such as LDAP security, can allow access control based on network login rights, reducing the burden on the user. These systems may shift effort to AV or IT managers, simplifying the end user experience.”
Pierson is another who feels you shouldn’t have to compromise too much: “If the system’s been designed with security in mind, you don’t normally have to hold back on certain end user abilities as such.”
Something shouldn’t have to give agrees Mulpeter, but he acknowledges there’s work to be done to get to a perfect world where both parts are being serviced. “It’s having the right understanding of what both sides are trying to achieve and coming to a common understanding (and common documentation), to say this is how our rooms are going to operate and here are the reasons why. It shouldn’t involve compromise, but if that’s not done early enough it will result in compromise if the right time isn’t put into the planning of it.”
You don’t necessarily have to lose some functionality, but it requires thoughtful design says Veatch. “For example, AMX systems allow integrators to create user interfaces that hide complexity behind simple buttons, even when the backend uses secure authentication and encrypted communication. The goal is to make security invisible to the end user while maintaining compliance.”
One area where achieving both is tricky, and there has to be some compromise, is when installing assisted listening technology. George Pierson explains: “You pick it up through your phone or Bluetooth and it’s broadcast like the old-fashioned loop amps. That’s usually done wirelessly now. The problem is that when you want internet access and users attach their phone to that, are you now a corporate device? Do you allow people to do that? Then a guest comes in and are they allowed to do it?
"Because they’re a guest they can’t connect to that Wi-Fi. Suddenly you have to think, how are we going to get around this problem? What we sometimes see is people effectively build two systems - one for guests and one for non-guests. That comes at a price because you have to buy twice the hardware.
"Or you have to compromise and say, this whole thing is going to be unsecure. It’s all going to sit on guest, or you say the guests can’t use it. But you can't have that with something like assisted listening because you're isolating people that might need it. Assisted listening and products, like audience engagement technology, really does cause a headache with security. Often, there has to be a compromise.”
BYOD is one area that sits right in the heart of this question. Is BYOD still as popular as it was? Are we still having to meet the demands of BYOD in big numbers? It has been widely embraced, and BYOM (Bring Your Own Meeting) is also becoming more of a standard, says Veatch. “With the rapid development cycles of collaboration software, flexibility has become one of the highest priorities in meeting room AV design. Especially in BYOM capable designs, connectivity has been the biggest hurdle. For several years it’s been difficult to provide the right types of input technologies to support the different generations of laptop that might be used in a space. Fortunately, with USB-C, we can finally deliver a solution that is, basically, universal to every mobile device, and we can do away with the dreaded dongle.”
Pierson is in full agreement: “A lot of BYOD tends to be USB-C. We’re still in that cable world, but it’s now USB-C rather than HDMI and other extra ports. People like that single connection, we see less of the wireless-style BYOD, that was really spiky at one point. Now people are less bothered about wireless sharing. People seem to have no issue with walking into a room and using USB-C. The big names still exist, Clickshare and AirMedia for example, but a lot of clients prefer having a physical dongle for that as well. You walk in the room, you plug in your dongle, then share. A lot of the pushback on that is around having to install software in people’s laptops.”
Most organisations have embraced BYOD and encourage users to bring laptops and mobile devices to meeting spaces, and they want to give their users flexibility and the ability to use the devices they prefer says Stiehl. “That said, some organisations still prefer for people to use dedicated meeting room computers and require logins for content access or remote connections via Teams, Zoom, or other UC platforms.”
The final part of this dilemma is regarding visitors, how are organisations dealing with external people coming into a meeting potentially with their own device? Are they keeping them completely separate on a guest network away from the main one?
It was one of the key reasons Crestron created AirMedia and the media series 3 platform says Mulpeter. “We made sure the dongle device has a direct connection to the base station. It doesn’t go via the network - although it can now, following a recent update - because of the complexities involved in passing that traffic across the network. The way we typically do that by default is it directly connects, which allows the user who comes in the room who’s a guest of that facility to just simply need an outside world internet connection. They don’t need to actually see the AirMedia base station or see the peripherals in any way. They’re free to connect to 5G or LTE on their phone but can also just join a guest Wi-Fi network.”
Generally, organisations will deal with this issue by having Wi-Fi guest access says Pierson. “It’s usually done with a code, which you have to request from your host. Some of the techier companies will provide it automatically.”
It’s clear this issue is on the minds of many in the AV world. Manufacturers and integrators are working hard to provide systems that are simple to use while still being secure enough to satisfy the rigorous (and unyielding) demands of IT departments across EMEA. It’s yet another consequence of AV kit migrating onto the network we’ve seen in the last 15 years or so. The good news for everyone is that teams of talented and skilled people are focused right now on solving it.
image credits: Kinly
shutterstock/Ground Picture
shutterstock/LightField Studios
shutterstock/GamePixel
shutterstock/dotshock