Like many sectors, surveillance is undergoing a profound transformation. In the past, surveillance was static and passive. Digital technologies in the early 2000s made surveillance smarter. The cloud, IoT, AI and Machine learning has further swung surveillance towards being smart, agile and responsive, where IT can be leveraged to detect patterns, identify anomalies, and anticipate potential threats even before they escalate.
With physical and cybersecurity increasingly converging, IT today plays a critical and central role in integrating security systems.
To learn more, iTNews Asia looks deeper into video surveillance in a conversation with Kiean Khoo, Asia Business Head, Milestone Systems on how modern surveillance has evolved – particularly in industries like retail, logistics, healthcare and critical infrastructure, many which are moving towards converged security in their business transformation – and what they should look at when developing their surveillance strategies.
iTNews Asia: How is modern surveillance changing? Is maintaining separate physical (traditional security) and cybersecurity operations creating new security threats for organisations and making them more vulnerable?
The shift from traditional, passive surveillance to AI-driven, intelligent systems is transforming how organisations approach security. A major challenge many businesses face today is the siloed nature of physical security and cybersecurity operations. Historically, these areas have been managed independently, with physical security focusing on surveillance and access control, while cybersecurity operations addressing data and network protection.
However, in an increasingly interconnected world, this separation can create significant vulnerabilities. Physical security systems like surveillance cameras, access control system and alarms rely on networks to transmit and store data. If these systems are not integrated into the broader cybersecurity strategy, they can become entry points for cyberattacks. For example, vulnerabilities in a surveillance system could be exploited as a gateway to compromise the entire network of the organisation.
Video surveillance cameras, which can be viewed as part of an enterprise’s IoT (Internet of Things) roster, are increasingly targeted by cybercriminals.
iTNews Asia: Have there been any recent examples you can share (in Asia or globally) of breaches occurring and causing significant risks to the business because of the gaps?
The 2016 DDoS (distributed denial of service) Mirai attack was the largest of its kind to date. In that attack, hackers hijacked over 100 000 devices – including security cameras – and used them to form a botnet, launching massive DDoS attacks on high-profile websites like Amazon and Twitter.
The cameras were infected with the 'Mirai' malware, which exploited weak or default passwords to gain control. Once compromised, the cameras continued to operate normally, but secretly contributed to flooding websites with traffic.
This incident underscores how vulnerabilities in physical security systems can lead to major cyber breaches. It highlights the critical need for organisations to adopt integrated, proactive security strategies that bridge the gap between physical and cybersecurity.
While there have not been any IoT-based incidents since, this incident serves as a case study from which we can always draw reference.
iTNews Asia: How is traditional video surveillance (usually physical) converging or overlapping with cybersecurity surveillance? What is the difference between on-premise and cloud surveillance?
Today, video surveillance no longer operates in its silo. As physical security systems, such as CCTV cameras, become connected to enterprise networks, they increasingly converge with cybersecurity. This means that organisations must think of surveillance not just in terms of physical protection, but also in the context of securing data and digital infrastructure.
For example, an IP camera connected to a company network could become a potential cyber vulnerability if not appropriately protected. In this layered security approach, physical access points and digital threats are managed together to provide a more comprehensive and resilient defence.
When it comes to (physical) on-prem vs cloud surveillance, the distinction typically lies in how and where footage is stored and accessed:
- On-prem surveillance systems is where video footage is stored locally, often on internal servers or hard drives. This gives organisations direct control over their data, which may be preferable for companies with strict compliance or data sovereignty requirements.
- Cloud surveillance, on the other hand, stores footage on remote servers managed by third-party providers. This allows for greater scalability, real-time access from any location, and lower upfront infrastructure costs.
iTNews Asia: How should a business decide between on-prem and the cloud in their surveillance?
It shouldn’t be an either/or decision. Businesses don’t necessarily have to choose between on-prem and cloud-based systems. Many are adopting hybrid surveillance models that combine the control of on-prem storage with the flexibility and scalability of the cloud. This hybrid approach allows for a gradual migration to cloud infrastructure while maintaining existing physical assets, which is ideal for organisations balancing operational continuity with innovation.
Ultimately, the right strategy depends on a business’s specific needs, such as scalability, budget, data sensitivity and regulatory obligations. What’s critical is recognising that surveillance today must be considered part of an integrated security strategy that spans both physical and cyber domains.
iTNews Asia: Not many organisations have made the adjustment towards converged security. What challenges do they face in developing a converged strategy and ensuring business continuity during crisis?
One of the biggest hurdles is organisational silos. Physical security and cybersecurity have traditionally been managed by separate teams with different priorities, budgets and systems. This separation creates gaps, both in visibility and response, especially during a crisis where coordination is critical.
- Kiean Khoo, Asia Business Head, Milestone Systems
Another challenge is legacy infrastructure. Many organisations still operate outdated surveillance systems that are not designed to integrate with modern IT environments. Retrofitting these systems, while ensuring uptime and continuity, requires careful planning and investment.
There’s also the issue of skills and mindset. Developing a converged strategy demands cross-functional expertise – security professionals who understand IT, and IT leaders who appreciate physical risks. Building that shared language and capability takes time.
Lastly, business continuity during crises depends on real-time data and fast decision-making. A converged security approach enables exactly that: linking access control, video and digital threat detection into a single, actionable view. But to get there, organisations need a clear roadmap, executive buy-in, and interoperable platforms that do not lock them into a single vendor.
We believe that open-platform video technology plays a central role in this journey, as it ensures businesses have the flexibility required to evolve their security strategy while maintaining resilience and operational continuity.
iTNews Asia: How critical is a converged security strategy in an organisation’s business transformation, for instance, sharing threat information and collaboration between both teams?
A converged security strategy is critical to business transformation. Through the integration of physical security and cybersecurity, organisations can ensure a unified response to threats, making it easier to share threat information across teams in real-time. This collaboration enhances situational awareness and allows for quicker decision-making, reducing the risk of disruptions.
In today’s digital-first environment, security is a shared responsibility. A converged approach ensures that all teams, from IT to physical security, are aligned and can respond to emerging threats more effectively, helping maintain business continuity and protecting assets.
iTNews Asia: How critical is it for the IT director/manager (in relevant industries) to understand the convergence? Should IT take the lead on converged security initiatives?
IT directors or managers must understand the convergence of physical and cybersecurity, especially in industries such as finance, healthcare, infrastructure, logistics or government. As digital transformation accelerates, IT teams play a central role in integrating security systems as they are best positioned to understand network architecture, access control, device vulnerabilities and data protection.
While IT should lead the technical integration of converged security, successful implementation requires collaboration across departments, including physical security teams. IT should drive the initiative, but it must be a cross-functional effort to align technology with business needs.
iTNews Asia: Which industries are best placed to take advantage of the convergence?
Industries that rely heavily on both physical security and data protection, like retail, logistics, healthcare and critical infrastructure, are best placed to benefit from convergence. These sectors often deal with high volumes of sensitive data and assets that require protection from both physical and cyber threats.
Organisations in sectors such as financial services and manufacturing, which are increasingly adopting digital transformation, also stand to gain from a converged security strategy to ensure comprehensive protection across all touchpoints.
iTNews Asia: What should be the goals for an organisation when developing a security strategy? How important is the need to have a proactive security stance?
The primary goal when developing a security strategy is to protect people, assets, data and operations while ensuring business continuity. Organisations should focus on risk mitigation, real-time threat detection and a unified approach to both physical and cybersecurity.
Reactive security might only respond after the damage is done. Proactive security prevents the damage from happening in the first place. It allows businesses to identify and address threats before they escalate, reducing the potential for costly breaches and downtime. A reactive approach, on the other hand, leaves organisations vulnerable and unprepared for emerging threats.
iTNews Asia: What best practices/advice can you give for organisations who are building and operating a converged security strategy?
To execute and implement a successful converged security strategy, start by ensuring integration between physical and cybersecurity systems. This requires the right technology, such as AI-powered surveillance and cloud solutions, that can bridge both domains effectively.
The evolution and rapid adoption of AI is reshaping the way organisations approach converged security strategies. AI’s ability to do more with less is a game-changer, enabling predictive identification of potential security threats before they escalate. For example, AI can detect anomalies in surveillance footage, such as unusual behaviour patterns, allowing security teams to take proactive action rather than reacting in the aftermath.
This proactive approach ensures that issues are addressed quickly, preventing possible crises from happening and maintaining continuous security coverage. Organisations can leverage on the power of AI to streamline operations and enhance the overall effectiveness of their converged security strategy.
On the ground level, collaboration between the IT, physical security, and executive leadership teams is crucial for alignment and clear, effective communication; especially in large organisations. Regular training and shared threat intelligence will enhance the overall effectiveness of the strategy.
Lastly, constantly assess and update security systems to adapt to emerging threats. A flexible, scalable approach will ensure your organisation stays resilient and secure in a rapidly changing environment.
