The badge reader is Facilities’ problem. The DVR in the server closet is Security’s problem. The network everything runs on? That’s yours. This is where Cloud AI physical security come together. And it was a main point behind Liberty’s booth at ISC West.
If you’re an IT Manager or Network Admin in an enterprise environment, you already know how this goes. Decisions get made above your pay grade, hardware shows up, and suddenly you’re responsible for uptime on a system you never spec’d, never approved, and barely understand. Physical security has always been the wild west from an IT governance perspective.
But something shifted at ISC West 2026 last week. And if you weren’t in the room, you need to know what’s coming down the pipe. Because it’s heading straight for your network.
The Quiet Cloud Migration Your Security Team Is Already Planning
Here’s the scenario. Your organization has a fleet of IP cameras — some old, some new, a mix of brands, probably a DVR somewhere in a back closet that nobody has touched in three years. Your physical security team wants smarter analytics. They want AI-powered detection. They want push notifications when something specific happens on camera.
So they start asking questions. And the market has answers.
At ISC West this year, the conversation kept circling back to a new category of product: cloud-layered AI for existing camera infrastructure. The pitch is compelling. Take your current ONVIF-compatible cameras and connect them to a cloud platform. The AI processing happens in the cloud, not on the camera. You get intelligent detection, object recognition, searchable video, and mobile alerts. All without a full rip-and-replace.
Sounds painless, right?
Here’s what they don’t lead with in the demo.
Physical Security Is Moving to the Cloud Without a Change Management Process
That ONVIF camera that’s been sitting quietly on your network, pointed at a parking lot, generating maybe a trickle of local traffic to a DVR? Once it’s enrolled in a cloud platform, the data equation changes completely.
Video is now leaving your building.
Continuously. In real time. To a third-party cloud provider.
At ISC West, one vendor framed this as a feature: “You can choose which cameras go to the cloud and which stay on the DVR.” That flexibility is genuinely useful. But from an IT governance perspective, it also means a Facilities Director or a Security Manager can make a selective, incremental decision without it ever triggering a formal IT review process.
No procurement ticket, network assessment, or security questionnaire.
Just a box check in an app.
Ask Before the Cameras Ask Your Firewall
Before any cloud-connected security system goes live, get answers to these four questions:
1. What data leaves the building? Full video stream, metadata only, or event clips? There’s a significant bandwidth and compliance difference.
2. Where is it stored? AWS, Azure, proprietary data center? In what region? Under what data retention policy?
3. Who has access? The vendor? The integrator? The dealer? Sub-processors?
4. What happens if we cancel? Data portability and deletion policies are non-negotiable in regulated industries. Put these in writing before the first camera goes online.
Why Your Firewall Isn’t the Only Thing That Should Be Watching
Let’s talk bandwidth. Because that’s usually where IT first feels the pain.
Traditional on-premise camera systems generate local traffic — heavy on the LAN, invisible to the WAN. The moment you shift even a portion of that fleet to a cloud-connected model, you’re introducing sustained outbound video traffic. Depending on camera resolution and stream settings, a single 1080p camera can push anywhere from 1 to 4 Mbps continuously.
Scale that across even a modest deployment and you’re looking at 20 to 80 Mbps of dedicated outbound bandwidth. Not burst traffic. Sustained. For a branch office on a shared internet connection? That’s a real problem. For a campus environment where every building has its own network segment? That’s a planning conversation nobody has had yet.
And that’s before you factor in the latency sensitivity of real-time AI processing. If the cloud platform is making detection decisions based on a live video feed, any network degradation doesn’t just degrade the experience. It defeats the purpose of having real-time detection at all.
The AI only works if the pipe is clean. That’s IT’s problem to solve, even if IT wasn’t in the room when the contract was signed.
The ONVIF Promise Is Real
Here’s something the industry gets right: the shift toward ONVIF compatibility as a baseline standard has genuinely opened up the ecosystem. The fact that a cloud AI platform can ingest streams from cameras of any brand is a legitimate operational win. It removes the “full replacement” barrier and gives organizations a path to modernization that doesn’t require a capital budget.
But ONVIF is a communications standard. It tells you that the camera can talk to the platform. It tells you nothing about how that communication is secured.
Questions IT should be asking:
- Is the stream encrypted in transit? What protocol?
- Is the ONVIF authentication configured or is it sitting on default credentials?
- Does the cloud platform access the camera directly, or does traffic route through an on-premise gateway first?
- Is there mutual authentication between the camera and the cloud endpoint?
These aren’t exotic requirements. They’re table stakes for any cloud-connected device. But in the physical security world, where the culture has historically been “if the image shows up on screen, it works,” these questions often go unasked until something goes wrong.
Treat Every IP Camera Like an IoT Device
Your network segmentation strategy should include physical security devices. Put IP cameras on a dedicated VLAN with egress rules that only allow traffic to known, approved cloud endpoints. This limits blast radius if a camera is compromised, and gives you clean visibility into exactly how much bandwidth the security system is consuming. Bonus: it also makes the conversation with your CISO a lot easier when audit season rolls around.
The Pricing Model Changes the Risk Profile
One of the more interesting shifts on display at ISC West was the move toward per-camera, per-month subscription pricing for cloud AI security platforms. On the surface, this looks like an IT-friendly model. No large CapEx. Easy to scale up or down. Billed through the integrator.
But dig a little deeper, and the operational risk picture gets more complex.
When physical security is a CapEx purchase, it goes through procurement. Legal reviews the contract. IT gets looped in during the infrastructure assessment. There’s a process.
When it’s a $14.99/month/camera subscription managed through a dealer? It can live on an operations budget line. It can be started and stopped by a Facilities Manager without a PO. And it can scale incrementally without ever crossing the threshold that would trigger a formal IT review.
That incremental, low-friction adoption model is exactly what makes these platforms attractive to end-users. It’s also exactly what makes them a shadow IT risk.
This isn’t a hypothetical. It’s the same pattern that played out with file sharing (Dropbox), communications (Slack), and video conferencing (Zoom). All of which started as “just one department’s tool” before IT realized they’d become core infrastructure.
Physical security is next.
What “Hosted on AWS” Actually Means for Your Compliance Team
When a vendor says their platform is hosted on AWS, that’s meant to be reassuring. And in some ways, it is. AWS has robust infrastructure security, availability guarantees, and a mature compliance framework.
But “hosted on AWS” is not the same as “compliant with your industry regulations.”
AWS provides the infrastructure. The vendor builds the application on top of it. The vendor’s data handling policies are entirely their own responsibility. AWS’s SOC 2 certification does not automatically extend to the applications running on their infrastructure.
For IT Managers in healthcare, finance, education, or government. Industries where video footage of people on your premises can intersect with privacy regulations. “It’s on AWS” is the beginning of the compliance conversation, not the end of it.
Ask for the vendor’s own compliance documentation. For their data processing agreement. Discover whether video data is used to train AI models. And if so, whether you’ve consented to that, and whether your employees or visitors have.
These are not trick questions. They’re the questions that protect your organization.
The Integrator Is Not Your Compliance Officer
At ISC West, the dealer/integrator model for cloud security deployments was framed as a convenience. They handle billing, onboarding, and camera enrollment on behalf of the customer. That’s operationally helpful. But remember: the integrator’s contractual relationship is with the vendor, not your organization’s legal team. Your data processing agreement needs to be directly between your organization and the platform provider, regardless of how the billing flows. Don’t let the channel relationship create a compliance gap.
The Opportunity Hidden Inside the Problem
None of this is an argument against cloud AI in physical security. The capability is real, the value is real, and frankly, the technology is outpacing the governance frameworks that most enterprises have in place. Which is exactly why IT needs to be at the table now, before the deployment, not after.
The organizations that get this right will use the shift to cloud-connected security as an opportunity to finally bring physical security under the same IT governance umbrella as every other networked system. Unified device management. Proper network segmentation. Documented data flows. Vendor risk assessments.
The organizations that get this wrong will find out about their cloud-connected camera fleet the same way they found out about their shadow Dropbox accounts during an incident.
The choice, increasingly, belongs to IT.
The Bottom Line for IT and Network Admins
The camera on your ceiling is getting smarter. It’s getting a cloud account. It’s going to start generating sustained outbound traffic, processing video in a third-party data center, and sending push notifications to your Security team’s personal phones.
Whether IT is part of that story depends on the conversations you start having right now.
Show up to the physical security planning meeting. Ask the four questions in the Pro Tip above. Treat the camera fleet like the IoT network it already is. And make sure that when someone checks a box to move a camera to the cloud, your team knows before the first packet leaves the building.
Tim Albright is the founder of AVNation and is the driving force behind the AVNation network. He carries the InfoComm CTS, a B.S. from Greenville College and is pursuing an M.S. in Mass Communications from Southern Illinois University at Edwardsville. When not steering the AVNation ship, Tim has spent his career designing systems for churches both large and small, Fortune 500 companies, and education facilities.
- Tim Albright
- Tim Albright
- Tim Albright
- Tim Albright
