Where the Cloud Meets Video Surveillance

Where the Cloud Meets Video Surveillance

Ready to take the next step about cloud-based surveillance, here are some considerations

I’m sure by now everyone understands the basics of “The Cloud” since it has become ubiquitous with almost all business apps now offered or exclusively offered in the cloud. Who would have imagined just a few years ago that a company’s financial systems, ERP solutions and entire document management would be in the cloud? This same trend is disrupting the traditional video surveillance market, in particular for small businesses that can now access professional video surveillance systems in the cloud without having to manage onsite storage and video management hardware.

If you’ve been thinking about taking that next step and adding video surveillance to the long list of solutions you’re already using in the cloud, it’s important to be aware of some considerations as it relates to the privacy and security of your data.

SECURITY CONSIDERATIONS FOR CLOUD VIDEO SURVEILLANCE

I hear this all the time: “Okay. Cloud sounds great, but how do I know it’s secure?” This is a great (and fair) question. Ultimately, it’s up to the customer to feel comfortable with the cloud and ensure they are balancing their security needs with more practical considerations around cost and convenience. It’s all about risk management and the appropriate level of security required for your application. Here are some points to keep in mind if you consider using the cloud for video surveillance.

Is the device adequately secure? A bit of a paradox here, but when considering cloud security, you need to take a hard look at that local hardware device that’s sitting inside your own network before you even spend much time worrying about cloud security. That’s really where your security considerations begin. If you’re using the most secure cloud infrastructure ever built, but the endpoint IP camera or NVR hardware device is not properly configured or has security vulnerabilities, then that’s a potential source of risk.

Any time you are planning on accessing the device from the internet, you need to be sure you are taking a few basic precautions. The first one is to consider the hardware vendor. Do they have a good reputation? Do they regularly update their firmware? When was the last update? And of course when you configure the device for the first time, be sure you follow the vendor’s recommended best practices, keep the firmware current, choose a strong password, and any other recommendations they might have.

Find out your vendor’s definition of “cloud.” All clouds are not created equal. Even worse, it has become such a buzzword that the meaning of “cloud” is all over the map. So, check that you’re really being offered a cloud service, which means that cameras are managed, data is stored and the media infrastructure and value-added services are all managed from the cloud. I’ve seen many vendors market a cloud service that is simply a remote access to a local device, which has limited value.

If you have multiple sites you will still be managing connections back to each of these devices individually. Further, many of these internet connected NVRs or IP cameras are simply brokering connections into your network through a 3rd party P2P service.

Once you’ve determined that it is in fact a cloud service being offered and not just an internet-connected NVR or IP camera, then find out a bit about their cloud and data center. If they are using their own proprietary data center, you are immediately introducing risk in my view. Sure thing, there are clouds that nobody has ever heard of that are fantastically secure, but how do you know? If the cloud provider has built their solution on an Amazon, Microsoft or Google cloud then you can at least be assured the data center environment and general security is adequate.

As an example, the Amazon AWS data center has all achieved high levels of ISO and other compliance, and they are supporting some of the largest internet services in the world. In addition, the durability of their data storage environment is second to none, meaning their systems are designed specifically to limit the loss of data objects to tiny fractions of a percent per year. In addition, make sure your video data is “encrypted at rest”, meaning that once it’s stored in the cloud storage facility, it’s stored encrypted.

Bottom line, if you’re using a cloud solution built-on a first-class data center you’re going to realize a network and data management environment orders of magnitude better than any local storage you could construct on your own, using your own network resources and a low-cost network storage device.

Understand your connection from camera to cloud. This is a big one. It’s important to have a good understanding of how the device(s) on your local network is being accessed by the cloud. Generally speaking, there are three options.

  1. No network configuration required
  2. Network configuration required
  3. The use of an on-site device or gateway.

Let’s ignore the third one since an on-premise gateway isn’t exactly a cloud solution. The no network configuration options are a bit more limited, but there are some good ones. For example, some camera vendors like Axis Communications offer an extremely robust solution for configuring a cloud camera that requires no network configuration. Known as Axis AVHS, it’s a great option for setting up a cloud surveillance system and, coming from Axis, it’s well built, reliable and well—just works.

Ask your cloud vendor if they support Axis AVHS, as it could be a great option. Other manufacturers have built-in a direct connection from their camera to the cloud, for example solutions from Nest and Amcrest, both are excellent but more targeted at the DIY end of the market. Beyond that, any “cloud solution” being offered by a vendor is likely a P2P solution, which involves using a separate P2P server that brokers a connection into your network down to the device. These type of connections tend to be not as reliable as the other options listed here, and are also a bit of a “black box” in terms of how the network interactions are happening, so research the options from your camera or cloud vendor since they do vary.

The other approach for managing a connection from camera to cloud is to simply configure your network to permit access to your device from the internet. Now before closing this article and running the other way, it’s important to understand that this is a completely legitimate and safe way to configure your cameras for the cloud, if proper steps are taken. The technical term for this approach is known as “port forwarding” and this isn’t meant as a technical port forwarding guide, but just a few tips when doing this.

First, pick a strong password for your device and ensure all available firmware updates are applied. This is the most common area of risk when opening a device to the internet. A recent CSID study showed that 61 percent of people use the same password on multiple sites. Don’t do that. Pick a unique password for this device, and follow strong password best practices.

In addition, ask your cloud provider for a list of IP addresses that would be used by the cloud service. Whitelist those IP addresses so that a very restricted list of servers are allowed to connect to your device. You take these two steps and work with your network or IT person, and this is a perfectly acceptable way to configure a cloud video surveillance system. It’s also reliable since there are no black box P2P connections or other network magic happening. It’s simply a trusted connection from a restricted list of cloud servers to your camera. The benefit is, once you do this you open up a huge list of cameras you can use for cloud surveillance.

Understand your connection from cloud-user. Now that you’ve setup a trusted connection from your camera to the cloud, your data is cozy in a secure cloud environment; the final consideration is understanding how the cloud provider makes that data available to the user, either through its web or mobile apps.

At this point, the cloud provider has all the video and user data under their control and there’s no dependency on camera hardware. Therefore, there’s no reason that all the traffic from the cloud servers to your web browser or mobile app shouldn’t be strongly authenticated with your username and password and encrypted in transit using TLS. This includes standard web traffic and the video streams being reviewed and played back over the apps.

THE BOTTOM-LINE

Security concerns should not be any reason for avoiding cloud video surveillance options for your small business. By taking some sensible precautions and configuring your surveillance system correctly, you can get good, and often times better, security than a local storage solution.

There might be, of course, other reasons for not using cloud video surveillance. For example lack of adequate bandwidth could be an obvious one. Cloud surveillance doesn’t work without internet. If you decide to investigate cloud video surveillance options, make sure to do your homework, pick a great camera and a reputable cloud provider. Then you’ll be on your way to enjoying the benefits of a cloudbased system.

This article originally appeared in the September 2016 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3