By Andre Fontana
Posted 14 October 2016 | 16:50 GMT
I’m sure by now everyone understands the basics of “The Cloud” since it has become ubiquitous with almost all business apps now offered or exclusively offered in the cloud. Who would have imagined just a few years ago that a company’s financial systems, ERP solutions and entire document management would be in the cloud? This same trend is disrupting the traditional video surveillance market, in particular for small businesses that can now access professional video surveillance systems in the cloud without having to manage onsite storage and video management hardware.
If you’ve been thinking about taking that next step and adding video surveillance to the long list of solutions you’re already using in the cloud, it’s important to be aware of some considerations as it relates to the privacy and security of your data.
SECURITY CONSIDERATIONS FOR CLOUD VIDEO SURVEILLANCE
I hear this all the time: “Okay. Cloud sounds great, but how do I know it’s secure?” This is a great (and fair) question. Ultimately, it’s up to the customer to feel comfortable with the cloud and ensure they are balancing their security needs with more practical considerations around cost and convenience. It’s all about risk management and the appropriate level of security required for your application. Here are some points to keep in mind if you consider using the cloud for video surveillance.
Is the device adequately secure? A bit of a paradox here, but when considering cloud security, you need to take a hard look at that local hardware device that’s sitting inside your own network before you even spend much time worrying about cloud security. That’s really where your security considerations begin. If you’re using the most secure cloud infrastructure ever built, but the endpoint IP camera or NVR hardware device is not properly configured or has security vulnerabilities, then that’s a potential source of risk.
Any time you are planning on accessing the device from the internet, you need to be sure you are taking a few basic precautions. The first one is to consider the hardware vendor. Do they have a good reputation? Do they regularly update their firmware? When was the last update? And of course when you configure the device for the first time, be sure you follow the vendor’s recommended best practices, keep the firmware current, choose a strong password, and any other recommendations they might have.
Find out your vendor’s definition of “cloud.” All clouds are not created equal. Even worse, it has become such a buzzword that the meaning of “cloud” is all over the map. So, check that you’re really being offered a cloud service, which means that cameras are managed, data is stored and the media infrastructure and value-added services are all managed from the cloud. I’ve seen many vendors market a cloud service that is simply a remote access to a local device, which has limited value.
If you have multiple sites you will still be managing connections back to each of these devices individually. Further, many of these internet connected NVRs or IP cameras are simply brokering connections into your network through a 3rd party P2P service.
Once you’ve determined that it is in fact a cloud service being offered and not just an internet-connected NVR or IP camera, then find out a bit about their cloud and data center. If they are using their own proprietary data center, you are immediately introducing risk in my view. Sure thing, there are clouds that nobody has ever heard of that are fantastically secure, but how do you know? If the cloud provider has built their solution on an Amazon, Microsoft or Google cloud then you can at least be assured the data center environment and general security is adequate.
As an example, the Amazon AWS data center has all achieved high levels of ISO and other compliance, and they are supporting some of the largest internet services in the world. In addition, the durability of their data storage environment is second to none, meaning their systems are designed specifically to limit the loss of data objects to tiny fractions of a percent per year. In addition, make sure your video data is “encrypted at rest”, meaning that once it’s stored in the cloud storage facility, it’s stored encrypted.
Bottom line, if you’re using a cloud solution built-on a first-class data center you’re going to realize a network and data management environment orders of magnitude better than any local storage you could construct on your own, using your own network resources and a low-cost network storage device.
Understand your connection from camera to cloud. This is a big one. It’s important to have a good understanding of how the device(s) on your local network is being accessed by the cloud. Generally speaking, there are three options.
1. No network configuration required
2. Network configuration required
3. The use of an on-site device or gateway.
Let’s ignore the third one since an on-premise gateway isn’t exactly a cloud solution. The no network configuration options are a bit more limited, but there are some good ones. For example, some camera vendors like Axis Communications offer an extremely robust solution for configuring a cloud camera that requires no network configuration. Known as Axis AVHS, it’s a great option for setting up a cloud surveillance system and, coming from Axis, it’s well built, reliable and well—just works.
Ask your cloud vendor if they support Axis AVHS, as it could be a great option. Other manufacturers have built-in a direct connection from their camera to the cloud, for example solutions from Nest and Amcrest, both are excellent but more targeted at the DIY end of the market. Beyond that, any “cloud solution” being offered by a vendor is likely a P2P solution, which involves using a separate P2P server that brokers a connection into your network down to the device. These type of connections tend to be not as reliable as the other options listed here, and are also a bit of a “black box” in terms of how the network interactions are happening, so research the options from your camera or cloud vendor since they do vary.
The other approach for managing a connection from camera to cloud is to simply configure your network to permit access to your device from the internet. Now before closing this article and running the other way, it’s important to understand that this is a completely legitimate and safe way to configure your cameras for the cloud, if proper steps are taken. The technical term for this approach is known as “port forwarding” and this isn’t meant as a technical port forwarding guide, but just a few tips when doing this.
First, pick a strong password for your device and ensure all available firmware updates are applied. This is the most common area of risk when opening a device to the internet. A recent CSID study showed that 61 percent of people use the same password on multiple sites. Don’t do that. Pick a unique password for this device, and follow strong password best practices.
In addition, ask your cloud provider for a list of IP addresses that would be used by the cloud service. Whitelist those IP addresses so that a very restricted list of servers are allowed to connect to your device. You take these two steps and work with your network or IT person, and this is a perfectly acceptable way to configure a cloud video surveillance system. It’s also reliable since there are no black box P2P connections or other network magic happening. It’s simply a trusted connection from a restricted list of cloud servers to your camera. The benefit is, once you do this you open up a huge list of cameras you can use for cloud surveillance.
Understand your connection from cloud-user. Now that you’ve setup a trusted connection from your camera to the cloud, your data is cozy in a secure cloud environment; the final consideration is understanding how the cloud provider makes that data available to the user, either through its web or mobile apps.
At this point, the cloud provider has all the video and user data under their control and there’s no dependency on camera hardware. Therefore, there’s no reason that all the traffic from the cloud servers to your web browser or mobile app shouldn’t be strongly authenticated with your username and password and encrypted in transit using TLS. This includes standard web traffic and the video streams being reviewed and played back over the apps.
Security concerns should not be any reason for avoiding cloud video surveillance options for your small business. By taking some sensible precautions and configuring your surveillance system correctly, you can get good, and often times better, security than a local storage solution.
There might be, of course, other reasons for not using cloud video surveillance. For example lack of adequate bandwidth could be an obvious one. Cloud surveillance doesn’t work without internet. If you decide to investigate cloud video surveillance options, make sure to do your homework, pick a great camera and a reputable cloud provider. Then you’ll be on your way to enjoying the benefits of a cloudbased system.
For more information: https://securitytoday.com/
Article link: https://securitytoday.com/Articles/2016/09/01/Where-the-Cloud-Meets-Video-Surveillance.aspx?Page=4
Security Today is a leading industry media brand that provides new product and technology solutions for security professionals. Our digital, print, custom media and research products integrate physical and IT security coverage and provide the smartest, most cost-effective solutions for reaching security decision makers. Timely webinars inform industry professionals on the latest security topics.