This is the 5th and final part in our series on data security for enterprise video surveillance systems. See Part 4 on Encryption & Alerts.
This series is an adaptation of our free eBook on cyber security, which includes a Vendor Selection Worksheet, an extra feature that outlines key questions you should ask any video security provider before purchasing a system for your business.
Verkada’s Approach to Security Design
At Verkada, we’re on a mission to modernize the world of physical security. Our approach to video surveillance system design is different from what’s out there. As a result, we’re able to ship all of our systems with network security best practices enabled by default — with no special configuration required.
Verkada eliminates local servers and network video recorders (NVRs). Each camera stores video footage on industrial-grade, onboard storage. This footage is encrypted at rest via public key infrastructure (PKI), which prevents unauthorized access — even in the unlikely event that the camera itself falls into the wrong hands. For added redundancy, on-camera footage may optionally be backed up in encrypted cloud storage. Eliminating the NVR not only reduces the overall complexity and cost of ownership of the system, it also removes the single point of failure common to traditional systems.
HTTPS/SSL encryption comes enabled by default, meaning no additional configuration is required to protect video data when it’s in transit. And because each Verkada camera only communicates via outbound protocols and is automatically self-firewalled when it first connects to the network, our systems avoid the vulnerabilities associated with open ports.
When it comes to controlling access, Verkada makes it easy to manage access permissions across your organization. Quickly grant, edit or revoke access rights for any user — right from Verkada’s cloud software. You can also easily control accessibility by user, site and organization. Provision access for a set period of time with time-restricted access. For added protection against unauthorized user access,SSO/SAML and two-factor authentication are offered as standard options.
Finally, software updates and upgrades occur automatically, with security patches being rolled out in as little as 24 hours. This ensures the system is always running the latest software version.
Verkada System Design Highlights
No NVR or DVR
On-camera, industrial-grade solid-state storage
Regular, automated software updates
Redundant firmware banks for failsafe updates
Remove reliance on physical security of wiring and/or VLANs
Data Encryption
128-bit AES encryption + 2048-bit RSA encryption (two layer) + 256-bit SHA2 HMAC cryptographic integrity checking (to ensure that only authentic and authorized software is uploaded to the camera system)
Full HTTPS/SSL encryption
User Permissions & Access Controls
SAML/Single-Sign On integration
2-factor authentication
Granular controls for user, site and organization
Easily assign/revoke different permission roles
Time-restricted access sharing: automatically expire access after set time period
Detailed access audit logs
Monitoring & Alerts
Active system health monitoring
Tamper detection
Automated alerts
Subscription controls for managing alerts
Camera Hardware
Vandal resistant: IK08 for the Verkada D30 (indoor camera); IK10 for the Verkada D50 (outdoor camera)
