Is a Cloud-Based Video Surveillance System Secure?

Since the inception of the cloud, security concerns have been the biggest factor limiting its wider adoption. While apprehension has eased considerably over the past decade, these worries persist, and they are keeping many chief technology officers (CTOs) from migrating more of their enterprise processes to modern, cloud-based solutions.

A risk-averse approach is certainly understandable. It fits the old adage of “if it ain’t broke, don’t fix it.” But this mentality is not just slowing down cloud adoption, it is hindering companies with systems stuck in the past.

Video surveillance is one area where we are still seeing this in 2018. Organizations continue to employ outdated, unwieldy camera systems—simply because they are concerned that a modern solution will bring new, unfamiliar cybersecurity risks.

Are these fears justified? Can companies trust cloud-based surveillance cameras? Is a cloud-based video surveillance system secure?

Traditional Video System Security

To assess the security of cloud solutions, it first makes sense to look at the traditional options. In theory, a system that uses an air-gapped network video recorder (NVR) is the most secure option. But such an installation largely defeats the purpose of having a security camera system in the first place. If it is walled off from the network, the footage would not be accessible for remote viewing to anyone off-site required to respond to an incident in real time.

So, once you do make a system based on an NVR or digital video recorder (DVR) more usable, both the device itself and the attached CCTV security cameras become highly susceptible to hacking exploits. This helps explain why, in its benchmark 2018 Internet Security Threat Report (ISTR), Symantec ranked DVRs second on its list of vulnerable devices involved in the Internet of Things attacks against its honeypot last year. After an IT team configures its IP address for VPNs and opens ports to enable remote access to a wifi security camera, the NVR immediately becomes one of the most hackable devices in the entire network.

The biggest real-world implication is that IT teams often fall into a false sense of security. They know that an air-gapped NVR is foolproof, but they fail to recognize that introducing port forwarding to their surveillance infrastructure introduces some of the greatest risks to their camera system. This leads to longer-than-acceptable delays when it comes to updating firmware.

Cloud-Based Video System Security

With a cloud-based system, IT professionals are able to easily install hardware and software updates as soon as a vulnerability is identified. With increased vigilance and faster reaction times,the risk of physical and cyber attacks is ultimately reduced.

The ease of installing security patches fosters a culture of ongoing risk mitigation, rather than one that falls victim to a false promise of security, which vanishes once a camera system is configured to enable remote access.

Furthermore, today’s leading cloud-based IP cameras offer encrypted in transit and at-rest and additional security features like two-factor authentication and single sign-on, that enable the latest security standards. Whether video data is at rest or in transit, using modern standards for data encryption and network security ensures that video stored beyond the camera’s hard drive,is protected in the event that hackers ever manage to breach the system.

The Proactive Security Mindset

In wider-reaching terms, there is another key reason that cybersecurity concerns are falling. In the past, manufacturers and service providers offering cloud-based solutions largely left the end user to fend for themselves. Instead of a dedicated service team, end users would have to resort to third party support technicians or even web browser research to to resolve their issues. This is changing. There is a new attitude emerging from the mega-players (like Amazon and Google), to industry leaders in many sectors and even smaller providers offering niche products.

Kalev Leetaru, a data security expert who has served as a Google developer expert and a council member of the World Economic Forum’s Global Agenda Council on the Future of Government, has broken down this trend. He characterized the evolution as, “the growing emphasis cloud vendors are placing on helping businesses reimagine how they manage their data in a threatening world.”

Writing for Forbes, he welcomed a shift to companies becoming more proactive in their security support and offering more realistic insight to clients about the dangers inherent in any device connected to a network.

“Unlike the VPN castle defenses of past, in which companies surrounded their assets with extensive monitoring, but blindly trusted anyone that got inside, cloud vendors are pushing businesses towards their own ‘trust nothing’ model that better reflects the reality of the uncertain world in which we live,” wrote Leetaru.

Constant Vigilance to Threats

Whether it’s home security or enterprise level surveillance, nothing will ever be 100% impenetrable. Understanding that is half the battle. This mentality allows decision makers to properly gauge the actual risk that exists in their video surveillance system.

Compared to the alternatives, cloud-based video surveillance is now—at worst—on par with any other option on the market. And because it promotes easier firmware and security updates, offers high-level encryption for live streaming and stored footage, and encourages an overall culture of risk avoidance, it is proving to be a effective way to keep the cameras rolling and trust that the enterprise is as fortified as possible.

—

To learn more about cloud-based video security, check out our Cybersecurity for Video Surveillance Systems whitepaper.