The rise in frequency of high profile NVR hacks, artificial intelligence, big data, and changing regulations are repositioning the role of video surveillance and security systems within businesses and organizations.
Trends are shifting toward more secure hybrid cloud solutions with an emphasis on intelligent security software that can quickly help surface relevant and actionable information.
NVR, DVR and IP Security Flaws
In the past year alone, hundreds of thousands of NVR, DVR, and IP surveillance cameras have been hacked through a series of security vulnerabilities. Vulnerable business security cameras come from a plethora of brands including Dahua, EYEsurv, Huawei, Dasan, Novo, CeNova, QSee, Pulnix, Night OWL, and Hikvision IP — just to name a few.
To understand how vast the problem is, you can check sites such as insecam, this map of exploited Hikvision IP cameras, or run queries on Shodan, like the ones in this article from May, which surfaced over 65,000 vulnerable DVRs readily available online with just two searches.
Security flaws introduced by wireless cameras and wireless security infrastructure range from issues such as default passwords, to outdated firmware, open ports, and more. Even air-gapped CCTV systems are no longer safe.
This is where hybrid cloud solutions step in as the clear solution for commercial indoor and outdoor security, offering encrypted in transit and at-rest for data at rest and in transit.
Cloud vs. Hybrid Cloud Video Storage
Cloud security cameras are subject to single-points-of-failure in the event of network outages. In a recent incident, Arlo, a leading provider of home security cameras, suffered widespread outages that prevented many users from accessing their cloud-based security cameras.
A hybrid cloud solution, however, provides the ability to store HD video footage on both the onboard storage within the camera, as well as in the cloud. Leading hybrid cloud surveillance solutions can offer up to 120 days of in-unit stored footage.
With this added backup source of recording, there’s no single point of failure; the fear of losing footage in the event that an NVR/DVR is damaged, or the internet goes down, is eliminated.
Verkada’s hybrid cloud solution specifically closes the gaps traditionally found in NVR/DVR/IP solutions, and takes serious precautions to lower the chance of a data breach. Each individual Verkada camera is PoE, with RSA and AES data encryption, and HTTPS/SSL encryption when in transit and at rest for encrypted in transit and at-rest. Each camera is associated with a unique RSA key pair, and the cameras are issued the public key, which they use to encrypt video. The private key is encrypted with AWS KMS before being stored on Verkada’s servers. Cameras make only secure HTTPS outbound connections (via Port 443), and the likelihood of human error creating a security gap is low because there are no open ports, port forwarding, or related hassles.
Total Cost of Ownership
Rather than a hefty installation process (operating system software, setting up and maintaining storage servers, configuring cameras, configuring routers), up-front capital expenditures and unpredictable ongoing support expenses (broken hardware, end-of-life servers), hybrid cloud solutions have a predictable recurring cost, which is incurred only for what you need and use.
“Verkada is perfect for any multi-site location looking to scale.”– Garth Gilmour, CEO at QOVO Solutions
The cost of Verkada’s video surveillance systems is broken down into two items: the cameras and an access command license for each camera. Expanding the system with your growing business is as simple as purchasing more cameras and licenses. The more cameras you add to your system, the less expensive the system becomes to purchase and maintain, compared to a traditional NVR/DVR solution which often has a quantity cap on the amount of bullet or dome cameras one can install.
Example: 100 Cameras (60 indoor, 40 outdoor) for 3 years
*Assumes maintenance cost of $75 per hour.
Example: 1000 Cameras (600 indoor, 400 outdoor) for 3 years
*Assumes maintenance cost of $75 per hour.
Many commercial industries are subject to standard regulations in business security that make the storing of video footage either prudent (OSHA) or mandatory (PCI) for compliance purposes. However, these industry regulations change, as do the laws and standards governing data storage, use and retention. Leveraging a hybrid cloud solution is a simple, scalable way to ensure that your company can easily remain compliant in terms of encryption, retention, and access.
With a hybrid cloud solution, the burden of staying compliant is partially offloaded to your security vendor. The vendor becomes responsible for making sure the system stays aligned with security, storage and accessibility standards (such as HIPAA, PCI compliance and the latest vulnerabilities). Any need to start retaining footage for longer periods of time can easily be met with a single phone call to your vendor and a low-cost increase to your license agreement.
Ensuring that you don’t have a single point of failure (such as an NVR or DVR) is another important consideration for maintaining compliance. Hybrid cloud solutions are redundant, offering a quick and easy way to mitigate the risk of lost data by storing information both on each individual camera and in the cloud.
For commercial businesses operating at scale, some camera feeds may be subject to a higher level of scrutiny than others. Having options for full footage redundancy on a per-camera basis can help with cost savings and bandwidth, ensuring expenses never exceed what is actually needed for your business security.
One of the hardest things for a commercial enterprise can be establishing, maintaining, and updating SOPs and related training. Verkada’s commercial hybrid cloud security solution is supported by a simple-to-use app that provides 24/7 access to any authorized user via SAML or two-factor authentication — allowing them to view live feeds and stored footage, securely.
Within the app, users have access to a centralized command platform where they can view all the cameras and locations they are authorized for. This makes it easy to spot-check operations on a production floor, share out examples of a manufacturing process, and grab live examples of do’s and don’ts for training.
Likewise, project managers can remotely check in on the progress of ongoing construction, regional managers can see how busy different locations are, or even send a manager live feed of an active issue for resolution.
The next wave of commercial security advancements focus on how to make the vast amounts of data collected by surveillance systems more useful and actionable. With a cloud-supported solution, commercial businesses get the added benefit of ongoing improvements to the security software and app — including new features and functionality to the platform over time.
In the short term, using apps such as Verkada’s, makes it possible to quickly sift through thousands of hours of footage for actionable information and/or analytics, and then easily share that information (e.g.,attaching video to an incident report or insurance claim). With Verkada’s motion search and analytics, you can even gain insight into things such as how often a particular conference room or space is in use, and then use that information for effective cost cutting or space planning.
Intelligent security software can be configured with custom triggers that proactively send a notification when there’s motion in a specific area of a camera frame. For example, a compliance officer could set up an alert to be notified whenever motion occurs where OSHA-required signage is hung, and instantly know whether the signage was moved or changed.
As the industry advances, artificial intelligence innovations including proactive alerts and the use of facial recognition will become a standard part of cloud-based applications and surveillance systems. Cameras of such systems will have the ability to recognize when unusual events, like a robbery or a fire, take place.
Future functionality, as described by Verkada’s CEO, includes using the “accelerometers on every camera we can to also detect when an earthquake happens, and then take action on that data” (for example issuing alerts that trigger corporate Disaster Recovery or Business Continuity Plans).
Alternatively, “imagine an office that’s closed for a holiday and a pipe bursts — our cameras should treat this as any other incident, notifying the on their smartphone app, so they can take action” even while off site or on holiday.
Businesses that make the jump to hybrid cloud solutions today will have the benefit of immediate security improvements and cost savings. In the long-term, these organizations will also benefit from ongoing improvements, continuous security updates, and new product features and capabilities that meet all business security needs.