Cyber Security Archives - Verkada

5 Video Camera Market Predictions for 2019

As we move through the beginning of another year, it is also great time to look forward at what’s to come in the wider industry landscape. To break down the biggest trends looming over the horizon, the following represent five video camera market predictions for the year ahead.

1. Cloud Migration

As with many technologies, video cameras have been moving to the cloud. However, the uptake has lagged the capability in some respects over the past few years—often due to largely unfounded fears about cyber security.

This anxiety is starting to dissipate. End users are realizing that the benefits are too great to postpone, and IT departments are increasingly looking toward cloud-based and hybrid cloud systems.

Outside of the enterprise space, more consumers are installing cloud-enabled video cameras in their homes. Many leading manufacturers are embracing cloud-first operations, a development that will only create more expectations for this method of storage and connectivity.

BIS Research predicts that the global video surveillance market will expand at a compound annual growth rate (CAGR) of 16.14% through 2023 and sees economic factors continuing to push the industry toward cloud-based systems. “The reduction in the cost of cloud storage solution has surfaced as a key opportunity for service players in the video surveillance market,” stated the research firm in its December Global Video Surveillance Market report.

Technological innovations are also driving migration. Two of the major drawbacks of cloud security cameras include bandwidth limitations and internet disruptions. Verkada’s cameras, however, record footage directly onto their solid state storage and then send metadata to the cloud in a way that can help optimize and lower the bandwidth footprint of each camera to as low as 5kbp/s in their steady state. This enables Verkada systems to function well, even in areas where limited internet connectivity prevents IP cameras from other manufacturers from operating. On-camera storage also means that Verkada cameras continue to record in the event of a network outage—providing cloud camera benefits without the typical drawbacks.

Other manufacturers have been moving to newer codecs to save on bandwidth needs. “Known as High Efficiency Video Coding (HEVC), H.265 can encode video files twice as efficiently, at a lower bitrate, than its predecessor,” states IFSEC Global in its Video Surveillance Report 2018. “Slashing bandwidth and storage consumption by about 50%, it’s a vital step forward given growing storage demands.”

2. Simplified Video Security Infrastructure

IT teams are being asked to manage more Internet of Things (IoT) devices and machine-to-machine (M2M) connections. According to Cisco, this trend is merely beginning. It projects that M2M connections will grow by 19.6% per year through 2022.

“A growing number of M2M applications, such as smart meters, video surveillance, healthcare monitoring, transportation, and package or asset tracking, are contributing in a major way to the growth of devices and connections,” states Cisco’s latest Visual Networking Index. “By 2022, M2M connections will be 51% of the total devices and connections.”

To stay on top of the growing workload, infrastructure simplification is critical. For similar reasons, companies no longer want to devote significant time and resources to running a massive video surveillance installation. Plug-and-play solutions have become the new mantra. Simply put, this is now what clients expect from providers.

This wasn’t always possible. In the past, complex setups once relied on a network video recorder (NVR) or digital video recorder (DVR) that served as a central hub that connected an array of cameras to on-site monitors and the wider network. Such systems were inherently complicated with many moving parts.

But hybrid cloud solutions, as well as other quick-to-implement and easy-to-operate options, have changed the marketplace for the better. It means users have more alternatives and legacy manufacturers are being forced to evolve. They recognize that they must deploy more-user-friendly operations or watch their clients sign a contract with someone who can.

These same market forces are also pushing companies to roll out better UI platforms. As we have seen with software-as-a-service (SaaS) models, simplification is also the goal here. In 2019 and beyond, expect camera software to start becoming more intuitive.

Not only will this make system operation more manageable, but it will also cut down on training costs and cause less disruption due to IT department employee turnover.

3. More Intelligent Cameras

The coming year will witness the introduction of smarter camera applications. It has been several years since motion detection became widespread, and we will see a similar expansion of intelligent capabilities in 2019.

This has already been occurring in the mass consumer markets. In an ongoing battle to outperform each other, mobile phone manufacturers have been unveiling advances in terms of facial recognition, augmented reality and other cognitive technologies. New consumer drones have also introduced sophisticated tracking capabilities. As we are seeing in other areas, features like these, potentially including weapon detection and sensors that can detect depth in three dimensions, will start to become more visible in the enterprise security space as well.

Such innovations mean that those in the security space will be demanding more—and soon. Increasingly, end users will insist that their eyes in the sky have the intelligence to match. The more that cameras can analyze the footage they record, the less oversight will be needed to monitor for common events.

This will further extend to more robust artificial intelligence and analytics capabilities as well, according to Scott Schafer, Chairman of the Security Industry Association (SIA).

“Today, modern physical security solutions are comprised of IoT devices and sensors that generate high volumes of security data,” said Schafer in a recent SIA report. “Applying analytics and artificial intelligence systems makes this data more actionable and increases responsiveness for security systems users.”

4. Cybersecurity Risks Continue to Mount

Cybersecurity remains a constant threat, and the financial impact only continues to grow. The Ponemon Institute 2018 Cost of a Data Breach Study found that the average cost of a data breach across the world last year was a staggering $3.86 million, representing a 6.4% jump from firm’s findings in 2017.

The video security industry is not immune. Like many other firms, companies in the sector face daunting challenges to safeguard networks and devices from attacks.

But the stakes are likely to get even higher in 2019. In addition to malicious actors seeking illicit financial gains, state-sponsored exploits are becoming ever more common. The Chinese government, for example, was reportedly the mastermind behind the data breach that exposed the personal information of some 500 million clients of hotel giant Marriott, according to the New York Times.

Just Security, the digital publication of the Reiss Center on Law and Security at New York University School of Law, has highlighted the severity of this incident. “The 2018 Marriott hack should be a wake-up call for Western countries, corporations, and citizens that soft cyber targets face a new threat from powerful cyber actors, with stakes which may be bigger than we or even those launching these attacks are yet able to realize,” wrote expert contributors Joshua Geltzer and Bryan Jones. “The result of such threats is that the private sector is now on the front lines of national security interests, with data vulnerabilities exposing risks beyond simple identity theft.”

Such developments will continue to be of concern to organizations, which have seen surveillance-specific exploits hit camera manufacturers including Hikvision and other Chinese brands. The last thing any company wants is to become known for having sensitive footage leaked to the public.

Given the danger that is now coming from all sides, expect both industry providers and clients to put an increasing focus on cybersecurity over the next 12 months.

5. Continued Market Disruption

The marketplace for video cameras and related surveillance solutions is fragmented. Consolidation means that some of the bigger industry players now control a larger percentage of the industry than they previously did. But many startups have also entered—and disrupted—the space.

The big three providers do now account for 40% of the market, according to IHS Markit, but two of those were not even among the top 10 as recently as 2005. Moreover, “there are still hundreds of relatively small video surveillance equipment vendors, many of them with a market share much lower than 1%.”

Given these dynamics, some consolidation is to be expected in 2019. But the research firm stated in its annual trend report that it does not foresee “a spree of large-scale mergers and acquisitions” to come any time soon.

Instead, IHS Markit predicts that “there will be more new entrants in 2019” and that “perhaps some of them will be among the market leaders of the future.”

Trends to Watch

Despite all the innovations so far, the cloud and smart technologies are only just now really upending the industry. This and increasingly sophisticated devices mean that it is easier than ever to implement simplified systems as well. And as cybersecurity challenges and startup mojo continue to alter end-user expectations, the entire landscape may start to look very different by the time 2020 rolls around.

For a deeper look at this topic, check out one of Verkada’s latest video security eBooks: The Future of Enterprise Surveillance.

The Era of Convergence: Why IT Wants to Standardize Video Security

IT departments are stretched to the limit. According to Forrester Research, this unfortunate reality is among the reasons that half of all digital transformation efforts stalled in 2018. To confront the challenge, enterprises are responding by getting real about IT infrastructure—including their video security solutions.

The Cambridge, Massachusetts-based research firm has predicted that 2019 will be the year when “transformation goes pragmatic.” As more and more customer experience overhauls, data revolutions and other high-minded digital initiatives run into headwinds, IT departments will begin to increasingly look for quick wins and easy-to-implement efficiency improvements.

In short, 2019 will be a year when high-ranking IT executives prioritize a “sense of realism, practical steps, a desire for tangible outcomes,” writes Carrie Johnson, chief research officer at Forrester Research.

Convergence and Video Security

It is no surprise that this trend neatly overlaps with the convergence movement. Across the board, IT is looking to consolidate disparate processes and operations. And video security is one critical area where the benefits of standardization are gaining momentum.

Josh Woodhouse, senior analyst of video security at IHS Markit, broke down the trend recently in an analysis that centers on the push to align information and communications technology (ICT) infrastructure and video security.

“Cloud architectures are being adopted to enable data to be shared more easily and across much larger, more complex networks,” states Woodhouse. “All these new transformational technologies are changing not only the video security portfolios, but also the rules of the game.”

This move toward convergence is bringing change to traditional video security business models. They are now being influenced by wider ICT industry trends, says Woodhouse, as analytics and “as-a-service” concepts take on a larger role in the ecosystem. Such opportunities have enticed more players into the market. This gives end users more choice than ever as they look for a solution to meet their needs.

“The video security market is becoming increasingly intertwined with other industries,” writes Woodhouse. “Where there were once dedicated security distributors and integrators, now there are ICT and telecoms suppliers competing for business.”

Fearing Vulnerabilities

At the same time, cybersecurity is becoming a bigger risk. Data breaches continue to be expensive and reputation-damaging propositions. And avoiding infiltration by malicious actors is a daily function of  IT departments.

In some cases, enterprises can leave themselves more vulnerable when employees across different departments enable new cloud-enabled solutions, without IT approval. While there have been fantastic reports—like the connected fish tank that helped hack a casino—many are much more run of the mill, and these breaches are likely to proliferate as IT resources continue to be stretched thinner across multiple departments.

This is yet another reason that industry leaders are seeking standardize and simplify every technology that they can. This includes video security, an area that can become full of security holes when outdated, traditional systems are used.

Getting Results by Getting Practical

The takeaway for all enterprises that use video cameras is clear. More than anything in 2019 and beyond, as tangible results move to the forefront, IT departments need to make sure that their surveillance solution can work seamlessly in conjunction with the rest of their systems.

Standardization and simplification are now the name of the game. And above all, with more demands and fewer resources available, technology professionals must ensure that their video security is easy to implement, easy to use, easy to maintain, and easy to scale.

For more information about advanced video security, built for the future of IT, request a demo of Verkada’s simple, scalable and secure solutions.

Why Your NVR Is Probably Less Secure than a Hybrid Cloud Video Surveillance Solution

Video security systems have traditionally relied on a network video recorder (NVR) to capture footage. These devices, which serve as a central hub connecting an array of cameras, have long been billed as a highly secure system.

Although this reputation persists, it is largely unearned. NVRs, as well as digital video recorders (DVRs), are now routinely attacked and fail to provide anything close to the level of protection most IT professionals expect.

The “secure NVR” myth comes from the fact that an actual, air-gapped NVR is indeed incredibly secure. But this is less a function of specific equipment capabilities and more due to the fact that almost any device that is cut off from the wider network will be challenging for hackers to exploit.

NVRs: Only Secure in Theory

Unfortunately, few enterprises use NVRs in this manner. Most modern companies will want to have remote access to their footage. Whether for monitoring in real time at a central location or simply transferring archives of individual incidents, this is usually a must-have feature.

Some very small organizations may just want a single screen, or cluster of screens, for on-site viewing. But, by and large, even most small businesses—and especially larger corporations with multiple locations—will want a way to access what is being captured off site.

As soon as an NVR is connected to a network, vulnerabilities are introduced. Doing so requires opening or forwarding ports not to mention establishing a VPN, which are exploited by hackers all the time.

Attacks Are Common

In recent years, we have seen a trend of hackers targeting video cameras and NVRs. A NUUO brand NVR was targeted by the Reaper IoT Botnet in 2017, for example, and the exploit reportedly opened up the system’s cameras to similar botnet attacks.

This year, security research firm Tenable also found an exploit called Peekaboo that could affect the company’s NVRMini2 model. “Once exploited, Peekaboo would give cybercriminals access to the control management system, exposing the credentials for all connected video surveillance cameras,” wrote Tenable. “Using root access on the NVRMini2 device, cybercriminals could disconnect the live feeds and tamper with security footage.”

Disconcertingly, it isn’t just NVRs. Video cameras from certain manufacturers have proven unreliable as well. The U.S. Senate deemed the risk significant enough that it barred the federal government from using cameras from manufacturers Hikvision, Dahua and Hytera Technologies.

As codified in the 2019 National Defense Authorization Act, agencies are now prohibited from buying any surveillance equipment from these brands for the sake of “public safety, security of government facilities, physical security surveillance of critical infrastructure and other national security purposes.”

Poor Vigilance, Slow Updates

The confusion between reputation and reality is another key reason that NVRs can actually be less secure than other options. Many veteran IT workers who may have started working with video surveillance decades ago have fallen for the this security fallacy. Consequently, they don’t practice the same level of vigilance that they would when working with a modern, cloud-based surveillance solution.

Less vigilance leads to slower reaction times. Blinded by this false sense of security, operators tend to be lax about detecting vulnerabilities and installing critical firmware updates.

In practice, this typically makes the alternative much more secure. Most IT departments have moved on from the notion that anything connected to the internet will ever be 100% secure. Instead, they recognize that some level of risk will always exist, prioritize quick reaction times to mitigate known exposures and continually look for new vulnerabilities.

Hybrid Cloud Advantages

While the traditional NVR option is falling out of favor among today’s security pros, for more than just security reasons, there are other options. Cloud-based alternatives, while once held back by security fears, are now being seen as having several differentiating advantages.

Learn more about hybrid cloud video surveillance in our next webinar

In the case of Verkada, for example, the company provides ongoing support for clients with its team of security experts and constant penetration testing. Given everything the company has at stake, it is much more likely to stay on top of vulnerabilities than any single organization’s IT team.

Moreover, Verkada’s cloud-based cameras use advanced, end-to-end encryption—at rest and in transit. Transport security is provided by TLS 1.2. As for stored video, each camera is associated with a unique RSA keypair. The cameras are issued a public key, which they use to encrypt video and the private key is encrypted with AWS KMS before being stored.

These cameras and have outbound-only connections, drastically reducing the possibility of any unauthorized users accessing the network. Video security solutions that are built with security in mind from the ground up, have significant advantages over NVRs.

When you put it all together, the rationale for using hybrid cloud systems becomes clear. While the public relations for NVRs can talk a good game, they ultimately cannot live up to their reputation.

For additional information about this topic, check out our latest eBook, How to Choose the Right Video Security System for your Organization.

Is a Cloud-Based Video Surveillance System Secure?

Since the inception of the cloud, security concerns have been the biggest factor limiting its wider adoption. While apprehension has eased considerably over the past decade, these worries persist, and they are keeping many chief technology officers (CTOs) from migrating more of their enterprise processes to modern, cloud-based solutions.

A risk-averse approach is certainly understandable. It fits the old adage of “if it ain’t broke, don’t fix it.” But this mentality is not just slowing down cloud adoption, it is hindering companies with systems stuck in the past.

Video surveillance is one area where we are still seeing this in 2018. Organizations continue to employ outdated, unwieldy camera systems—simply because they are concerned that a modern solution will bring new, unfamiliar cybersecurity risks.

Are these fears justified? Can companies trust cloud-based surveillance cameras? Is a cloud-based video surveillance system secure?

Traditional Video System Security

To assess the security of cloud solutions, it first makes sense to look at the traditional options. In theory, a system that uses an air-gapped network video recorder (NVR) is the most secure option. But such an installation largely defeats the purpose of having a security camera system in the first place. If it is walled off from the network, the footage would not be accessible for remote viewing to anyone off-site required to respond to an incident in real time.

So, once you do make a system based on an NVR or digital video recorder (DVR) more usable, both the device itself and the attached CCTV security cameras become highly susceptible to hacking exploits. This helps explain why, in its benchmark 2018 Internet Security Threat Report (ISTR), Symantec ranked DVRs second on its list of vulnerable devices involved in the Internet of Things attacks against its honeypot last year. After an IT team configures its IP address for VPNs and opens ports to enable remote access to a wifi security camera, the NVR immediately becomes one of the most hackable devices in the entire network.

The biggest real-world implication is that IT teams often fall into a false sense of security. They know that an air-gapped NVR is foolproof, but they fail to recognize that introducing port forwarding to their surveillance infrastructure introduces some of the greatest risks to their camera system. This leads to longer-than-acceptable delays when it comes to updating firmware.

Cloud-Based Video System Security

With a cloud-based system, IT professionals are able to easily install hardware and software updates as soon as a vulnerability is identified. With increased vigilance and faster reaction times,the risk of physical and cyber attacks is ultimately reduced.

The ease of installing security patches fosters a culture of ongoing risk mitigation, rather than one that falls victim to a false promise of security, which vanishes once a camera system is configured to enable remote access.

Furthermore, today’s leading cloud-based IP cameras offer end-to-end encryption and additional security features like two-factor authentication and single sign-on, that enable the latest security standards. Whether video data is at rest or in transit, using modern standards for data encryption and network security ensures that video stored beyond the camera’s hard drive,is protected in the event that hackers ever manage to breach the system.

The Proactive Security Mindset

In wider-reaching terms, there is another key reason that cybersecurity concerns are falling. In the past, manufacturers and service providers offering cloud-based solutions largely left the end user to fend for themselves. Instead of a dedicated service team, end users would have to resort to third party support technicians or even web browser research to to resolve their issues. This is changing. There is a new attitude emerging from the mega-players (like Amazon and Google), to industry leaders in many sectors and even smaller providers offering niche products.

Kalev Leetaru, a data security expert who has served as a Google developer expert and a council member of the World Economic Forum’s Global Agenda Council on the Future of Government, has broken down this trend. He characterized the evolution as, “the growing emphasis cloud vendors are placing on helping businesses reimagine how they manage their data in a threatening world.”

Writing for Forbes, he welcomed a shift to companies becoming more proactive in their security support and offering more realistic insight to clients about the dangers inherent in any device connected to a network.

“Unlike the VPN castle defenses of past, in which companies surrounded their assets with extensive monitoring, but blindly trusted anyone that got inside, cloud vendors are pushing businesses towards their own ‘trust nothing’ model that better reflects the reality of the uncertain world in which we live,” wrote Leetaru.

Constant Vigilance to Threats

Whether it’s home security or enterprise level surveillance, nothing will ever be 100% impenetrable. Understanding that is half the battle. This mentality allows decision makers to properly gauge the actual risk that exists in their video surveillance system.

Compared to the alternatives, cloud-based video surveillance is now—at worst—on par with any other option on the market. And because it promotes easier firmware and security updates, offers high-level encryption for live streaming and stored footage, and encourages an overall culture of risk avoidance, it is proving to be a effective way to keep the cameras rolling and trust that the enterprise is as fortified as possible.

To learn more about cloud-based video security, check out our Cybersecurity for Video Surveillance Systems whitepaper.

What to Ask Before You Buy: Security Vendor Evaluation Checklist

Each type of video surveillance system architecture presents different security risks. With this in mind, it is important to find a vendor that prioritizes security appropriately from the ground up.

When evaluating a video security vendor, use these questions to better understand the protocols and best practices that underpin their recommended system. These questions are intended for reference only. Be sure to consult with your company’s physical and IT security teams before selecting a security system partner.

By taking an innovative approach and working with vendors that deliver simple, secure solutions, you can be confident that the system you adopt will scale with your evolving business needs.

To learn more about selecting the right vendor and solution, check out our latest eBook: How to Choose the Right Video Security System for Your Organization.

How Security Buyers and Vendors Can Create an Effective Partnership

Two Persons Hand Shake

Security buyers and sellers need each other. But when both parties don’t approach the relationship in the right way, it can become problematic. Buyers aren’t sure what solutions are right for their business. Vendors have the challenge of helping buyers understand their products, without scaring them off.

Filip Kaliszan, Co-Founder and CEO of Verkada, recently shared his insights on this topic in a CISO Security Vendor Relationship webinar. Here’s a quick look at some of the highlights.

What makes buying and selling security products so difficult?

A variety of elements contribute to the complexity of the security marketplace. First, there are so many different products. Security is a hot topic and plenty of companies are jumping into the space. So, there are almost as many vendors out there as there are products. This makes determining which of these are worthwhile, and eliminating those that aren’t, challenging.

For vendors, one of the main challenges is that security and its associated concerns are constantly evolving. Just a few short years ago, cameras were everywhere, but anxiety about them was lower. People weren’t thinking as seriously about privacy and the consequences of how data is captured, stored and moved. Today, there are more conversations about these topics. Organizations want to better understand who has access to surveillance recordings, when they are being accessed and what purposes they are being used for. This makes it critical for vendors to address these concerns as part of their sales process.

What tactics should vendors avoid when selling their products or solutions?

There are many different approaches vendors can take to sell their products or solutions. However, across the board, there are some methods that are generally not well-received. One popular, but ultimately ineffective, way to sell security solutions is with fear tactics.

Selling fear is a major turn off in the CISO community. The danger of using it as a selling strategy is that your message simply becomes noise. Buyers learn to block out these techniques because they don’t speak to actual needs. There are some instances where using fear can be appropriate. However, it shouldn’t be where the conversation begins.

Filip discussed his stance on this topic by saying, “There are certainly compelling events within organizations that drive decisions and often those compelling events are very scary things that happen in the physical world. We generally stay away from using fear tactics and techniques to drive our sales. We don’t think that’s an effective approach.”

Instead of using fear tactics, vendors should focus their attention elsewhere. Some start with a conversation about other aspects of the industry. Opening a dialog about the state of the industry, privacy and video surveillance is powerful. This increases trust with buyers by driving the conversation forward. Many of the most successful vendors choose to highlight how their products and solutions can impact the buyer’s business in quantifiable ways. Regardless of the specific approach, vendors should endeavor to share their insights, as opposed to pushing the fear and doubt angle.

Woman Sitting in Front of Man

How can buyers be confident when choosing their security products?

There are different contingencies involved for each organization that purchases a security product. Some have concerns about the physical placement of cameras. Others are more concerned with the IT aspects. Ultimately, buyers need a vendor to provide a security product that satisfies both physical and cyber security standards.

How can vendors build trust and create partnerships with potential buyers?

One way that vendors can build trust is to be transparent with their buyers. Let them dive deep into the technology and identify possible use cases. The more that a buyer is able to understand about what the vendor offers and how the process works, the more likely they are to choose that solution or product. From there, one happy customer can have a big impact. As buyers share what has worked for them, word spreads about the vendor and new accounts start coming in.

In order for buyers and vendors to have a successful partnership, the focus should be on approaching problems collaboratively. This way, the buyer is having their needs met. In turn, this gives vendors the opportunity to solve problems, show their value to buyers and improve their products.

There are many factors that go into developing effective partnerships. Even though it can sometimes be challenging, creating opportunities for cooperation is a worthwhile endeavor that can ultimately reward both parties. Buyers and vendors should aim to stay open to connecting with each other in order to solve the real-world problems that come with making and keeping our world secure.

Want to find out more about how buyers and vendors can work better together? Check out the Building Effective Partnerships Between Security Experts and Security Vendors webinar to get more insight on this topic and the state of the industry.

Enhance School Safety in 5 Simple Steps

School safety has been top of mind for years. But the urgency to make improvements increased considerably following the tragic events earlier this year at Marjory Stoneman Douglas High School in Parkland, Florida.

After a gunman killed 17 people on the campus, legislators across the country began to push for more funding to safeguard learning institutions—from kindergartens up through universities. Over a billion dollars has already been allocated for improvements from coast to coast. Now, it is up to individual schools to create security plans and apply for the grants that will help protect their students and faculty.

While every school safety initiative requires a detailed, exhaustive look at all potential points of vulnerability, the following simple steps will help ensure that any school is well on its way to strengthening security. By addressing each of these key points, it will be much easier to create and implement a plan that works.

Step 1: Identify Physical Points of Attack

One of the most common changes schools have made in response to recent shootings has been to limit access points. This is generally a good practice. By making it more difficult to enter the building, even a school that lacks the finances to hire more personnel can maintain better vigilance over who is coming and going.

Naturally, this must be balanced with fire code regulations, logistics and other factors. But every school should systematically analyze its points of egress. These are the primary locations in which to position security upgrades. Having a greater understanding of the premises will be invaluable in the event that the school ever experiences an active-shooter situation.

Step 2: Assess Digital Security Vulnerabilities

As with physical security, schools need to take greater precautions to shore up their digital defenses. While we have not yet seen incidents in which a disturbed student takes over a school’s system to disrupt surveillance or physical infrastructure before launching an attack, the need to fortify all areas remains critical.

Beyond violent threats, schools house sensitive data about students, finances, strategic planning and many other areas. These all must be protected to prevent malicious actors from gaining access that could inflict financial damage or expose potentially-embarrassing information to the public.

Take a good look at all areas that might be exploited. These could range from physical servers and other devices, to system access points and admin logins. Implement stronger firewalls, ensure proper privileges are reserved for the right people and eliminate access for anyone who no longer needs to use these systems. Users themselves are often the weakest link in the chain. This makes it vital to properly train all faculty members on how to create strong passwords. They should also be taught tactics to avoid phishing, social engineering or other methods employed by hackers.

Step 3: Establish Emergency Protocols

It is a sad reality, but schools today need to have plans in place to deal with an active-shooter scenario. Administrators and teachers must be prepared for this type of emergency, just as they would if a fire started. This includes assigning leadership roles to certain employees and establishing protocols for when to shelter in place versus evacuating students.

In any crisis situation, communication will be difficult and emotions will run high. So these plans must be very well explained and practiced. This will provide a better chance of a good response if an actual event ever occurs.

Students also need to have some level of training. A balance must be reached between due diligence and going overboard (you don’t want to needlessly frighten young children). But there can be emotional benefits to educating students about what to do during a crisis. They see these tragedies on the news and many are scared that they could be next. Empowering them with the right level of preparation can go a long way to ease their minds.

Step 4: Talk To Your Students

If student shooters are the enemy, their classmates can help bolster your defense. A study in California found that up to 30% of students have seen some kind of weapon at school, with at least 125,000 saying that they have been threatened. Just getting them to report these incidents can greatly improve prevention. A student who brings a knife (or even nunchucks) could someday come to school with something much more dangerous.

These conversations need to go deeper than spreading the “see something, say something” message. Schools should create initiatives that aim to lower the levels of bullying and discrimination among students. Administrators that establish counseling resources are more likely to reach kids who feel ostracized. Protocols should also be instituted to share any truly worrying cases with law enforcement or other relevant authorities.

There is no guarantee that these approaches will keep a troubled student from doing the unthinkable. But they will help foster an environment that is better prepared. Addressing mental and emotional health concerns can potentially reach someone before they go over the edge.

Step 5: Be Proactive with School Safety and Security

Fortunately, much of the assessment and planning phase can be done with relatively minimal expense. It just takes a dedicated team of people, willing to engage in some careful consideration about how to locate vulnerabilities and outline emergency protocols.

Virtually any school could also benefit from some physical improvements, however, and these will require funding. Given the ongoing threats faced by our educational institutions, this is more of a necessity than a luxury. Jurisdictions ranging from the federal government and states, to individual counties and cities have allocated money for schools to implement security upgrades. 

Simple technology should not be overlooked. Two-way radio communication devices, for example, are incredibly useful. Additionally, relatively inexpensive software can create detailed facility mapping to help security personnel and administrators better understand the location they are protecting.

Most schools are also opting to invest in other types of improvements. Entry control systems, intrusion alarms, screening equipment and emergency alert systems have so far been the most common. Better video surveillance can do wonders to help monitor entry points and key areas within the building. This can be useful both for general supervision and during an active-shooter incident. School security will always be challenging, but modern plug-and-play camera systems can help provide a simple solution for school districts and campuses of any size.

Planning to Succeed

Each of the elements above is critical to upgrading school safety and safeguarding those who work and learn there. There is no way to completely eliminate threats. But better planning and vigilance can help make sure that security remains a primary focus.

Remember that conducting thorough and systematic assessments at the outset is just as important as establishing and implementing emergency protocols and upgrading equipment and technology. When everything is done together in concert, and any available funds are spent wisely, any school can create great results.

For additional information, check out 5 Reasons Schools Are Choosing Verkada for Campus Safety or get some tips to help Simplify School Security.

Bridging the Gap Between Physical and Cyber Security

What’s preventing physical and cyber security from falling in love? This simple question led to a lively and thought-provoking panel discussion, hosted by David Spark at this year’s GSX. As a co-host of the CISO/Security Vendor Relationship Podcast, Spark encourages open conversations about the tenuous relationship between buyers and sellers of security products. He brought that same disposition to this discussion, which was presented as a “couples counseling” session for those looking to find solutions to the increasingly uncomfortable, yet necessary, intertwined digital relationship between cyber and physical security.

The refreshing discussion brought together experts from across disciplines and industries, including voices from Orvis, the Department of Energy, Panera Bread and Qovo Solutions. Topics ranged from whether wired devices are truly safer than wireless to how aging policies (and policy makers) impede the pace of change. But one thing remained clear throughout: whether we like it or not, physical and cyber security are converging.

Regardless of what’s forcing the change, the session’s panelists seemed to agree that these teams have shared goals. As one of them aptly stated, “I don’t think it has anything to do with wireless or technology. In both physical and cyber security, we’re protecting doorways, we’re protecting access.”

If their stated goals are the same, why are these teams still struggling to work together? The answers seem to lie in a combination of tradition, technology, culture and ownership. Perhaps by first understanding the challenges, we can start to earnestly explore and implement solutions.

Business Structure Separates Physical and Cyber Security

Organizational architecture has historically separated physical and cyber security teams. Physical security was largely managed by facilities, safety or loss prevention. Cyber security was managed by information technology or information security. But, some modern teams fear that legacy organizational structures prevent the type of collaboration that could help create a unified (and less penetrable) approach to enterprise security.

A recent McKinsey study reports that it’s no longer enough to delegate risk to IT, throw resources at the problem or put an undue focus on compliance. Rather, it proposes a provocative approach to organizational structure that brings physical security under the realm of information technology.

However, as James Turgal, managing director of the Deloitte Risk and Financial Advisory Cyber Risk Services practice, reminds us, change is hard. He recently told Security Magazine that, “A misaligned organizational culture can have a tremendous impact on both the business and the security aspects. You could potentially be changing the philosophy that the enterprise has had for years, not just combining networks.”

Many organizations are considering various options to help strengthen the bond between physical and cyber security. But before embarking on large-scale changes, they would be wise to consider what short-term steps can be taken to build trust between these teams.

Physical Security is from Venus. Cyber Security is from Mars.

One of the biggest challenges of uniting cyber security and physical security teams is overcoming the hurdle of history. The teams were built from the ground up to approach problem solving differently. IT teams want first and foremost to know who is doing what, and when. Physical security teams are focused on building gates and keeping the right people and things on either side of those gates.

Information technology teams use identity management as the core building block for their systems. Consider the way technology solutions are evaluated by how well they can integrate with Active Directory and Single Sign-On. Physical security solutions, however, are only now catching up. More vendors in the physical security space are beginning to offer products that integrate with identity management solutions. But there’s a long way to go. They are still burdened by a monumental amount of unstructured data that their existing systems can’t digest and analyze.

But, there’s hope. A recent survey from GrandView Research predicted that the global physical security market would grow from about $134 billion today to $290.7 billion by 2025, due in large part to the rise of smart technology being integrated into physical systems.

As the technologies behind physical security systems modernize and the need to bootstrap systems decreases, perhaps the relationship between cyber and physical security teams will improve consequentially.

Who Owns Physical Security Today? What About Tomorrow?

Information security and technology teams are now responsible for more types of network-connected devices than ever before. With the rise of IoT, cameras, light bulbs, fire alarms and, yes, even fish tanks can now be linked to a network. So, does this mean that IT automatically owns the process of evaluating, purchasing and managing all of these systems? The answer isn’t quite clear.

While IT teams bring expertise on cyber security risks and network integration, facilities teams understand physical vulnerabilities, incident response protocols, and daily systems management and monitoring.

As one member of the GSX panel pointed out, employees are often lost in the process. For example, an IT manager that owns the budget for video surveillance cameras may have trouble understanding the role and responsibilities of an employee on a facilities team (who is tasked with actively managing camera footage and responding to physical security incidents).

Assigning ownership of IoT systems may require a more creative approach than is necessary for traditional technology solutions. This could involve methods such as parsing out sections of the evaluation, purchasing and management process to different teams, or cooperatively owning specific segments of the process.

Three Ways to Bridge the Gap Between Physical and Cyber Security

As the multilateral discussion at the GSX panel clearly emphasized, there’s no immediate and obvious solution that can better connect physical and cyber security. Unifying these teams will take thoughtful organizational engineering, an investment in cultural change, large-scale technology improvements and a focus on greater business goals.

So how do you make progress in the meantime? The panelists had some worthwhile suggestions on how to kick start (or accelerate) the process.

  1. Create customer-centric tiger teams—diversified groups brought together for a single project, need or event. This can help hold each department accountable and help keep up with the pace of change.
  2. Invite both physical and cyber security teams to the discussion when ownership isn’t explicit.
  3. Work more closely with vendors to build modular and adaptable solutions that can grow with an organization as it changes.

Read a recap of GSX and get a look at how Verkada (winner of this year’s Judge’s Choice Innovative Product Award) is building software-first solutions to help bridge the gap between physical and cyber security.

What’s the Difference Between a Cloud vs. Hybrid Cloud Security Camera System?

What are Cloud Security Camera Systems?

With the rise of IoT in recent years, many enterprises, hospitals, schools, and other multi-location organizations have considered the benefits of shifting their video surveillance security system to the cloud.

Cloud security systems consist of surveillance system cameras that stream network video directly to the cloud with the major advantage of being able to remotely view footage from any device. In addition, computationally challenging tasks can be done in the cloud to improve camera security, efficiency, and ROI. However, this wireless security system architecture presents several drawbacks.

  1. Uncertainty regarding what happens to the surveillance cameras footage when there’s an internet outage.
  2. Insufficient network bandwidth for multiple indoor and outdoor security cameras streaming 1080p hd video simultaneously.
  3. Inability to comply with IP security and regulations like the PCI Standard and other governmental statutes, which require at least 90 days of video retention locally and in a separate hard drives backup location.
  4. Concerns about the effectiveness of the video surveillance system’s overall security.

How is a Hybrid Cloud Security Camera System Different?

Unlike a typical wireless security camera system, a hybrid cloud security camera system consists of an on-site video surveillance storage solution as well as one located in the cloud. This hybrid PoE security infrastructure allows the system to address many of the difficulties IT departments and physical security teams have experienced with a pure cloud video surveillance security system.

Verkada: Enterprise Cameras Backed by Hybrid Cloud Architecture

All Verkada cameras come with up to 120 days of in-built video storage and processing power. In the case of an internet outage, the PoE cameras can keep recording and super hd footage can be viewed locally on the network. When internet access is restored, the footage in question is uploaded to the cloud (AWS).

The majority footage of IP cameras is motionless. A hybrid cloud architecture enables PoE security camera systems such as Verkada to send encrypted outbound metadata and short video clips, at less than 20 kbps every minute. When the PoE cameras detect motion, they can send these video clips more frequently. A streaming channel at higher bandwidth is opened only when an end user wants to remotely stream a PoE security camera feed. This intelligent bandwidth management allows indoor and outdoor security cameras to work flawlessly on any network, regardless of bandwidth limitations or the number of PoE video cameras installed.

Finally, the question of cyber security is fraught with controversy. While an air-gapped NVR security system is technically the most secure solution, it also presents many operational limitations that defeat the original intended purpose of keeping an organization safe. As soon as channel NVR ports are opened or forwarded for remote access, the NVR becomes one of the most dangerous technologies that exist. With a hybrid cloud security camera system like Verkada’s, the vendor (not the organization’s IT department) is responsible for the cyber security of individual IP cameras as well as the video surveillance system as a whole. Auto-updating PoE IP camera software and proactively patching firmware to the Powered over Ethernet camera enable Verkada’s systems to remain as secure as possible. End-to-end encryption also ensures that the footage cannot be stolen locally, further minimizing cyber security exposure.

Side-by-side feature lists can only provide a limited view of how a cloud and hybrid cloud security camera system compare. Taking a contextual look at the architecture of these systems can demonstrate how hybrid cloud surveillance solves a series of deep-rooted constraints in the video security space—helping to reveal new benefits, updated workflows, and more seamless administration.

Want to learn more about the hybrid cloud security camera system? Check out our latest eBook, The Future of Enterprise Video Surveillance: The Shift from Traditional to Hybrid Cloud Security Systems.

Verkada Wins Big with Schools and Businesses – San Francisco Business Times

Published on with permission of – contributing author at San Francisco Business Times (SFBT). See the original article here. Opinions expressed by SFBT authors are their own.

For Verkada co-founder and CEO Filip Kaliszan, building a company focused on physical security and data protection stems from a void he saw in the market. Kaliszan came up with a smart security camera system geared toward businesses and schools, which combines state-of-the-art video technology with its cloud-based software.

“There are a ton of companies that sell connected devices for your home or business that can collect data, but they are very antiquated in their approach,” he said.

Verkada differs from traditional security camera companies in the way it stores its data and how video footage can be reviewed, Kaliszan said. One difference is the accessibility of live video streams, which can be viewed by multiple people during a crisis, he said.

“We think of [our product] as moving from after-the-fact-devices where when something bad happens, you look at the footage and investigate,” Kaliszan said. “We’re bringing in a real-time solution where you can make sense of the [feed] as something is happening so that you can alert the right people.” The cameras, which can be installed globally across multiple office buildings, can be accessed from anywhere via an internet connection or a smartphone.

 Moreover, the data security of customers’ video recording is paramount, said Kaliszan. In the past decade, most security cameras have been connected to an internet network, “but in just the last two-three years, a lot of focus has turned to how data is secured.”

Verkada user’s video recordings are encrypted “end to end,” which is especially important to schools and hospitals “where they really care about the private information they are capturing,” he said. The company also does not have access to any of its customers’ footage, he noted. All of the data is stored in the cloud.

Verkada’s product only launched publicly less than a year ago, but in the past six months, the company has increased its client count from 20 to more than 300. Kaliszan added that Verkada no longer plans to raise funds as its revenue is expected to continue to increase.

The company makes money by selling the cameras and its software as a service. Its clients include Hilton Hotels, Equinox, Netflix, Morgan Hill Unified School District and Yuma School District, among others.

With Verkada, we’re bringing our security systems out of that archaic age of DVRs,” said Jim Carrillo, director of technology at Morgan Hill Unified School District. “After seeing the video quality and how easy it was to set up, that’s when I realized this was a solution that could work for us. Being able to manage our devices remotely saves us time and resources.”

Kaliszan said the company has already been surprised by the ways that the clients have used the system. In schools, for example, principals and teachers have been using the system “to investigate student altercations.” For large retail customers, managers have been using it as a training tool to show an accelerated time lapse to see where the busy areas are,” he said.

“Our customers are expanding the product’s capabilities in all of these interesting use cases.”

Learn from your customers:
 “I’m always amazed by what you can learn,” said Kaliszan. “You study the market and come up with a solution, but when you see what they are doing with it in real life situations, that drives the next level of renovations.”

Product execution is crucial: “Doing things right and making sure that the experience works right out of the box has driven our early success,” he said. “In the early days of a startup, it’s crucial how seamlessly the product works and tackles the customer’s needs.”

Communication among the team is key: “We think a lot about how you structure your company internally, the company team and the culture,” said Kaliszan. “In my mind, it’s all about excellent communication, experience and candor. You can’t arrive at innovation, you can’t build an awesome product without it.”

Want to learn more about Verkada’s hybrid cloud solution? Attend a 15-minute live demo today.