Is a Cloud-Based Video Surveillance System Secure?

Since the inception of the cloud, security concerns have been the biggest factor limiting its wider adoption. While apprehension has eased considerably over the past decade, these worries persist. And they are keeping many chief technology officers (CTOs) from migrating more of their enterprise processes to modern, cloud-based solutions.

A risk-averse approach is certainly understandable. It fits the old adage of “if it ain’t broke, don’t fix it.” But this mentality is now not just slowing down cloud adoption, it is hindering companies with systems stuck in the past.

Video surveillance is one area where we are still seeing this in 2018. Organizations continue to employ outdated, unwieldy systems—simply because they are concerned that a modern solution will bring new, unfamiliar cybersecurity risks.

Are these fears justified? Can companies trust cloud-based video cameras? Is a cloud-based video surveillance system secure?

Traditional Video System Security

To assess the security of cloud solutions, it first makes sense to look at the traditional options. In theory, a system that uses an air-gapped network video recorder (NVR) is the most secure option. But such an installation largely defeats the purpose of having a security camera in the first place. Because if it is walled off from the network, the footage would not be accessible to anyone off site who is required to respond to an incident in real time.

So, once you do make a system based on an NVR or digital video recorder (DVR) more usable, both the device itself and the attached CCTV security cameras become highly susceptible to hacking exploits. This helps explain why, in its benchmark 2018 Internet Security Threat Report (ISTR), Symantec ranked DVRs second on its list of vulnerable devices involved in the Internet of Things attacks against its honeypot last year. After an IT team configures its VPNs and opens or forwards ports to enable remote access, the NVR immediately becomes one of the most hackable devices in the entire network.

The biggest real-world implication is that IT teams often fall into a false sense of security. They know that an air-gapped NVR is foolproof. But they fail to properly recognize that their actual installation may not be. This leads to longer-than-acceptable delays when it comes to updating firmware and installing critical security patches.

Cloud-Based Video System Security

With a cloud-based system, IT professionals are more apt to keep their guard up and install every update immediately. Increased vigilance and faster reaction times mean better security.

The ease of making changes is also a clear benefit that raises security in practice. IT professionals can update cloud-based video cameras remotely and instantaneously as soon as a vulnerability is identified. More than incentivizing quick patches, this fosters a culture of ongoing risk mitigation—rather than one that falls victim to a false promise of security, which vanishes after the system is configured properly for real-world deployment.

Furthermore, today’s leading cloud-based video cameras can be easily equipped with end-to-end encryption. This ensures that any video stored on the camera itself—as well as the footage, metadata, and still images it transmits to the cloud—is protected in the event that hackers ever manage to breach the system.

The Proactive Security Mindset

In wider-reaching terms, there is another key reason that cybersecurity concerns are falling. In the past, manufacturers and service providers offering cloud-based solutions largely left the end user to fend for themselves. This is changing. There is a new attitude emerging from the mega-players (like Amazon and Google), to industry leaders in many sectors and even smaller providers offering niche products.

Kalev Leetaru, a data security expert who has served as a Google developer expert and a council member of the World Economic Forum’s Global Agenda Council on the Future of Government, has broken down this trend. He characterized the evolution as, “the growing emphasis cloud vendors are placing on helping businesses reimagine how they manage their data in a threatening world.”

Writing for Forbes, he welcomed a shift to companies becoming more proactive in their security support and offering more realistic insight to clients about the dangers inherent in any device connected to a network.

“Unlike the VPN castle defenses of past, in which companies surrounded their assets with extensive monitoring, but blindly trusted anyone that got inside, cloud vendors are pushing businesses towards their own ‘trust nothing’ model that better reflects the reality of the uncertain world in which we live,” wrote Leetaru.

Constant Vigilance to Threats

Nothing will ever be 100% impenetrable and understanding that is half the battle. This mentality allows decision makers to properly gauge the actual risk that exists in their video surveillance system.

Compared to the alternatives, cloud-based video surveillance is now—at worst—on par with any other option on the market. And because it promotes easier firmware and security updates, offers high-level encryption and encourages an overall culture of risk avoidance, it is proving to be a effective way to keep the cameras rolling and trust that the enterprise is as fortified as possible.

To learn more about cloud-based video security, check out our Cybersecurity for Video Surveillance Systems whitepaper.