This is the 5th and final part in our series on data security for enterprise video surveillance systems. See Part 4 on Encryption & Alerts.
This series is an adaptation of our free eBook on cyber security, which includes a Vendor Selection Worksheet, an extra feature that outlines key questions you should ask any video security provider before purchasing a system for your business.Download Your Copy Here
Verkada’s Approach to Security Design
At Verkada, we’re on a mission to modernize the world of physical security. Our approach to video surveillance system design is different from what’s out there. As a result, we’re able to ship all of our systems with network security best practices enabled by default — with no special configuration required.
Verkada eliminates local servers and network video recorders (NVRs). Each camera stores video footage on industrial-grade, solid-state storage. This footage is encrypted at rest via public key infrastructure (PKI), which prevents unauthorized access — even in the unlikely event that the camera itself falls into the wrong hands. For added redundancy, on-camera footage may optionally be backed up in encrypted cloud storage. Eliminating the NVR not only reduces the overall complexity and cost of ownership of the system, it also removes the single point of failure common to traditional systems.
HTTPS/SSL encryption comes enabled by default, meaning no additional configuration is required to protect video data when it’s in transit. And because each Verkada camera only communicates via outbound protocols and is automatically self-firewalled when it first connects to the network, our systems avoid the vulnerabilities associated with open ports.
When it comes to controlling access, Verkada makes it easy to manage access permissions across your organization. Quickly grant, edit or revoke access rights for any user — right from Verkada’s cloud software. You can also easily control accessibility by user, site and organization. Provision access for a set period of time with time-restricted access. For added protection against unauthorized user access,SSO/SAML and two-factor authentication are offered as standard options.
Finally, software updates and upgrades occur automatically, with security patches being rolled out in as little as 24 hours. This ensures the system is always running the latest software version.
Verkada System Design Highlights
No NVR or DVR
- On-camera, industrial-grade solid-state storage
- Regular, automated software updates
- Redundant firmware banks for failsafe updates
- Remove reliance on physical security of wiring and/or VLANs
- 128-bit AES encryption + 2048-bit RSA encryption (two layer) + 256-bit SHA2 HMAC cryptographic integrity checking (to ensure that only authentic and authorized software is uploaded to the camera system)
- Full HTTPS/SSL encryption
User Permissions & Access Controls
- SAML/Single-Sign On integration
- 2-factor authentication
- Granular controls for user, site and organization
- Easily assign/revoke different permission roles
- Time-restricted access sharing: automatically expire access after set time period
- Detailed access audit logs
Monitoring & Alerts
- Active system health monitoring
- Tamper detection
- Automated alerts
- Subscription controls for managing alerts
- Vandal resistant: IK08 for the Verkada D30 (indoor camera); IK10 for the Verkada D50 (outdoor camera)