Encrypted in transit and at-rest: Verkada’s Approach to Cybersecurity

When Verkada was founded in 2016, it was poised to enter the intersection of two very different industries. Enterprise Surveillance, a space that has been around since the 50's, was deeply entrenched with extant players and saw little innovation or disruption over decades. On the other hand, the comparatively very new Internet of Things was (at this point) dominated by lean startups who were incentivized by public excitement and fierce competition to ready their product for market and begin iterating as quickly as they could.

For all of their fundamental dissimilarities, both traditional video security and newer IoT companies share one common trait: they both handle an immense amount of user data that is often sensitive, and therefore imperative to keep safe. This commonality would inform the vision of the Verkada Hybrid Cloud Solution; it would combine the safety and reliability of a traditional CCTV system, the intuitiveness of a consumer IoT application, and the ardent commitment to data security that is so critical to both spaces.

Since its inception in 2016, Verkada has worked tirelessly to embody that vision. Today, the company has grown in both size and complexity, but its commitment to a comprehensively secure surveillance environment has not changed. Click here to see the many ways in which that commitment is demonstrated.

Hardware Security

Hardware Security is a very important aspect of staying safe in the increasingly connected enterprise IoT space. More devices equal more potential points of entry for hackers. Frequently, hardware is purchased from 3rd-party manufacturers which makes it difficult to secure and easy to forget. Before the emergence of the Internet of Things, hardware security was largely overlooked because it was less visible than other areas of cybersecurity. That meant when devices began proliferating at scale, their onboard security was not robust enough to grow at the same rate.

Safe propagation of hardware is integral to infrastructural progress - this field includes key appliances like routers, switches, access control, industrial controls, surveillance, etc. When these systems fail, they disrupt entire swaths of industry. That's one of the reasons why many hackers target the hardware layer as their point of entry- access is frequently widespread and root-level. Breaking in at the lowest level of the technology stack has many advantages; malicious actors can bypass identity controls at the software layer and do things like:

• View sensitive or proprietary information

• Hijack or divert intended services

• Steal secret IP such as firmware & blueprints

Verkada cameras are secure, and scalably so. We own our entire technology stack down to the firmware on our chips. Our silicon is sourced from trusted manufacturing partners who adhere to the same strict security standards we do. Firmware is auto-updated regularly, avoiding messy versioning issues and vulnerabilities. Each camera comes equipped with onboard encrypted storage and anti-tampering algorithms. That means no matter how many cameras are deployed, or what happens to those cameras: intruders have no means of compromising local footage.

Network Security

Network Security is one of the most critical spaces to keep secure, especially for a 24/7 cloud-connected model like Verkada's. NetSec can refer to a wide variety of topics, but in this section will focus on security measures that we take to ensure data is transmitted over private and public networks in a way that will neither expose user data nor provide an entry point for outside actors.

Hackers frequently use network-layer exploits or malware for two purposes:

• Intercept and misuse sensitive data that is being transmitted over the network

• Gain access to local systems using network-layer applications or firmware as an unsecured point of entry

Verkada encrypts all traffic that is transmitted over our network using both AES 128 and TLS v1.2. Thus, even if a malicious actor manages to compromise an intermediary network node, eavesdropping will yield them no interpretable information. Similarly, our cameras accept no inbound traffic and exclusively transmit data over HTTPS, thereby removing any access point for hackers to inject or embed custom code.

Cloud Security

As data server space becomes increasingly affordable and scalable, more and more applications are migrating to the cloud for cost-saving and accessibility reasons. Data and applications no longer reside behind a firewall; this removes the need for VPNs, which simplifies access. Enterprise users love being able to access consistent and up-to-date services at a predictable per annum rate. Cloud Computing centralizes resources (including security) which leads to reduced cost and greater reliability.

Parallel to these unique strengths, cloud computing has unique consequences if not addressed properly. Centralized design means that if hackers gain access, they can breach large sets of private or confidential data. Additionally, data is not backed up locally - if malicious actors can disable network functionality, they can completely disrupt cloud services without even breaking in. Cryptojacking is an increasingly common method of attack, where a small amount of cloud resources are hijacked in order to secretly generate cryptocurrency for the attacker. This exploit is difficult to detect and may lie dormant for months or years. In general, compared to local wired systems, there are more points from which to stage an attack on a cloud model, such as an unsecured network or exploitable API.

At Verkada, we protect your data during transit and at rest in the cloud. We own the data pipeline end-to-end, so potential assailants have no publicly available means of entry, such as an insecure API. Once your data reaches the cloud, it enjoys industry-leading data security practices like automatic backup and unilateral AES 256 encryption. Everything is hosted on Amazon's AWS servers, which feature some of the best data security and reliability on the planet. Even in the event that network access is sabotaged and taken down, camera feeds can still be viewed via the local network.

Application Security

Applications are the interface by which human users can access, manage, and make changes to their enterprise network. Because of the unpredictability of human behavior, IT experts agree that this is one of the most difficult attack surfaces to keep completely secure. The best application security is therefore maintained through strict control over the parties who have access to a network's applications. This discipline is called Identity and Access Management (IAM) and it is one of the cornerstones of modern cybersecurity.

Because identities and passwords are managed by humans instead of machines, it can be much easier to break them through social engineering techniques like phishing. Phishing is the most common source of successful data breaches, despite being reported at a much lower rate than other schemes. This implies it's by far one of the most successful methods of ingress to enterprise systems. However, it's also one of the most simple to avert; phishing can be thwarted by simply using alternative means of identity verification such as Single Sign On or 2 Factor Authentication.

Identity breaches are especially tricky to deal with as they can be less obvious than other types of attack.They have the potential to go unnoticed for long periods of time since user activity is technically legitimate, which means hackers frequently have plenty of time to pull off their attack. Also, they are difficult to anticipate & respond to since it's hard to discern which traffic is malicious and reverse it. In fact, these types of attacks can be comprehensively dangerous; compromised passwords likely reused across multiple business apps which gives hackers across-the-board access.

At Verkada, we take identity management very seriously. That's why we partner with the most trusted Single Sign-On (SSO) providers in industry, including Okta, Onelogin, Google Business Apps and Azure Active Directory. If you prefer to use 2 Factor Authentication, we offer that too. Even in the event an unintended party gains access, Verkada command gives you tools like Audit Logs and individual user permissions. These empower admins to revoke access to specific users at will and identify what they saw or changed.

—

To learn more about Verkada’s approach to cybersecurity, visit our Security Overview page, where we share how we keep customer data safe at every step in its journey.