Secure by Default

Verkada’s solution is secure out of the box, featuring encryption in transit and at rest.


Security was top of mind when designing Verkada. That’s why we redesigned video security infrastructure, and built a system that’s secure from the ground up.

  • Hardware Security

    30+ days of video securely encrypted on solid state storage

    Encrypted at rest

    AES 128

  • Network Security

    Video feeds, thumbnails, firmware updates, and settings securely transmitted between cloud and device

    Encrypted in transit

    AES 128, TLS v1.2

  • Cloud Security

    Archived videos, thumbnails, user history, audit logs securely stored in AWS

    Encrypted at rest

    AES 256

  • Application Security

    2-factor authentication, RBAC, SAML / SSO integration provides secure access across platforms

    Encrypted in transit

    AES 128, TLS v1.2

Hardware Security

At Verkada, cybersecurity isn’t a last minute addition. We build our devices secure from the very first step, starting with our design for the hardware and systems that store data on the devices themselves.

  • Trusted Manufacturers

    Our device hardware is manufactured by trusted partners who adhere to the same stringent security policies that we do.

  • Durable Design

    Torx Screws and IK10 rated impact protection mean that our cameras are some of the most durable and tamper-resistant on the market.

  • Tamper Detection

    Proprietary Algorithms and a built-in accelerometer are specifically tuned to detect physical and occlusive sabotage.

  • Independent Assessment

    Verkada device security is regularly assessed by independent, 3rd party security research firms.

Network Security

Network security is one of the most critical components for any cloud-connected infrastructure. At Verkada, we pull out all the stops to ensure that your data is protected as it’s transmitted over the network.

  • Encryption in Transit

    We encrypt all video data in transit to the cloud with AES-128. On top of that, we use TLS 1.2 and 1.3 to add an extra layer of security.

    Encryption means any malicious interception (be it MITM or Eavesdropping) is not compromising.

  • Minimal Network Configuration

    Verkada devices do not require any additional security measures to be employed on the network such as ACLs in order to restrict access. That’s part of how we keep devices secure by default.

  • Cloud Managed

    Because Verkada cameras are only managed in the cloud using outbound protocols, bad actors are unable to push malware directly onto our devices. Network latency is minimized using predictive algorithms that cache data intelligently.

  • No Port-Forwarding

    Verkada cameras do not require port forwarding; a major vulnerability and headache of traditional NVR systems.

Cloud Security

Everything is hosted on Amazon's AWS, and Backblaze B2 servers, which feature the best data security and reliability in the world.

  • AWS Security Measures

    Amazon has exceptional security protocols for their web services. Read more about Security, one of Amazon’s five pillars of their Well-Architected Framework.

  • At-Rest Encryption

    At rest, we encrypt all of your footage and other sensitive data using AES 256, one of the most cryptographically secure encryption algorithms currently used in industry.

  • Automatic Cloud Backup

    Verkada cameras can automatically sync their local storage to the cloud. That means no matter what happens on-site, or even to the camera itself, your data will be safe and sound.

  • Local Data Residency

    Certain regulations limit the storage of an organization's data to its country of origin. Verkada is proud to offer domestic footage retention for our customers in the United States, Canada, Australia, and the UK.

Application Security

Security starts with us, but extends to each user who logs into our software. Verkada gives you the tools you need to control who has access to your system, and what they do with that access.

  • Single Sign On

    We partner with the most trusted Single Sign-On providers in the industry, including Okta, Onelogin, Google Business Apps and Azure Active Directory.

  • Multi-Factor Authentication

    If you prefer not to use SSO, we also offer a robust Multi-Factor Authentication system, partnered with industry-leading MFA providers including: Duo, Lastpass, RSA, Google Authenticator.

  • Role Based Access Control

    Easily customizable individual and group access settings allow you to thoughtfully assign access to only the right people.

  • Audit Logs

    Comprehensive audit logs help reveal who has accessed your system, and any changes they have made.

  • Automatic Software Updates

    Verkada devices are designed to apply firmware updates automatically during off hours (to keep bandwidth usage low). That means you’ll never miss out when we roll out new features or critical security updates.

  • Regular Penetration Testing

    We employ an independent security firm to continually run penetration tests on our systems. This is how we find and fix security exploits before they ever threaten our customers.

  • Vulnerability Disclosure Program

    Verkada believes in responsible security research and disclosure of security vulnerabilities. Responsible disclosure helps us promote the continued security and privacy of Verkada customers, products, and services. Please report potential security and privacy vulnerabilities to us via our Vulnerability Disclosure Program.

Compliance & Security Regulations

Verkada devices are compliant against some of the strictest data handling and security standards in the world.

  • SOC 2 Compliance

    Conducted by the independent auditor Geels & Norton, Verkada’s SOC 2 report verifies the controls which have been designed and implemented to meet the requirements for the security principles set forth in the 2017 Trust Services Criteria for Security. A copy of Verkada’s SOC 2 Type 2 attestation report is available to both current and prospective customers here.


    The Health Insurance Portability and Accountability Act of 1996 governs the way healthcare organizations collect and manage patient data. Learn about how Verkada protects patient information and helps organizations meet HIPAA compliance.

  • PCI

    The Payment Card Industry outlines requirements and best practices for businesses accepting credit card transactions. See how Verkada gives businesses the tools they need to protect and regulate transactions according to PCI standards.

  • GDPR

    In 2018, the European Union adopted the General Data Protection Regulation. Meant to give users more control over the way businesses collect their data, this law forced European and international businesses to alter the way they collect user data. Learn more about Verkada’s easily configurable GDPR solution here.

  • UL

    UL is a federally recognized body that performs rigorous safety tests on a wide variety of devices.

    Verkada cameras are compliant with UL-62368-1, which outlines safety requirements for “electrical and electronic equipment within the field of audio, video, information and communication technology.

  • NDAA

    The 2019 National Defense Authorization Act’s Section 889 prohibits US Government bodies from purchasing video communication equipment from specific Chinese manufacturers.

    Verkada Dome, Mini, Bullet, Fisheye, and Multisensor cameras are made with US-based Ambarella chips and are NDAA compliant.


    The Family Educational Rights and Privacy Act was passed by the US federal government to protect the privacy of students’ educational records. This law requires public schools and school districts to give families control over any personally identifiable information about the student.

    Verkada provides educational organizations the tools they need to maintain FERPA compliance, such as face blurring for archived footage.

Customers in
Regulated Areas

Try Verkada For Free

30-day trial includes camera and full access to management platform.

Start a Free Trial