Secure by Default

Trusted Manufacturers

Our device hardware is manufactured by trusted partners who adhere to the same stringent security policies that we do.

Firmware Signing

Each piece of code that we ship is ‘signed’ with Verkada’s secret key. That means nobody can run code on our cameras but us.

Durable Design

Torx Screws and IK10 rated impact protection mean that our cameras are some of the most durable and tamper-resistant on the market.

Tamper Detection

Proprietary Algorithms and a built-in accelerometer are specifically tuned to detect physical and occlusive sabotage.

Encryption in Transit

We encrypt all data that is sent over the network with AES 128 standards. On top of that, we exclusively use HTTPS over TLS v1.2 to add an extra layer of security.

Encryption means any malicious interception (be it MITM or Eavesdropping) is neither fatal nor compromising.

No Inbound Connections

Because Verkada cameras only initiate connections with the cloud using outbound protocols, bad actors are unable to push malware directly onto our devices. Network latency is minimized using unique predictive algorithms that fulfill requests as quickly as they arrive.

Required Network Settings

All Verkada-powered security ecosystems are configured to follow our network protocol guidelines.

This is how we offer industry-leading security practices, even on your local or personal network.

No Port-Forwarding

Solely employing HTTPS traffic means that all of our data enters and exits through the secure Port 443.

We never utilize Port-Forwarding, a major vulnerability of traditional NVR systems.

AWS Security Measures

Amazon has exceptional security protocols for their web services. Read more about Security, one of Amazon’s five pillars of their Well-Architected Framework.

At-Rest Encryption

At rest, we encrypt all of your footage and other sensitive data using AES 256, one of the most cryptographically secure encryption algorithms currently used in industry.

Automatic Cloud Backup

Verkada cameras can automatically sync their local storage to the cloud. That means no matter what happens on-site, or even to the camera itself, your data will be safe and sound.

Local Data Residency

Certain regulations limit the storage of an organization’s data to its country of origin. Verkada is proud to offer domestic footage retention on AWS for our customers in Canada, Australia, and the UK.

Single Sign On

We partner with the most trusted Single Sign-On providers in the industry, including Okta, Onelogin, Google Business Apps and Azure Active Directory.

Multi-Factor Authentication

If you prefer not to use SSO, we also offer a robust Multi-Factor Authentication system, partnered with industry-leading MFA providers including: Duo, Lastpass, RSA, Google Authenticator.

Role Based Access Control

Easily customizable individual and group access settings allow you to thoughtfully assign access to only the right people.

Audit Logs

Comprehensive audit logs help reveal who has accessed your system, and any changes they have made.

Automatic Software Updates

Verkada devices are designed to apply firmware updates automatically during off hours (to keep bandwidth usage low). That means you’ll never miss out when we roll out new features or critical security updates.

Regular Penetration Testing

We employ an independent security firm to continually run penetration tests on our systems. This is how we find and fix security exploits before they ever threaten our customers.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 governs the way healthcare organizations collect and manage patient data. Learn about how Verkada protects patient information and helps organizations meet HIPAA compliance.

PCI

The Payment Card Industry outlines requirements and best practices for businesses accepting credit card transactions. See how Verkada gives businesses the tools they need to protect and regulate transactions according to PCI standards.

GDPR

In 2018, the European Union adopted the General Data Protection Regulation. Meant to give users more control over the way businesses collect their data, this law forced European and international businesses to alter the way they collect user data. Learn more about Verkada’s easily configurable GDPR solution here.

UL

UL is a federally recognized body that performs rigorous safety tests on a wide variety of devices.

Verkada’s CD and CM series cameras are compliant with UL-62368-1, which outlines safety requirements for “electrical and electronic equipment within the field of audio, video, information and communication technology.

NDAA & TAA

The 2019 National Defense Authorization Act’s Section 889 prohibits US Government bodies from purchasing video communication equipment from specific Chinese manufacturers. Similarly, the Trade Agreement Act of 1979 requires products available to these bodies on the GSA Schedules to be manufactured in certain designated countries.

The Verkada CB, CD and CM series cameras are made with US-based Ambarella chips, and comply with both NDAA & TAA.

FERPA

The Family Educational Rights and Privacy Act was passed by the US federal government to protect the privacy of students’ educational records. This law requires public schools and school districts to give families control over any personally identifiable information about the student.

Verkada provides educational organizations the tools they need to maintain FERPA compliance, such as face blurring for archived footage.