1.25.19 – SSI – Lance Holloway
In order to work in harmony with IT, video security products should provide flexible network connectivity, login/identity security and scalable patch management tools.
Security video products have weathered some extraordinary circumstances the past couple of years. Increased cybersecurity threats, demanding network architecture changes, dubious manufacturing practices and the ever-increasing demand for simple mobile access have all but obliterated the product lines of even five years ago.
The great news is that security manufacturers have more than met these challenges and today’s generation of video products and platforms leap over the traditional gap between physical security technology and IT expectations.
Full Disclosure in Safeguarding Sensitive Data
With today’s video solutions architecture, Cloud solutions must go through additional gateways before the IT department can approve the deployments. RFP discussions with customer IT departments must include full disclosure regarding not only who has administrator access to network devices, but who is storing the video and where.
In the most stringent environments, customer IT departments must be able to show auditors how they care for sensitive information and network permissions, and integrators need to be well versed in these situations to ensure customers are prepared.
More and more, customer IT departments are requiring formal declarations of where their video is stored, by whom, and if they pass security inspections. When considering Cloud-capable video equipment, it is imperative to obtain, in writing, where it is stored and where possible, attestation certificates.
An example would be ‘XYZ Cloud Storage Company’ conducts annual SOC 2 audits and can provide a certification letter to customers. Most recently, if security cameras are for customers in the European Union (EU) or any of the surveillance footage is stored in the EU, General Data Protection Regulation (GDPR) should be front and center in planning discussions to determine data controllers, data processors and signage, among other requirements.
A datacenter’s physical and logical access control security, including policies, should be well established for customers’ privacy and accessibility. A technology expert from the integrator should conduct a tour of the datacenter for the Cloud storage provider in question; a visual inspection of the facilities will reveal volumes to the trained eye.
Many customers ask, “Can we just upgrade the existing NVR equipment?” A growing trend for expectation is that much of the older equipment simply cannot be made smarter with a simple patch. Best-in-class products today are Cloud aware, network agile and allow intuitive customer programming interfaces.
Security video products today should provide:
- Flexible network connectivity — options to avoid overly compromising customer firewalls (electronic perimeter)
- Login/identity security — inherited permissions (from Cloud or customer active directory, for example)
- Scalable patch management tools — conversations with customers about IoT governance have become common-place to ensure that potentially tens of thousands of video devices are being patched and updated regularly to avoid published cyber vulnerabilities
Newer NVRs have the ability to create an outbound, persistent connection to secure Cloud platforms. This type of solution allows for simple conversations with client IT personnel who are concerned with how older security equipment used to require too many permissions and holes in the firewall.
These new products are easier to sell, install and support versus trying to “duct tape” older video equipment into the modern era. Whether an NVR is a Linux or Windows box, login permissions are a crucial consideration.
Opinions may vary on who controls the logins for these boxes, but, at a minimum, the control over logins and permissions should meet the standards put forth by the customer’s IT team. If possible, it buys a great deal of credibility with the IT team if the plan and reports around permissions can be easily provided.
The ability to easily ensure all cameras and NVR devices have updated hotfixes, patches and firmware must be at the top of today’s security system checklists.
Front-page headlines continue to discuss major data breaches, with some instances occurring on simple devices that were only three months behind on their patch updates. Now, imagine some older security video environments where devices have not been updated in a few years!
Being equipped to have proactive conversations with customer IT departments adds credibility to an integrator’s trusted partnership.
Helping customers become educated on the risks and options — so they can plan their roadmap in concert with IT security spend — is a powerful mission in the shifting physical security environment.
Lance Holloway is Director Vertical Technology for Stanley Security.