Network cameras increase the security of the buildings being monitored. Thanks to intelligent analysis, they provide valuable information on business processes. At the same time, however, they may connect to the Internet and thereby create cybersecurity risks. A cloud-based video management platform helps to minimize the risks.

Video cameras that are part of the corporate network can be dangerous. Like many other Internet of Things hardware, it is an attractive target for hackers who use a digital camera as part of their distributed denial of service (DDoS) attacks on companies. In prominent cases, around a million video cameras or digital video recorders connected to the mains were misused for DDoS attacks . Hackers integrated video cameras into botnets – for example into the self-spreading Mirai botnet. Cyber ​​attacks, however, threaten data protection if, for example, hackers hijack administration rights for cameras and can thus access the recorded video systems.

One thing must be clear to every IT manager and the decision-makers at C-Level: If you implement an on-premise system for video surveillance , you are making the task of securing a veritable company network. However, an IT department usually does not have the time for this, especially since they often cannot cope with the protection of the actual network. And the expense of protecting video cameras in companies can rarely be justified to those who are concerned with economic business processes. The problem is even greater for security service providers whose main area of ​​expertise is building protection or other services, but not network security . Often there is a lack of technical competence in the areas of networking and IT security.

A cloud-based video platform service is therefore recommended for most companies and security providers because it can usually offer better IT security and data protection of sufficient quality. A cloud-based video management system offers classic network security and the technical competence of a cloud provider. It offers systems that are easy to implement and manage. This helps to avoid configuration errors and weak points. The catalog of requirements for video surveillance networks does not differ fundamentally from the usual requirements for network and IT security, but it also sets its own priorities.

Isolate network cameras from the Internet

Network cameras with a connection to the Internet offer an open, because mostly neglected, edge in the corporate network. Whether cloud or on-premises: You should therefore be separated from the Internet in any case. The associated applications then automatically connect to the video management system (VMS) of the cloud surveillance camera and for their part ignore all incoming connection requests from the Internet. The applications should not leave any open ports.

Preventing unauthorized access

Network cameras are Internet of Things hardware. A main problem here is the password discipline, which is often neglected by manufacturers and users, for example when standard passwords are not changed. The installing technician does not have to register the camera in a network with self-configuring systems – one less risk factor. The subsequent user, security service or entrepreneur, is of course then required to choose and manage their individual access data carefully. Biometric and two-factor authentication prevent unauthorized access and can be integrated into single sign-on services.

Identification through digital certificates

Video surveillance is increasingly taking place via remote access: for example, via an outsourced security service or by employees in the home office who let their colleagues in the office or monitor remote locations, side aisles or warehouses. All elements of this network (PC, smartphone, camera, notebook, bridge, digital video recorder) must reveal their identity in order to transfer data. Digital certificates are therefore the decisive basis for securely sending the video material.

Secure connection to the data center

Regardless of whether a camera saves video sequences locally on the hard drive of a video recorder, buffers them or transmits them to a data center and saves them there: Encryption at flight and at rest are a main criterion for security, which results from the requirements of the GDPR .

It is just as important to configure network connections securely. Cloud services provide valuable help here through automatic configuration. Digital video recorders and bridges act as servers for digital cameras, recognize IP cameras automatically, so that an IT admin does not have to manually set a camera IP address – which avoids errors. The final inclusion of the camera in the network is still done manually.

Managed security

Many administrators do not have the time to manage a large number of video cameras, possibly from different manufacturers, which are then also located at different locations. It is almost inevitable that no one will install updates and patches. If an administrator of a cloud service centrally maintains and manages the devices, this minimizes a classic risk in cybersecurity.

Data vaults

The security of the data is crucial. Video data with images of customers, visitors, passers-by or employees are subject to the strictest data protection. Your loss is a reportable incident within the meaning of the GDPR. The data protection of the video material has several aspects: In most cases – if no security-relevant incident has been documented – videos must be deleted reliably and automatically. In Germany, deletion after 72 hours is recommended. Intelligent systems therefore go even further and only transmit those processes via the network to the control center that would trigger an alarm.

However, the data that a company can store on the basis of a legitimate interest, such as legal proceedings due to vandalism, must also be stored securely from unauthorized access. The data center of a cloud provider is the best choice, especially if it is located in Germany and is itself secured with digital building protection. A third aspect is the integrity of the data: Special protocols guarantee that they have not been manipulated and turn them into usable evidence in court.

Nobody can and must not underestimate the IT security of video surveillance systems. It is a network that needs to be maintained. That devours resources. A cloud-based video management helps the IT administrators, who often simply cannot operate a second cybersecurity arena. Or never with as much time and thus as good quality as an external provider.

In the News

Covered on these news sites. Click the image to read more.  The English version is a translation of the original article that appeared in German.