Cloud-based physical security systems - are they safe?
Editor Introduction
More and more physical security systems are being hosted in the cloud. But are cloud-based security systems “safe?” It’s a question being posed by risk-averse security professionals all over the world, and one for which a clear, concise answer may be difficult to find. We decided to pose it to our Expert Panel.
Systems that are designed for cloud-based environments often deploy the latest and greatest security measures available, using sophisticated encryption. The integrity of the information transferred to and kept on the cloud, such as surveillance footage, is often safer than it is when housed in many autonomous systems. An additional question should be whether information is being managed safely. If the authentication principles are insufficient and weak passwords are allowed, it doesn’t matter how strong the encryption is. Because cloud based systems are exposed to the Internet, they demand strong authentication and increased operational procedures. Keep in mind, though, that if the cloud component of a system is mission critical and/or guarding lives, the designer of a security system would not compromise security by relying solely on the cloud for ongoing operations. The connection to the cloud is often not robust enough to be fully dependent on using the cloud.
There is no correlation between where a computer server is physically located and how “safe” it is from cyberattacks. It’s an illusion that a company can keep its information any safer by housing its own server versus using a cloud-based system. Any server that is connected to the outside world is vulnerable. You hear a lot about what cloud providers are doing to ensure the safety of their systems, and it all seems pretty convincing to me. Perhaps the strongest argument for the safety of cloud-based security systems is how many other critical enterprise systems are going to the cloud. Hacking of these critical systems could cause much more damage to an enterprise overall than a hacked security camera or door lock. You also see large entities embracing cloud applications, such as the U.S. government’s “Cloud First” initiative. It seems to me if it’s good enough for Uncle Sam ….
The technological evangelist in me wants to say yes. The cautious consultant in me says no. However, there is no reputable way of rating a system 49/100 and declaring it “unsafe” nor 51/100, or even 100/100, and therefore “safe.” Quite simply, if you’re connected to the Internet you’re vulnerable to unauthorised intrusion. The risk-benefit is a decision for each buyer to make with their own criteria. Physical security systems are not perfect but people buy them. The same is true for cloud-based systems. Sales and marketing folks are touting them like crazy just lately. A lot of it is tosh and spin designed to fool the layman, such as: analogue = poor, digital = good, only IP cameras can be viewed remotely, only off-site storage is wholly safe. All untrue. If the people peddling misinformation tell us that their cloud technologies are safe, why on earth would we believe them?
Before answering the question, it’s important to be clear about what one means by "cloud-based" systems. In the security world, it can mean several things, from the ability to remotely access local (on-site) access control or video systems, to simply having edge devices on site and having video and data stored in the cloud. For securely accessing data over the cloud (i.e. the Internet) from local sites, some basic best practices should be observed, including: Changing default user names and passwords – this is perhaps the biggest security threat for remotely-accessible systems; opening as few networking "ports" as possible and managing the security on the open ports; and encrypting video and data in transit. For video and data stored on a remote "cloud" server, one needs to ensure that the service provider or co-location facility has the necessary security precautions and certifications in place and that they’re audited on a regular basis.
Editor Summary
It’s worrisome that cybersecurity questions related to the cloud also point to an even broader concern: Is any security system safe from possible cyberattack? Most of our physical security systems these days are interconnected with the information highway, a necessity given our market’s hunger for features such as real-time information delivered to handheld devices. The required precautions to protect system data extend both to cloud-based systems and to those physically located on a company’s premises. The problem is universal. The answer to the question “Are cloud-based systems safe?” might well be “As safe (or as unsafe) as any other system.”
- Related companies
- Lambert & Associates
- Notting Hill Media
- VIZpin Inc.
- ONVIF
- Oncam
- Related links
- Oncam CCTV cameras
- Oncam CCTV software
- View all news from
- Lambert & Associates
- Notting Hill Media
- VIZpin Inc.
- ONVIF
- Oncam
Expert commentary
- Mind the gap: Addressing cybersecurity at every phase of technology management
- When choosing an access solution, make total cost of ownership a key part of the calculation
- How Californian cities are improving surveillance and security - key developments from 2022 to 2024
- Healing through innovation: Securing healthcare in the cloud
Palm vein recognition
DownloadThe key to unlocking K12 school safety grants
DownloadSelecting the right network video recorder (NVR) for any vertical market
DownloadPhysical access control
DownloadCybersecurity for enterprise: The essential guide to protecting your business
DownloadVerkada Command Connector for Camera Integration & Cloud Management
Hikvision One-Stop SMB Solutions
Hikvision PTZ Cameras Optimised with 7 Advanced Technologies for Superior Surveillance