How can access to video best be managed to avoid unauthorised video being made public?
Editor Introduction
Seeing surveillance cameras everywhere is becoming more of a norm these days, especially for large cities such as London, New York and Beijing.
Many members of the public have their reservations about this for privacy reasons. Often, this can be solved through educating the greater public about security technologies. However, concerns still remain that such captured data can fall into the "wrong hands". Surveillance footage is meant to be used for security purposes only, but with hacking and leaks becoming increasingly common in today's world, the fear of unauthorised video being made public is a legitimate concern. So how can access to surveillance video be managed to avoid this? Let's see what some of our Expert Panellists have to say.
Given the advancements made to IP surveillance innovation on the network, the security safeguards put in place are much like any other IT system, and best practices lie in the hands of those that manage the video, such as making sure the firewall is up to speed and encryption is in place. Many other secure strategies exist and just need to be put in place, such as IEEE 802.1X for Port-based Network Access Control (PNAC) which provides an authentication mechanism to any surveillance camera that attaches to a LAN or WLAN; or IP filtering, which helps process, manage and discard unwanted connections by protocol types, socket numbers, source addresses and more. If you are still nervous, I’ll remind you that in most IP surveillance scenarios, you can disconnect the system from an Internet connection and run it separately, much like analogue surveillance systems operate off the network.
The leaks that are technologically simplest are where CCTV monitors carrying private information can be seen by the public. For example, we‘ve all visited buildings and signed in at a Reception desk which carries easily visible displays of their secure areas. This is illegal if deemed a breach of the Data Protection Act. Don’t give people the opportunity to eavesdrop with their eyes. Years ago CCTV on videocassettes could only be secured by keeping it under lock & key. This basic principle should not be overlooked with digital CCTV at all vulnerable points in its network. IT systems’ electronic protection procedures are widely known and hence proven for restricting CCTV, e.g. password, token, biometric, dual-authorization, etc. Disabling ports such as USB, eSATA, etc. can help prevent unofficial video export. Maybe copyright infringement technology will get used to finding leaked CCTV across the Internet for takedown notices to be issued.
Often video gets released to the public not because someone hacked into a system but after the video is obtained by an "insider" who works with the system. With the trends toward sharing video among multiple jurisdictions and with other parts of a company, the challenges become even more complex. Stringent internal processes at the end user level can ensure that only the right people have access to surveillance video, and VMS systems enable enterprises to specify users and customize permissions to ensure only authorized operators can access video. The ability to copy or download video should be strictly reserved to those who are authorized, such as managers or supervisors. Accountability is key. Policies implemented to limit how much video is recorded or how long it can be saved are additional tools to manage the risk of unauthorized video getting made public.
Keeping video safe and secure is critical as users face a wide range of threats from both network and physical sources. Manufacturers should design solutions that enforce strict access policies to ensure that only authenticated users can access surveillance video footage. Operators can easily limit access to specific cameras based on individual access levels and design specific privileges based on what type and actions can be taken. In addition, customers should leverage a secure storage infrastructure for video, and treat video surveillance footage like any other critical data source that the organisation wishes to protect.
Editor Summary
As we see from our Panellists' responses, there are different levels of security that can be implemented in order to ensure that video surveillance footage can only be viewed and accessed by authorised personnel. As Larry points out, there must be a sense of accountability and there should be limited access, even within an organisation. This can be achieved with technological solutions, the implementation of which falls upon manufacturers. This includes data encryption, firewalls and user authentication mechanisms as detailed by Fredrik and Omer. But that's only one half of the problem addressed. Once the right security system has been implemented, there must be measures in place to ensure that the data remains with the right personnel. The points highlighted by Simon are equally important when it comes to making sure that surveillance video isn't made public. The most advanced technology is only as good as its users. It's easy to direct all of one's attention and resources at finding the best and most advanced technology to keep one's data safe and secure, that best practice almost gets overlooked or taken for granted.
However, technology and best practice really go hand in hand when it comes to managing access to surveillance video. Can you have one without the other? Not really. There's only so much staff members can do to keep data away from the wrong hands. These days, the extremely old fashioned way of keeping something guarded by someone 24/7/365 is not realistic or cost-effective. Many of the technological advancements have been made with the idea of alleviating man power so that resource could be directed elsewhere. Yet, there is also only so much technology can do. The technology must be accompanied by best practice. It is through a combination of these two that access to surveillance video can best be managed.
- Related companies
- Axis Communications
- Lambert & Associates
- Verint Systems
- Related categories
- CCTV software
- Access control systems & kits
- IP cameras
- View all news from
- Axis Communications
- Lambert & Associates
- Verint Systems
Expert commentary
- Global regulations of AI: the role and impact on the physical security industry
- Mind the gap: Addressing cybersecurity at every phase of technology management
- When choosing an access solution, make Total Cost of Ownership a key part of the calculation
- How Californian cities are improving surveillance and security - key developments from 2022 to 2024
Palm vein recognition
DownloadThe key to unlocking K12 school safety grants
DownloadPhysical access control
Download5 surprising findings from OT vulnerability assessments
DownloadHoneywell GARD USB threat report 2024
DownloadDahua 4MP WizColor Bullet Camera with Fixed-Focal and WizSense AI
Hikvision WonderHub: Interactive Displays for Collaboration
Verkada GC31 Cellular Gateway for Seamless Device Connectivity