As previously discussed, many features of Video Management Systems (VMS) are moving to the cloud. While there are many benefits to hosting your surveillance system on a trusted partner’s cloud application service, you should also make some special considerations to ensure that the technology you’ve implemented for a safer environment doesn’t wind up putting you at risk.
The Problem Is…
A lot of camera manufacturers are taking their long-standing equipment (with the same firmware and protocols that were designed to work within a LAN) and adding one part that enables automated requests for connections to a cloud-based server. The thought process is that if a camera works well within a network, it should work in the cloud as well. The problem, however, is that the cameras are automatically reaching out to the Internet, even when they shouldn’t be. This is a major security risk.
And It Gets Worse
Like many technologies, many of the camera manufacturers are owned by the Chinese government, which gives their officials access to all of the footage captured by these cameras. This is a known issue, and many of those manufacturers have been banned from Government Purchasing Vehicles. This ban applies to any purchasing organization funded by the US government, including school systems. While this may seem a bit paranoid, it makes sense when you think about it from a security standpoint (especially when you consider the generally lackadaisical approach that many of these manufacturing companies take toward their network and cloud infrastructure security policies and practices).
They’re Also Vulnerable to This
Additionally, many cameras are vulnerable to becoming a part of the growing bot-nets through their cloud connection. As we all know, a cloud connection is just a fancy way of saying that something is connected somewhere out on the Internet. And when you have these connections without thorough security QoS policies in place, you are effectively stepping into the wild west without your six-shooter or a badge. This is especially true for cameras, because many still utilize the open backdoor policies that made sense when the cameras were connected to a LAN, but are completely inadequate for a cloud-based system. For example, many cameras come equipped with an IP discovery tool that allows a camera to respond to a request for the IP address that can be configured by that tool. All a hacker has to do is run the tool and wait for pings to gain access to that camera. They can then break functionality or use that camera’s processors to augment a denial-of-service attack on the organization.
And It’s Not That Hard
The cameras are made easily accessible by design. This is because the technology was originally intended to live behind a firewall, so there was little risk when they were only used on the LAN. And it was necessary for the team to have quick and easy access to the cameras to ensure that they could solve issues and maintain functionality. However, anyone can download a free IP discovery tool and breach your security with your own cameras in a matter of minutes. And if something is possible, you must be prepared for it to happen.
But There is a Solution
We realize that we’ve just painted a pretty bleak picture for cloud-based VMS, but don’t build a tin-foil hat and go into your underground bunker just yet. There are some great solutions to ensure that you are getting the benefits of a cloud-based surveillance system without the risks we’ve outlined today. Stay tuned for our next blog to discover the steps you should take to prevent security issues with your security systems (sounds funny, we know).