Cloud computing is no longer purely the domain of the largest corporates and upstart disruptors. It is mainstream for companies of all sizes. But corporate CCTV often sits outside cloud environments. It tends to be managed by facilities rather than IT teams and to languish in an analogue world which leaves it insecure, failing to perform to its best ability, and potentially on the wrong side of the law.
What are the problems that bedevil so many existing setups, how can cloud help organisations use CCTV more effectively, and will the General Data Protection Regulation, coming into force next year, be the spur to action that’s needed to push corporate CCTV into the cloud?
Only around a fifth of new CCTV installations are digital, despite the widespread availability of digital systems. Users give two key reasons for resisting a move from analogue to IP and cloud based systems: it would require a ‘rip and replace’ of their existing infrastructure; and digital CCTV is more complex, insecure and expensive to install than analogue.
Neither of these arguments hold water.
Analogue systems can be connected to the digital world simply by adding an intelligent adapter which sends encrypted footage directly to secure cloud storage via broadband, 3G or satellite services. Cameras and cabling don’t need to change. There is no requirement for third party hardware like new routers and firewalls. New additions to the system are easily made as CCTV needs develop over time.
Analogue CCTV systems are often as leaky as sieves. Systems based on Digital Video Recorders (DVRs) are open to a range of security weaknesses. Network architectures that use port forwarding are notoriously insecure. DVRs (and cameras) often lack ongoing firmware updates and have easily guessable ‘out of the box’ passwords that organisations don’t customise.
It is true that many cloud-based solutions use the same IP connection and port forwarding techniques as DVRs, and IP cameras can be open to intruders if their firmware is not kept up to date. For example, Trend Micro has identified more than 120,000 IP cameras vulnerable to a botnet called Persirai.
But there are cloud solutions which only require outbound connections, closing off the inbound option to intruders. And because an IP adapter for an analogue camera only has to perform a fraction of the functionality of a full DVR, it is much less powerful and hence much less attractive to a potential attacker. These features, coupled with appropriate in house network security monitoring can raise the bar to the point where would-be intruders may turn their attention to less robust classes of device.
Alongside these security plus-points, cloud storage makes accessing footage less complex and more flexible. Footage can be viewed remotely via a wide range of devices including tablet, laptop and phone. Cloud archiving makes historical access as easy as viewing new footage.
If the desire of an organisation to protect its networks and data from attack is not enough to encourage deployment of cloud CCTV systems, there is another factor which surely must be the final brick in the wall for analogue systems. Legislation.
Our current UK data protection legislation is due to be replaced next May by the General Data Protection Regulation (GDPR). This will apply to UK organisations regardless of what happens with Brexit, because it governs the processing of personal data of citizens of the EU. The UK’s own Data Protection Act (1998) will be updated in the light of GDPR, and that process is underway.
Among the provisions of the GDPR are strict rules around data breaches including a requirement for internal documentation for their management and a need to inform all individuals affected by a breach in certain circumstances. A well implemented cloud system caters for record keeping, access permissions management, content redacting, recording schedule management and audit trailing to a degree that simply isn’t possible in a system based on many DVRs in many locations, and allows this kind of management to be achieved remotely.
Importantly, under the GDPR, those installing a new CCTV system or upgrading an existing one will be expected to have identified security risks and how those risks are to be addressed. Three factors are coming into alignment: new legislation, the greater flexibility of cloud-based CCTV and cloud’s potential to significantly enhance both data and systems security. Between them these three mean now is a great time for companies to make the move to cloud based CCTV.