State of the Market 2016: Video Surveillance
View/download the original article from SDM here
The Cybersecurity Effect
One of the main reasons for the adoption of cloud-based video services has not grown as much as anticipated is end-users’ concerns about data security. Confidence in the ability to secure networks and data seems to wane with every high-profile data breach.
“Data security is a real concern for the American people in general,” Hikvision’s Sam Belbina says. “This issue will never die; it’s going to be with us forever. The dilemma is to figure out how to address it.”
In addition to potentially holding back the adoption of cloud-based video, cybersecurity concerns have also led to end-users re-prioritizing their security goals.
“Everywhere you go, you hear about cybersecurity. It’s a real concern,” says Christie Hamberis of ScanSource. “As a result, we’re going to see a shift in security budgets from physical to the network side.”
Previously, many video surveillance manufacturers viewed network cameras as edge devices. As such, they expected that they would benefit from the network security IT departments provide, says Jeff Whitney, vice president of marketing, Arecont Vision, Glendale, Calif. In light of recent network breaches, that mindset has shifted.
“Growing awareness, however, has led to concerns that while a network camera typically doesn’t have the computing horsepower to become a point of attack on the network should it be improperly accessed, video from it could potentially be hijacked or the camera disrupted,” he says.
The result is that several leading network camera providers, including Arecont Vision, now build more cybersecurity features into their products. Basic features such as 16-character ASCII passwords and issuing user recommendations for initially setting and later updating passwords regularly are becoming best practices for many manufacturers, Whitney relates.
With high-profile breaches coming through HVAC firmware and other seemingly unlikely entry points, the “security of security” has become critical. However, says Andrew Elvish of Genetec, the physical security industry hasn’t given much thought to managing data from IP-based cameras and other devices securely as it moves through corporate networks. “It’s impossible to understate how important cybersecurity is for physical security. While the industry has been pushing strongly for IP-based solutions, I don’t think the security of security has gotten enough mindshare.”
Education has been central to Scarborough, Maine-based integrator Advance Technology’s push toward ensuring IP-based cameras are secure from potential breaches. “We’ve been learning from the leadership of Bill Bozeman at PSA with regard to the changes integrators need to make to their business to improve their cybersecurity posture,” says Advance Technology’s Rob Simopoulos.
In addition to pursuing training for its employees and sending them to cybersecurity conferences, Advance Technology also has partnered with cybersecurity experts to assist the firm in making improvements to its business practices. “Our goal is to continue to become more knowledgeable in regards to what we can do to protect our customers and deploy video surveillance systems with improved cyber hygiene,” Simopoulos describes.
“It’s very important to be able to prove why a camera can’t be hacked and show what you’re doing to ensure that it’s not going to be hacked,” says Samsung Techwin America’s Tom Cook. “Some companies are vigilant and some aren’t, so the desire to move to the cloud might be prevented by customers’ reasonable doubt about cybersecurity.”
Having built its entire business on providing cloud-based and other services to support the video equipment it installs, integrator DTT recognizes the importance of network security. Because the company’s focus is on the retail, hospitality and restaurant verticals, that means ensuring that video devices comply with the Payment Card Industry Security Standard (PCI), which calls for some of the most stringent network security requirements.
“We’re very adamant about PCI compliance and cybersecurity because we’re also accessing credit card information with POS system integration. Most customers wouldn’t even look at us if we weren’t,” DTT’s Sam Naficy says.
“Security is a real pain point as we move to the cloud, so we’re very conscious of ensuring encryption from the edge to servers to the cloud — all the way upstream and downstream,” says Hank Monaco of Tyco Integrated Security.