Page 10 - Security Today, January/February 2022
P. 10
Cloud Storage Training By Sean Chang
It is no surprise in the world of video data storage, there is an evolution from on-prem to the Cloud and Video-Sur- veillance-as-a-Service (VSaaS). How- ever, we have all witnessed the sensa- tional headlines drawing attention to the shortcomings of first-generation Cloud so- lutions. That is why the single most impor- tant factor for cloud adoption, especially in video surveillance, is cybersecurity.
The convenience, ease and scalabil- ity of the Cloud is undeniable, but how much risk should you be willing to absorb for these benefits? To add an additional hurdle, unlike IT, video surveillance is typically managed by a third party. With management outside of the company, the question is do they have trained staff and sound operational practices to manage re- motely with the utmost care and security? Finally, adding a VSaaS provider and the public Cloud there are now three organi- zations that have access to your informa- tion. Where is the weakest link?
WHOM CAN YOU TRUST?
Once you connect your infrastructure to a VSaaS provider, you have to trust the fol- lowing:
• Public Cloud infrastructure used by the
VSaaS provider, which needs to be as
good as the enterprise
• VSaaS staff and their best practices
• Integrators, if they access through VSaaS
for remote management
Can you trust the public clouds? Pub-
lic Clouds have the most advanced tech- nologies and the best practices in order to protect their environment. Hacking still happens. A recent example in August 2021, Microsoft warned its Azure Cloud customers that main databases had been compromised.
Can you trust the VSaaS provider? If you subscribe to a VSaaS that operates the VMS in the Cloud, the VMS has all the informa- tion. The VSaaS provider not only has ac- cess to your videos, but also the site infor- mation such as the map, camera locations, types and configurations. VMS can even control cameras from the Cloud. This is not a back door, rather a front door to informa- tion. Obviously not a small act of trust on
part of the VSaaS organization and staff. What about using encryption to pro- tect your information? If VMS is running in the Cloud, encrypting the video is im- possible. VMS has to process the videos in
their clear format, like H.264/265.
Can you trust your integrator? Some- thing to keep in mind, if the integrator uses the same VSaaS to manage the sites remotely, you will need to trust them as well. Access restrictions are set as most VSaaS software has ability to limit infor-
mation for integrators.
Where are the attacks? Look at the re-
cent SolarWinds hack. The hackers were able to embed their logic inside of the en- terprise’s environment through a “trusted” supplier, SolarWinds, even though the af- fected enterprises had closed networks. This is the so-called supply-chain cybersecurity.
This threat concerns not only software, but hardware as well. The National De- fense Authorization Act (NDAA) regula- tion that exists in the US tries to address this. A closed network cannot protect supply-chain cybersecurity, so imagine if the corporate networks are open to sur- veillance management.
Peer-to-peer vs. cloud. VPN is popular for remote access. Its biggest advantage is to create a peer-to-peer pipe between two known ends. Unfortunately, VPN is incon- venient; especially when the other end is inside the enterprise, which requires go- ing through an enterprise’s authentication process. Using cloud, people can easily sign in from anywhere.
What is the solution? Is there something that can close the gap on these trust and cybersecurity issues? Luckily, yes and they are already out on the market. The best solution is “zero trust” to the public cloud and any organizations touching the vid- eos. The ideal scenario is this:
• Keep VMS and all its information at
the edge. Transfer only the videos to the
cloud.
• Encrypt the videos before sending out,
and keep videos encrypted in foreign lo- cations at all times. Zero-knowledge key encryption is best.
•From remote locations, only allow to monitor the health of the systems, not
remote control of the cameras.
• For remote video viewing, only allow se-
lected videos to be viewed peer-to-peer. The ideal solution needs to integrate and work with a plethora of VMS, cameras, and cloud platforms, to avoid the “brand lock-in” that many manufacturers force when using their products/service. Choice is key when it comes to building internal best practices that are secure and fit your company’s procedures as well as shortening both cost and time by eliminating the need
to learn new systems and/or software.
This is important when considering a VSaaS provider as well. Once subscribed, it can be difficult to leave. You must assess the cybersecurity carefully before any de- ployment. A “zero trust” cloud solution is
your best choice.
WHAT IS “ZERO TRUST?”
A Zero Trust Cloud Solution encrypts video before it sends it to the Cloud, and it keeps the video files encrypted while in the Cloud as well. If compromised, the video remains protected. The encryption key is controlled at and by the edge. Whom- ever owns the key, owns the videos. It is imperative that the edge (user) treats and shares their key with the utmost sensitivity and care. Not even the manufacturer has access to or can change this key.
The fact that the VMS stays at the edge means all sensitive information remains local. Additionally, having a solution with a health-monitoring tool can provide a few important indexes for remote man- agement, without opening the door of a control tool.
With the ever-increasing need for securi- ty, using the capabilities of the Cloud makes sense for many video surveillance operations. Be sure you have carefully looked into and employed the software, services and compa- nies you can trust, and be willing to bet your business on it, because
that may be exactly what
you’re doing.
Sean Chang is the co-founder, president and CEO of Rasilient Systems.
10
JANUARY/FEBRUARY 2022 | SECURITY TODAY
DATA STORAGE