by Jeff Doak, President i2c Technologies
Cloud-based video surveillance (video stored on an Internet based server) has become a popular alternative to local storage of video on local DVR/NVR systems. While this is convenient and makes remote access much easier, cyber security threats make cloud-based solutions a bad idea for critical video surveillance applications.
A Background in Both IT Cloud-Based Systems and IP Video Surveillance
I have a somewhat unique perspective on this topic. I was the CIO of a nationwide medical equipment service company from 1998 to 2005. We created one of the first cloud-based solutions for tracking equipment service using a central web-based server to capture service data from hospitals across the United States. I then founded i2c Technologies, which has been operating since 2005. We were one of the first companies to use IP-based cameras exclusively for camera installations in the Midwest. So, my background is in both IT Cloud-Based Systems and IP Video Surveillance.
The Major Problem: Surveillance Video Storage in “The Cloud”
The major problem with keeping your video on the “cloud” is that your video is stored on the same sites as hundreds of other companies. Let’s use body cameras as an example. These portable body worn cameras have become very popular for law enforcement. The video and audio are captured in the field by officers, then the camera uploads its captured video to the cloud. The stored video is then accessible through a secure website login. This is convenient for easy access by authorized users and is much easier for the IT Department to set up. No local servers to maintain or firewalls to protect. The problem is that this convenience comes at a very high risk.
There are some very skilled hackers that work for themselves or even foreign governments. Ransomware is where one of these hackers gain access to your stored data, download the contents and then blackmail the owner to pay or have their data made public.
Body Cam Video Hackers
Body camera video is a prime target. Imagine a hacker gaining access to footage from hundreds or even thousands of police departments. The hacker could then demand payment with the threat of releasing sensitive video footage. With all the systems concentrated on a few platforms, this could generate millions of dollars in ransom, putting city officials in a very difficult position. The point is that these online companies are huge targets for hackers.
The companies offering this service will give assurances that their data is secure. However, even the most secure facilities are not 100% secure. The Log4J Hack is a great example of how even very high-power systems are vulnerable.
Cloud-based recurring revenue is very attractive to these business owners and investors love recurring revenue models, so it is easy to understand why they want to sell these services. However, the benefits to the customer could be far more costly than ever anticipated.