When we started in 1997, organisations were using analogue technology. The extent to which digital was used was still only for point to point transmission systems, and video quality was limited by the resolution of NTSC or PAL formats. Internet Protocol (IP) technology was still in its early days, yet we had the intuition and vision to recognise the potential.
One of the key insights of Genetec engineers was that we saw packet switch networks would change the network architectures from point-to-point to point-to-multi-point, using multi-cast. This architectural change made redundant network operations centers affordable to a larger segment of the security industry. Analog tape retention periods were measured in hours. Even by stretching the video tape retention period from two hours to eight hours resulted in improved storage needs, the converse effect was greatly reduced video quality. Soon, the oxide on video tape wore away and rendered all recordings unusable. So, the idea of having 30 days’ video retention without complex (over-engineered) mechanical Rube Goldberg tape exchange mechanisms for analog video was very expensive.
IP storage, transport and the cloud
Over the past 20 years, we have been able to realise greater retention periods for captured video data as compression standards evolved from H.261 to today’s H.265 formats. Storage has gone from a handful of days to 30 days, with a new trend emerging of storing data for up to 730 days. This is made easier and more affordable as organisations can now host their data on-premises and are increasingly appreciating the benefits from Cloud and hybrid (on-premises and cloud) storage solutions.
“Of course, increasing the security of edge devices is just part of the solution, and 2017 will see an even greater focus on maintaining the security of physical security systems.”
Genetec will work with both its integrators and customers to raise the awareness of cybersecurity. Ensuring cybersecurity is not simply a camera or sensor device problem; it’s a lot more involved than simply telling the IT department to make sure that devices are properly secured. The responsibility has to be taken by the companies who sell, install and operate the technology. 2017 will be a year of awareness about cyber security and accountability. The burden of responsibility needs to rest with the people who make us think we are secure when in fact we are not.
Cyber hacking has evolved from relatively harmless pranks in the late 90’s and at the turn of the century, to full on cyber-criminality and for-profit hostage schemes, along with state sanctioned spying and cyber espionage. While spying is a recognised practice for most governments, cyber-espionage is being increasingly used to steal economic data and other companies’ intellectual properties (IP), bypassing the requirement of hard work, innovation and research and development.
Cyber threats to security have grown over the years, and the increased inter-connectivity made greatly possible by the internet-of-things (IoT), brought many new sensor hardware devices into the market, often with little or no network protection. Our major concern across the board is cybersecurity and the growing need for cyber insurance protection.
Increasing cybersecurity in 2017
Recent Botnet takeovers and distributed denial-of-service (DDOS) attacks in North America are an indication of just how far cyber-attacks can go. The 2014 cyber-attack on Target, an American retail giant, revealed just how important it is for organisations to pay close attention to the security of their security systems.
In the attack on Target, between 70 to 110 million customers had their payment information exposed through a data breach. During the investigation afterward, it was determined that the hackers first gained entry to the corporation’s system by compromising the access from a 3rd party vendor—the heating and air conditioning (HVAC) contractor.
This highlights the fact that, for many systems, one of the biggest vulnerabilities comes from edge devices. As an open-architecture company, we are fully aware of this vulnerability and work to mitigate and eliminate risk.
Our design philosophy is to ‘Fail secure’. For our part, we continue to make it as difficult as possible for our end-users to misconfigure their systems or leave keys or doors open to cyber-threats. And we believe that it is important to work with technology partners to help point out potential hardware vulnerabilities and to assure that their devices do not become weaponised for botnet takeovers or DDOS.
Security of your security system
Of course, increasing the security of edge devices is just part of the solution, and 2017 will see an even greater focus on maintaining the security of physical security systems. The industry must continue to support organisations in their efforts to stay safe from cyber-threats and attacks by helping them ‘harden’ their systems against unwanted and unauthorised access. To protect data and privacy, we apply many different layers of defense and protection, including encryption, authentication and authorisation. By focusing on hardening the physical security systems we have to be sure that we have three elements: people, processes and systems. We have to make it ‘hard’ for people working within a security network to make mistakes and accidentally or purposefully open a ‘door’ that could be exploited for hacking. Encryptions is only one of the arrows in our tool box to keep the security system safe. Many times, a hacker does not have to break access encryption, they can mimic the process we follow for authorisation and once they have the access credentials, they are in.
Naturally, organisations will continue to use encryption to protect private information and sensitive data as well as enhance the security of communication between client apps and servers. Encrypting data helps ensure that, even if an unauthorised person or entity gains access to a system, the information itself will remain unreadable without the appropriate key.
To keep unauthorised entities from gaining access to a network in the first place, organisations will also continue to employ different forms of authentication, the process of determining if an entity—user, server or client app—is who it claims to be, including username/password combinations, tokens, and certificates that identify trusted 3rd parties.