Eye on hosted video: The top 10 myths of hosted video

Think it's unsafe or not for you? Think again

[Editor's note: Fredrik Nilsson introduces this article series and discusses overall trends in hosted video in this SIW TV video interview from March 2011.]

Back in the early 2000s, IP video was the new kid on the surveillance block. Even though the first network camera was invented in 1996, its performance wasn't immediately suitable for security applications (See December 2011 SD&I magazine, on the "Past, Present and Future of Network Video.") It wasn't until about 2003 that we saw large-scale IP surveillance implementations, the majority of which involved a heavy dose of encoders. The buzz around IP video was growing, but there was a lot of concern from analog users. This motivated me to write a whitepaper on the "Top 10 Myths About Network Video."

When I look back at some of those IP myths, they seem almost laughable-like the myth about image quality not being as good as analog, or the myth that IP "wasn't ready" for enterprise applications. Would you believe that I heard these very same myths at ASIS 2010? I did. Except this time, the difference centered around myths associated with hosted video.

It's eerie how similar today's skepticism about hosted video is to past concerns about network video. With millions and millions of network cameras and encoders installed in security systems around the globe, we seem to have debunked those original IP myths. In 2011, we can do the same with the top 10 myths of hosted video presented here.

MYTH #1: Software-as-a-Service technology is not mature enough for physical security

In simple terms, Software-as-a-Service (SaaS) is a distribution model where a service provider or vendor offers a product to its customers over a connected network, which in most cases is the Internet. How many services do you use in your professional and personal lives that fall into this category? Do you bank online? Do you use Gmail or Yahoo! mail? Do you use a third-party CRM system? How about your HR services? Do you stream movies to your TV at home? These are only a handful of cloud-based applications that consumers and companies use regularly today.

Today, the biggest IT companies in the world, such as Amazon, EMC, HP, Google and Microsoft have firmly planted their flag in the cloud. Specifically, storage providers are forever searching for new opportunities with storage-intensive applications and there's no bigger storage opportunity than video.

Today there are numerous SaaS regulation and legislation guidelines that companies must follow to retain data integrity. The buzz around hosted services and the cloud in the physical security industry is similar to what the IT industry experienced five years ago. This IT buzz quickly translated into mass adoption thanks to cost savings and operational efficiencies offered by the cloud and soon the same will happen in physical security.

MYTH #2: Hosted video solutions are not secure enough for physical security

If you're using any of those services above, chances are that you're sending much more critical data over the cloud than you realize. If we trust our money and social security numbers in the cloud, why wouldn't we trust our video data? Since an IP-based security device is essentially another node on the network, it should have all the same multi-level passwords, SSL encryption, VPNs and firewalls protecting it.

On top of the camera itself, hosted technology in physical security also improved to protect your video. Safeguards are in place so that once you instruct a camera to connect to a specific hosting provider's cloud, it will only ever communicate with that server unless given a new authentication code and physically reset on the camera itself. Additionally, certain compliance regulations should be met by hosting providers to offer video-as-a-service, including SAS 70, RSA Encryption and ISO 27001-compliance. Even the current Presidential administration has jumped in to outline cloud computing regulations in the Federal Risk and Authorization Management Program (FedRAMP). If the hosting provider does not have SAS 70 coverage or ISO certification -- as there is a cost to maintain these certifications -- then the end user should ensure that the cloud operation is following all the best practices regarding logical security and inquire about the provider's internal auditing procedures.

This content continues onto the next page...