Cloud-Based Security Brings New Advantages and Risks

Aug. 13, 2021
Video surveillance functionality benefits from cloud options but also proves vulnerable

When people think of video surveillance, they generally think of security cameras located in retail stores, hospitals, or even street corners. But the truth is that video surveillance is used for more than just security—and the rise of the cloud has made it more useful than ever. In fact, there’s a good chance you’ve used it yourself, even in your personal life. Has a friend ever sent you a link to watch an eagle and its babies nesting on an ocean cliff or an adorable group of otters playing in a zoo hundred (or even thousands) miles away? If so, chances are you’ve likely experienced the convenience of cloud technology for video surveillance.

In the past, cloud video was not meant to be consumed by a wide audience, but conveniences and economies of scale have broadened its appeal. Security isn’t the only reason to deploy surveillance cameras, but it is a major one. Whether those cameras are located in a factory, police station, or public park, keeping the images they record private is important. The cloud has the ability to transform video surveillance, presenting opportunities for efficient hybrid computing models and new analytics capabilities. But recent events have highlighted significant security concerns. And while today’s cloud-based surveillance tools provide users with both added convenience and increased functionality, putting adequate protections in place to ensure that those tools cannot be accessed by unauthorized third parties is increasingly essential. 

The Rise of Cloud-Based Security Solutions

Security systems have come a long way since the days of analog cameras and banks of wall monitors. In those days, video surveillance was useful primarily as a reactive technology: after an incident, video could be reviewed for evidence. The only option for real-time monitoring was to have security personnel keep a watchful eye on the camera feeds, a solution that was ultimately not scalable. Human beings are fallible: they overlook things, their attention wanders, and, more importantly, they can only monitor so many things at a time.

This changed with the invention (and continued improvement) of internet protocol (IP) cameras. Today’s cameras and sensors can be equipped with analytics capable of automatically detecting certain security incidents, such as individuals present in off-limits or after-hours areas, aggressive or violent behavior, and even things like proper mask usage amid a global pandemic. Instead of an individual monitoring every feed, these cameras can be trained to automatically detect these and other potential incidents thanks to advances in artificial intelligence and machine learning technology. Instead of being reactive, this transformed the technology in a proactive one, decreasing response times and often giving security personnel the chance to intervene and defuse a potentially dangerous situation before it could arise.

The rise of the cloud has made these solutions more effective than ever. Any video surveillance system can be divided into components that include cameras to capture and stream IP video, a rule engine, video storage, and a user interface to manage the system, view live video, and access recorded video. Aside from the physical cameras and sensors, any of these components can live in the cloud, usually providing some combination of remote viewing functionality, remote system monitoring, storage, and analytics. Cloud functionality has placed significantly greater processing power in the hands of customers, who are no longer limited by local hardware.

Understanding the Benefits of the Cloud—and the Risks

The ability to remotely view cameras in a system from across the internet via standard devices like smartphones, tablets and laptops, and to receive alarms and alerts from those cameras when certain pre-defined conditions are met, is extremely valuable. So, too, is the ability to perform remote system maintenance, making the process of pushing firmware updates, installing patches, and configuring new devices and tools more straightforward. Cloud storage of audio/video footage and metadata is also valuable, as are the analytics enabled by the increased processing power available in the cloud or at the edge. The combination of the cloud and increased processing power at the network edge can allow users to operate more efficiently and near to real-time. At the edge, analytics can leverage data on the device and deliver custom alerts based on analysis while sending only specific metadata to the cloud for other sorts of analysis or storage--thereby reducing bandwidth and latency. This type of “hybrid” deployment, utilizing the cloud alongside powerful edge devices, is becoming increasingly more common.

The combination of cloud and edge technology has the potential to revolutionize video surveillance by making analytics more useful, scalable and effective. The advent of high-resolution, high-quality cameras-- combined with onboard video processing and the ability to further analyze metadata in the cloud for more thorough analysis--has allowed analytics to flourish. Today’s cameras can tell the difference between a trespasser and a deer, identify potentially dangerous temperature fluctuations at a chemical plant, or know when to pan, tilt, and zoom in on the license plate of a suspicious vehicle. Metadata from these videos can be stored in the cloud, where it is classified and categorized for use in future data sets, further refining the system over time.

Of course, there are always other factors that users should consider when looking into cloud technology options. Primary storage in the cloud can come at a significant cost—both from a storage perspective and a bandwidth perspective—and a consistent and reliable internet connection is needed. Because of this, many users find that the edge continues to be a more reliable storage location but cloud redundancy storage is an important option to consider as well. Having a secondary storage location in the cloud can guarantee that video is available even if an issue prevents the user from accessing the video via edge storage. Users should also note that it is not always clear where the device owner’s cybersecurity responsibilities end and the cloud providers begin, which can lead to misconfigurations and other potential security gaps for attackers to exploit. Understanding this problem is the first step toward solving it.

Simply by virtue of being on the internet, a cloud-based system tends to be more exposed than an on-site system, but both have their risks. Identifying the right tools and resources to keep a cloud system protected is essential, but it is also worth noting that cloud systems have the advantage of being more easily updated, especially with third-party security tools in place. Fixes distributed by the service provider can be quickly and easily distributed across a cloud network, as opposed to on-site installations where customers are often required to manage potentially thousands of devices. These devices can go long periods between manual updates, leaving them dangerously exposed. That said, cloud providers can offer a degree of resiliency and redundancy that on-site solutions cannot, and users generally appreciate knowing that their cloud system is always up to date, with maintenance and updates regularly performed by the service provider. In fact, many users believe that the cloud is ultimately the safer option; it simply depends on both the reliability of the cloud provider and the end customer’s ability to secure their system.

Properly secured, a cloud system augmented by powerful edge devices can provide benefits that go far beyond “traditional” security. Certainly, these devices can be trained to capture license plates, listen for breaking glass, and monitor for shoplifters, but they also have specific uses within many different verticals. Retailers might deploy analytics to detect empty shelves and generate out-of-stock alerts. Industrial manufacturers might use their cameras with analytics to monitor the assembly line and proactively identify equipment malfunctions or problems in the production process.  Hospitals can train them to detect proper PPE usage or to track the movements of patients considered fall risks. Clearly, it’s difficult to overstate the potential that exists for analytics operating within a hybrid system. Advancements in application development, training data, and use cases are providing real value to users in the form of greater situational awareness, proactive response, and usable business intelligence.

The Dos and Don’ts of Cloud-Based Security

Understanding how to securely build a cloud-based security system starts with identifying specific needs. There are countless potential combinations of cloud, edge, and on-premises technology available to customers, and the specific build will likely depend on each customer’s specific needs, as well as factors such as their existing infrastructure, regulatory compliance, and cybersecurity needs. Cloud technology is often plug-and-play, but that doesn’t mean it is one-size-fits-all. Both solution providers and the end-user need a thorough understanding of their needs and goals before the right technology can be decided upon. Integrators play an important role here, working as an intermediary to both educate customers and convey their needs to manufacturers.  

First, it’s important to understand the customer’s pain points and challenges. What are we trying to solve? Then it’s important to ask the right questions. What technologies can we leverage and how will they interface with third-party systems and other applications?   What security gaps will they present? “Zero trust” is crucial throughout the process. For example, investigating whether a developer’s app has proper cybersecurity protections in place, or if there are administrative backdoors included with access to customer data, is essential. Was the application’s authentication method developed in accordance with industry best practices? Can they demonstrate proof of their cybersecurity qualifications? Recent incidents where developers neglected to close backdoor access highlight the potential danger that poorly secured applications and other software can pose—so asking specific questions is important. Cybersecurity compliance is in the spotlight today, and failure to properly account for potential dangers can not only put the system at risk but put attract the attention of regulators.

Security models and best practices are important to consider in general, and it is important to consider only products that are designed with security in mind — both on the hardware side and the software side. The security industry has moved progressively closer to a “zero trust” model in which entities connecting to the network are not trusted by default and must instead prove their identity on a consistent basis. Choosing products that are consistent and compatible with this type of identity-based security protocol is essential, particularly as remote work becomes increasingly common. With users accessing camera feeds and other resources from a wide range of locations, the ability to prove that those users are who they claim to be is a crucial part of preventing a major incident.

There is a wide range of steps that users can take to ensure this level of security throughout their supply chain. Some companies may only wish to work with manufacturers that develop software with security built-in throughout the development lifecycle, from initial conception to design, implementation, verification, and deployment. Integrators often play a role in helping customers find the right manufacturer for their needs, pointing them toward those known to apply cybersecurity best practices. In short, customers who arm themselves with information will put themselves in the best position to effectively mitigate today’s most pressing threats, keeping their cloud solutions as secure as possible.

What Is Next for Cloud Technology?

As deployments become more complex, adding more devices, integrating with other systems and taking advantage of hybrid models, they come with certain cybersecurity risks. However, the benefits of combining all of these tools in our toolbox more than justify these new innovative models. What’s more, today’s businesses have a growing number of security resources available to help them secure their cloud deployments, mitigating the potential risks involved. The power of the cloud when it comes to scalable video processing, storage and management is helping to open new doors for businesses looking to deploy advanced analytics for security, operations, and business intelligence purposes. What’s more, today’s surveillance devices with powerful processing at the edge can be deployed not just for purposes like loss prevention, but to identify opportunities to improve efficiency and better inform business decisions.

With that in mind, embracing the cloud as a part of any model must be done with a full understanding of both the benefits and the risks. Identifying potential security gaps and misconfigurations is essential, as is having a plan in place to mitigate them. The world has now seen what can happen when cloud assets are not adequately secured, driving home the fact that customers must ask these questions not just to themselves, but to their technology partners as well. The ability to remotely view camera feeds, install advanced new analytics, and seamlessly update and patch vulnerable systems has proven invaluable, but mitigating the risks involved in cloud technology is a critical first step that today’s businesses must take.

About the author: Ryan Gregory is the Director, Solutions and Services for Axis Communications