Video surveillance data is increasingly connected across local and global networks. An ever increasing number of network cameras send their data to servers over the Internet, where digital intruders and hackers loom. As a consequence, the focus of data security has long shifted from the physical level into the digital domain, where damage can be infinitely more extensive and harder to trace. Unauthorized access to sensitive data, once a matter of breaking into a safe or physically stealing a security device, now means entering or attacking a networked infrastructure on the web or in the cloud. For most organizations, the question of security breaches has shifted from whether it will happen to when it will happen.
Ensuring data security in a hyper-connected world
Video surveillance data is increasingly connected across local and global networks. An ever increasing number of network cameras send their data to servers over the Internet, where digital intruders and hackers loom. As a consequence, the focus of data security has long shifted from the physical level into the digital domain, where damage can be infinitely more extensive and harder to trace. Unauthorized access to sensitive data, once a matter of breaking into a safe or physically stealing a security device, now means entering or attacking a networked infrastructure on the web or in the cloud. For most organizations, the question of security breaches has shifted from whether it will happen to when it will happen.
What does it take to safeguard video surveillance data?
A 360-degree view of data security. Covering the entire security network including cameras, servers, clients, storage devices, network protocols, and standard key infrastructures. Focusing on only one element, for example cameras, would be insufficient. Our systematic approach is the key to achieving the highest standards in end-to-end data security. For many years, we have been at the forefront of surveillance data security with a four-step approach:
1. Create trust. In the first step, Bosch not only considers the safety of the cameras but the entire infrastructure — as one single weak link is enough for hackers to gain access. Trustworthy communications between cameras and network components are ensured by assigning each element an authentication key. This electronic signature serves to verify all components — from Bosch cameras to the video management system (VMS) or viewing client. Bosch devices support authentication based on user name and password (IEEE 802.1x). In addition to IEEE 802.1x., extensible authentication protocol, EAP-TLS can be used, which secures the entire authentication process.
2. Secure data. When it comes to safeguarding surveillance data, encryption of data streams and stored data is paramount. Bosch already implements encryption at the hardware level: all Bosch IP-cameras and recording solutions are factory-loaded with a trusted platform module (TPM), using a cryptographic key for protecting all recorded data. Even in the event of a data breach, the information would be useless to hackers without Bosch’s proprietary hardware key. Once the data reaches the VMS or viewing client, the cryptographic key helps decrypt the data and also verifies the camera as an authenticated network partner.
3. Manage user access rights. Video surveillance data can range from merely sensitive to top secret. But even networks with trusted devices and secure data transfer can fall victim to human error. That’s why video systems made by Bosch offer management options for individual user access rights and support existing industry standards such as Microsoft Active Directory.
2
4. Meet industry standards. In a world where almost everything is connected, data security becomes a community effort. Our video surveillance solutions comply with leading industry standards in public key infrastructure (PKI) for the management of digital encryption certificates (see 2.). Bosch offers its own PKI solutions with in-house certification authority (CA) Escrypt and also supports third-party PKI solutions by companies such as SecureXperts.
So what does this end-to-end approach mean for end users? With Bosch’s integrated data security backbone, our clients can enjoy the peace of mind that comes with knowing their data is protected. And from an installation and maintenance standpoint, they also enjoy the quick set-up and seamless scalability that comes from working with a single provider as the go-to partner for one-stop security solutions.
END-TO-END DATA SAFETY:
Bosch’s systematic approach seamlessly covers all major elements of video surveillance infrastructure, including:
A.) Camera
B.) Servers, clients and storage devices
C.) Network protocols
D.) Certificates
A. Cameras (edge components).
Access protection via passwords and user management; authentication as trusted devices on network (via certificates); encrypted data (via certificates) transfer to core components
B. Servers, clients, and storage devices (core components).
Authentication as trusted device and “video authentication” to check validity of live and recorded video. Encryption of data.
C. Communication: network protocols.
Encryption and data transfer in line with industry standard communication protocols
D. Security infrastructure: certificates.
Support standard key infrastructures — e.g., public key infrastructure — by offering hardware, software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.