Surveillance data security in the age of GDPR

With the increasing number of devices that are getting connected to each other and collecting information at rapid speed, the world is fast approaching an era where data is critical. Unlike in the past where it remained stored in remote locations and rarely accessed, data is now key to the optimal functioning of applications that have a significant role in the everyday lives of people.

According to Data Age 2025, an IDC report sponsored by Seagate Technology, in the ten years leading up to 2025, the amount of data generated across the globe will grow 10-fold to 163 zettabytes. Almost 20 percent of this data will be critical. 10 percent will be hypercritical. An average person anywhere in the world is expected to interact with a connected device every 18 seconds by this time, making the resulting big data and metadata generated influence almost every aspect of their life.

While this is definitely going to improve the efficiency of machines and advance the quality of life, it also opens a Pandora’s box of security concerns. As it is, there is an alarming gap between the data that is generated worldwide and the data that is secure. The IDC Data Age 2025 report points out that by 2025, nearly 90 percent of the data produced will need to be protected but only less than half of this will actually be secure.

The costly affair of data breaches and the surveillance industry

Data can be classified into various categories based on their importance. How critical the data stored will decide the cost that would arise if breached. According to a study conducted by Ponemon Institute with over 400 organizations from across the globe, despite a downtick in the costs of breaches in 2017, unauthorized access incidents were at a larger scale compared to the previous year.

The costs of breaches are only going to get higher from here, as the EU begins stringent enforcement of the recently rolled out General Data Protection Regulation (GDPR). Under this, companies could be fined up to four percent of their annual turnover if a breach unveils that sufficient security and technical safeguards and processes were not implemented within the company.

As with several other industries, data security is critical in the surveillance sector as well. According to Dave Seesdorf, Principle Product Manager of Security Products at Seagate Technology, surveillance data could contain facial recognition data which is considered personal data by the EU and may require additional protections by the GDPR.

“Additionally, there are going to be many high-end segments such as government, state and local jurisdictions where surveillance data could be sensitive and/or be required as evidence in legal proceedings,” Seesdorf said. “Data at rest is very important since the data resides on a drive in bulk and could potentially be stolen or tampered with.”

Protecting data at rest could, in fact, prove crucial in ensuring comprehensive security. Danny Lim, Head of Global Surveillance Presales for the Video Surveillance Segment at Seagate Technology, expanded further on this.

“Given the recent incidents that occurred on many surveillance manufacturers, data security/cybersecurity is becoming more critical,” Lim said. “However, in the video surveillance industry, most of the emphasis currently is putting on data in motion and in transit and we believe ‘data at rest’ would be equally important. All data would be eventually stored in storage and in HDD as a key medium, so we see great importance to secure and hardened the storage solutions.”

Brandon Gregg, Head of Global Trust and Security at Seagate Technology, added that DVR and NVR security systems are targeted primarily for malware and botnets due to their current lax security, but other concerns include user privacy, blackmail and the release of very private data much like the iCloud hacking incident many celebrities experienced with the release of private photos.

Data security when video surveillance meets IoT

Just as other industries that are vulnerable to breach threats, the video surveillance industry too is built on consumer electronics processors. This is becoming all the more relevant in the current scenario where malware and intrusion attempts are made on devices that are part of the Internet of Things (IoT).

Data, especially personal data, has become an extremely critical factor in surveillance in the age of GDPR. Any intrusion that would expose confidential information could cost companies dearly. In this context, data hardening has a key role to play in video surveillance. “AI is transforming video into structured data, which is increasing the value of video surveillance but also the importance of protecting its safety,” said Zhang Junchang, Director of Cybersecurity Product Line of Dahua Technology. “IoT is evolving rapidly. It is creating an inter-connected world where the safety of data is becoming a lifeline to enterprises and customers.”

Other industry experts agree. Jean-Philippe Deby, Business Development Director for Europe at Genetec, said that factors such as password protections and records of who is accessing what is all important to maintaining the security of data. All this is going to be critical for organizations in ensuring that they don’t end up with their data breached and, which, in turn, could cost them dearly in the age of GDPR.