Securing surveillance data, the Seagate way

Securing surveillance data, the Seagate way
As video surveillance installations become increasingly sophisticated with high-end cameras that deliver ultra high-quality footages and data, there is a need for advanced storage systems. This is even more crucial as security of data becomes important.

Software-based data protection systems have helped security administrators protect their data to a large extent but, given the current scale of security threats and their sophistication, a more robust approach has become necessary. This is where Seagate Technology’s hardware-based solution, with a range of features including self-encrypting drives, become relevant. In fact, the importance of data security has prompted Seagate to develop Seagate Secure, a collection of security features integrated in its enterprise drives fleet.

According to Dave Seesdorf, Principle Product Manager of Security Products at Seagate Technology, there are a number of points at which data can be accessed by hackers, beginning from cameras, the wires, and even disposed drives in which data is not encrypted. In this respect, a comprehensive surveillance solution would include hardware and data trust model where the camera encrypts, camera hardware that is trusted, an NVR/DVR system that uses encrypted drives, and disposal using instant secure erase (ISE).

“This would protect from theft of data from the camera to the NVR, stolen drives, lost or misplaced drives and systems at disposal, or data that was not completely erased and breached at the end of life,” Seesdorf said. 
Dave Seesdorf,
Principle Product Manager,
Security Products,
Seagate Technology

Best practices to mitigate data security threats

To ensure comprehensive end-to-end protection for surveillance data, every process needs to be taken into consideration. Danny Lim, Head of Global Surveillance Presales for the Video Surveillance Segment at Seagate Technology, pointed out that this included making sure the HDD firmware is not tampered with, using encryption at the camera and on storage media, and having a data retirement strategy before upgrading to new systems. Self-encrypting drives are also 30 percent faster than software encryption, is always on, cost-effective, and is a lifecycle solution.

“Best practices would be encrypting data at the camera all the way through where it is stored at rest in the NVR and subsequently the cloud, server or data center,” Lim said. “We suggest encrypting data at rest with access controls (password) to prevent unauthorized access of the data or tampering.”

Before Deployment

Security of surveillance data extends from design to disposal. To this end, Seagate makes sure it locks down firmware to prevent unauthorized access to the drive, allowing customers to receive products that are authentic and not tampered with. Moreover, features such as secure boot ensure only the latest firmware is on the drive when booted.

This is made available through Seagate Secure Download & Diagnostics (SD&D)—a standard feature on every HDD. SD&D prevents unauthorized access to a drive’s firmware and blocks tampering with firmware executables and sensitive system-level data.

To break it down into simple terms, Seagate begins with a design process that involves a workforce that’s vetted by the company. The company further makes sure that the components required to implement the design are sourced from trusted suppliers. To this end, it complies with the Open Trusted Technology Provider Standard (O-TTPS) which is the ISO 20243 Standard.

Manufacturing happens in secure facilities and finished products get delivered through trusted vendors. What all this means is that Seagate goes to great lengths to prevent an intrusion that can lead to data theft while the drive is deployed.

During deployment

This is where Seagate’s technological expertise actually becomes evident. With the Seagate Secure ecosystem in place, the company offers a set of features classified under Essential and Certified. The Essential includes critical data protection features that are necessary for most requirements, while the Certified refers to compliance with standards such as FIPS 140-2, Common Criteria and Trade Agreement Act (TAA). Adherence to these standards makes Seagate drives ideal for governments as well as customers handling high-security data.

Seesdorf pointed out that concerns at this stage come down to two issues, preventing unauthorized access and protecting data through encryption. The company’s self-encrypting drives, which make use of AES 256 standards with hardware root key, provide strong hardware-based protection against data theft. Once deployed, Seagate continues to provide support to customers through digitally signed firmware and rogue-firmware detection, blocking cross-segment downloads, locked diagnostic ports and a secure boot process.

“Seagate’s encrypted drives deployed in an recording server, storage, NVR or DVR environment) ensures that only authorized users with access credentials can access data in a system and ensures that data at rest is encrypted and cannot be accessed unless proper credentials are presented,” Seesdorf added.

Drive retirement

Inevitably, a drive that has reached the end of its lifecycle needs to be replaced. But doing this without careful consideration of the data that was once stored in it could lead to unwanted access to the information. Seagate’s Instant Secure Erase allows administrators to easily replace encryption keys on any device, allowing the data to be deleted cryptographically. This feature complies with the internationally sanctioned media sanitization standards of NIST 800-88 and ISO 27040.

Supporting SIs as GDPR kicks in

As systems integrators (SI) take their projects into the GDPR era, ensuring data security is clearly going to be a much-debated topic. Partnering with Seagate will reduce their concerns considerably as the company’s hardware-based encryption systems and a host of other security features would ensure the protection of data at rest. That Seagate works closely with the leaders in security industry like Hikvision Digital Technology and Dahua Technology only makes it all-the-more convenient for SIs to ensure seamless integration of devices in their installation.
Share to:
Comments ( 0 )