6 Questions to Ask that can Strengthen Cybersecurity for Your Camera System

How secure is the cloud?

Without the cloud, many of the primary advantages of our OpenEye Web Services (OWS) system would either be impossible or too expensive and not even available for customers to utilize. As with anything in the cloud, however, these advantages also bring a more challenging security landscape than their less featured and costly non-cloud equivalents. But if we focus on these challenges and make security our top priority, we believe we can offer the best ultimate solution, which addresses these challenges. Consider this analogy: We accept the risks of driving when we go the store to buy groceries. However, there are factors that can affect the safety of that trip, such as vehicle design, driving habits or the road system between us and the store. We may not be able to affect the safety of the road system directly, but we can obtain a safe car and maneuver in a way that maximizes our security when we drive. 

OWS offers multi-factor authentication, end-to-end communications encryption, single sign-on to access remote clients, no open inbound ports and automated software updates, among other measures to strengthen cybersecurity. 

What is the importance of SAST and DAST testing?

Security includes many overlapping layers. One also has to consider the future impact of a change that may appear small. Something in isolation that could be minor could be major when combined with something else. Testing helps with that.

Static application security testing (SAST) looks at code and dependencies. You’re looking for issues before they reach the actual environment, so that any flaws are found and fixed before moving to the next stage. Automated testing also includes dynamic application security testing (DAST) in-house, using industry accepted tools and services designed for this purpose.

Both types of testing are important because you’re trying to find issues before anyone sees them. In the case of dynamic, you’re also looking for something all the time, even in what you believe is a secure environment, just to be sure. OpenEye performs both on OWS software.

What is penetration testing?

In penetration testing, you attempt to look for active issues or vulnerabilities and potential flaws in a system. OpenEye typically has a third party perform this testing of OWS.

Testers will look for dependencies and whether there are weaknesses that can be exploited, or whether a hacker could use something as a gateway into something more critical. The testing agency attempts to cause errors that could be exploitable.

There’s a whole number of things that they do, and we rely on experts in the field for this type of testing.

What are the components of an incident response process?

A security incident response process outlines how a software provider handles an incident. There are different aspects to the response. Initially, you want to respond and fix the problem quickly, then communicate to all parties who need to know. You have to collect data and evaluate what went wrong, the true scope of the issue, and how the issue can be prevented in the future. Any compliance issues should also be considered and addressed.

It’s important to get it right because a software provider wants to be able to respond quickly and effectively. They need to know the scope of what’s going on and communicate it to the proper levels of the chain, including the customer.

Learning from an incident and fixing anything that is wrong are essential. There needs to be oversight to make sure that the problem is remediated and is known appropriately for the ultimate benefit of everyone involved in or using the program or platform.

What is the importance of a solid password policy?

OWS has a system that can enforce password policies, such as the frequency of rotating a password, the complexity of the password and its length. OWS account administrators can customize their policy. We provide the template, and they can make their own informed decision about how to set their password rules.

Read more on defining and strengthening passwords here.

How can businesses harden their cybersecurity?

There are a number of things a business could do to harden the security of their video surveillance systems. The first is to strengthen the network by securing the gateway, isolating the camera network and auditing devices to make sure software is up to date. Consider choosing cameras that are vandal resistant and installing them out of reach. If using on-premise recorders, place them in a secure environment, change any default passwords, avoid adding local user accounts and keep software current. See our Cybersecurity Hardening Guide for more.