White Paper
Blog
On-Demand Webinar
Grow your business
Join our partner network
Become a technology partner
Learn why cybersecurity and the software development life cycle are such an integral part of video surveillance platforms.
Cybersecurity is a critical part of the software development life cycle, and its implementation should begin at the very inception of the product.
When first developing software, a business should consider cybersecurity from every angle. Practically, this means the product’s architecture should be inherently secure from the beginning of the design phase. Trust boundaries need to be mapped, with engineers looking for places where there could be potential issues. Then, the product should be reviewed by security-focused personnel and senior engineers. An architecture that’s more complicated than it needs to be could create a security issue if one aspect isn’t implemented just right.
The OpenEye Web Services (OWS) cloud-managed video platform, throughout its software development life cycle (SDLC), approaches cybersecurity as a foundational aspect of building its product. “Right out of the gate, OpenEye has a pretty heavyweight approach for security because if you don’t get the foundation right, the software or system can be vulnerable in spite of the best implementation later on,” says Jake Sink, OpenEye’s Principal Software Architect.
Prioritization of security when developing software for video surveillance platforms is critical, something reflected in the makeup of OWS. Below, we’ll cover why cybersecurity is so vital, the best practices for those building the software, as well as how users can maintain their system for optimal security.
Best practices for software system design were introduced in the 1970s. According to SAFECode’s Fundamental Practices for Secure Software Development, best practices include:
1. Keeping the system’s design as simple as possible
2. Programs and users operate using the least set of privileges necessary
3. Human interface designed for ease of use
4. Record compromises of information
Additional principles have been added such as “defense in depth,” in which a system is designed so it can resist attack if a single vulnerability is compromised, and “design for updating,” where designers plan for future security updates. In addition, the paper recommends having an encryption strategy, standardizing identity and access management, and rigorous testing, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and penetration testing.
The U.S. National Institute of Standards and Technology (NIST) recommends a Secure Software Development Framework (SSDF), a set of secure software development practices; “Following the SSDF practices should help software producers reduce the number of vulnerabilities in released software, reduce the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent recurrences.”
OpenEye has processes in place to ensure a secure architecture, including testing and reviews by subject matter experts, quality assurance personnel, and developers. As we test our platform and begin the software lifecycle, it’s crucial to consider the security of how the software operates, whether in the cloud or on a device, asking ourselves questions such as:
The next layer is the coding process, the step in the lifecycle which includes an analysis of the code and peer reviews. Developers should use common patterns that can easily be scanned and evaluated for errors.
When ensuring a platform is as secure as possible, Jake Sink says, “People aren’t perfect, and even your best engineer could make a mistake one day…We want to build in the fail safes to prevent that kind of thing from being possible to manifest as a security issue.”
The integrity of the code running on the OpenEye Web Services platform also must be evaluated. There are checks and balances and a process in place to ensure testing happens throughout development. Automation at some of those checkpoints ensures consistency. OpenEye performs SAST, DAST, penetration, and other testing throughout the development cycle.
“Whether developing a new feature or making a change to the software, we look at things from inception, with as much depth as possible. Then we look at implementation and make sure that it is secure, using both human and machine learning. We perform a static analysis and then finally ensure the integrity of the software being released,” said Sink.
When a project is complete, a postmortem discussion can help provide feedback and lead to adjustments for the future.
For end users operating OpenEye Web Services on a daily basis, our platform features a variety of features to keep your video and data secure.
User activity can be audited to get a clearer picture of who is using your system. It’s easy to see which systems users are accessing and what clients they are using, as well as the ability to implement “least privilege” for their own security and compliance requirements, through robust and fine-grained role-based access control (RBAC) features.
OWS simplifies the process of resetting lost passwords, lessening the burden on IT and reducing the likelihood of shared user credentials.
Administrators are notified when updates are available and can initiate them with the simple click of a button, helping limit the likelihood of vulnerabilities being left unpatched.
A Cross-Site Request Forgery attack forces users to execute an unwanted action on a site they’re currently authenticated with. This is typically accomplished by tricking the user into clicking a decoy link or logging in to a fake version of a legitimate website. To prevent this, OpenEye has implemented CSRF protection techniques similar to those implemented by banks and stock traders that require a high degree of online security.
All video exported from OpenEye Web Services includes a Digital Signature to authenticate the image or video file and proves that it has not been altered.
OpenEye Web Services supports the use of network proxy services to securely aggregate HTTP communication in corporate environments. OWS requires an HTTP 1.1 compliant proxy and can accommodate null or basic authentication. Relayed connections will route all video traffic through the proxy host, while a peer-to-peer negotiated connection will deliver video directly from the recorder to the client, and control messages will remain routed through the proxy.
Multi-factor authentication requires more than one independent form of credential to verify the user’s identity. OpenEye Web Services (OWS) uses multi-factor authentication to ensure that unauthorized parties are unable to gain access to user accounts.
Processes compliant with the National Institute of Standards and Technology (NIST) protect users’ passwords from hacking attempts. These processes encrypt stored passwords, making them practically unusable, even in the event of a server breach. The NIST reviews these processes on a semiannual basis to look at conformance and assess new methodologies.
Proper user authentication and a successful TLS handshake will establish what is known as an Outbound Trusted Connection (OTC). With an OTC, a recorder will only communicate with and respond to verified clients. This OTC methodology also enables WAN client connections without permanently opening an inbound port on the network’s firewall. The result is tighter network security and does not require specialized IT configuration at individual sites.
Single sign-on in OpenEye Web Services allows users to access remote clients and reduce the potential for rogue remote clients with manually entering IP and port information.
With these cybersecurity best practices in place, OWS users can rest assured that their video surveillance system is protected.
To see these features in action, as well as OpenEye’s smart video security tools, book a demo with us today to experience firsthand the power of OpenEye Web Services.
Share it on:
Learn more about the distinct advantages a cloud VSaaS platform brings to business security and workplace efficiency.
1 min read
Learn more about how adopting a cloud-managed video surveillance platform for your local government institution not only enhances security but also improves efficiency.
Find out how adoption of cloud surveillance and department collaboration can drive innovation while ensuring security data is protected.
10 min read
This website uses essential cookies for the operation and security of the website and uses other cookies to improve functionality and the user experience. You may select your choice of cookies to allow on our website below.
These cookies are strictly necessary to provide you with the services available through our website, including the use of certain features like secure access to password-protected accounts. This category of cookies cannot be disabled.
Analytics Cookies
These cookies are used to enhance the performance and functionality of the website, but they are non-essential to your use of the website. However, without these cookies certain functionality may be unavailable to you. These cookies may collect information that help us understand usage of our website to measure and improve performance of our website.
Analytics/Tracking Cookies
These cookies are used to make advertising messages more relevant to you. These cookies may also collect information about which pages you visit on our website and if you are accessing the website from clicking on advertising on another site or social network. These cookies allow us to evaluate the effectiveness of our marketing campaigns and our website.
