Which Are More Secure - On-Premise or Cloud Security Cameras?
Most people think their on-premise camera system will be more secure than a cloud-based system, but that is a myth. This is about as wrong as people's idea in the early 1900s that having their own Power Generator would be more reliable than public utilities.
It is wrong because of two important facts people forget:
- Camera video is more valuable when accessed from somewhere else. So it will always technically need to be connected to the cloud to be seen when and from where it is needed.
No system for long can stand as an island for itself anymore.
2. On-premise servers are typically less secure than cloud servers.
Server farms are at highly protected locations with redundant internet and power. They have much better high bandwidth and much stronger physical and cyber security than most businesses can afford.
3. Safety for networks and servers is always changing it requires expensive personnel to keep up with the constant changes and security patches. It has become too hard and expensive to do for yourself. For a commercial cloud operator working for thousands of clients, the cost per user is minimal on your own servers, and the cost to ensure security becomes astronomical.
It's a Fact Many Security Cameras Have Back Doors
Many less expensive brands people find online, especially models that are often sold as DIY CCTY solutions, have known hacks and backdoors that can give hackers quick access to your cameras. A backdoor is a secret password or a key combination that always works.
These are typically hidden additional passwords you can't change. The way you prevent this from happening is by not buying unknown brands off the internet. NDAA-compliant brands are much safer than brands that are not NDAA-compliant and tend not to have this type of risk.
Once cameras are detected they are bots can recognize the brand of the camera and already know most brands' default passwords. One important thing to do is to change the default password on your camera immediately and write these passwords down in a safe place.
But the only way to really be safe when using less expensive cameras is to make sure the camera can not be found and accessed from the outside.
How to Eliminate the Risk of Port Forwarding Your Security Cameras?
One of the best ways to prevent getting hacked is to eliminate any port forwarding on your router. That way, no one that has your IP Address can start to scan all your ports to see what equipment is on these ports and start brute force testing passwords and other known hacks and backdoors for the brands of equipment they detect on your router. However, that also makes it impossible to reach your IP addresses and talk to the IP devices there.
Well, there is a solution. At IPTECHVIEW, we give all devices their own secure tunnel transmission key and code to securely connect and talk to the IPTECHVIEW platform. These devices then connect, identify and register themselves and regularly report so that the platform knows the devices are up and running.
Users that need to connect to the devices then also login securely from allowed IP addresses on devices that are authorized, login, and 2FA (two-factor authentication) to get connected with the devices that they own and have a right to access.
Interestingly enough, this same approach can also be used by bad actors or a manufacturer that places rouge code into cameras to gain access to these cameras. This is one of the reasons to purchase security cameras from reputable sources and brands you trust.
AXIS and MOBOTIX are brands that are certified secure for government and even military usage. At a minimum, businesses should use NDAA-certified brands.
At IPTECHVIEW, all products we integrate natively with are certified and tested in our lab to ensure they do not establish any unauthorized network connections and where we try to find weaknesses. If we find these, we report them to the manufacturer and demand fixing.
Cloud Computing is Generally More Secure Than On-Premise
A cloud-based system that is not secure and has frequent security issues or hacks will go out of business. Professional players in the SaaS (Software as a Service) business model must invest heavily in security.
To build a secure system, it is important to start the project with security in mind. Basically, with the mindset and approach to development called - Security by Design. It is important for the development team to think about all the attack vectors future bad actors may take and to try to prevent them systematically.
But that is only the first phase. The second phase is to use peer review of the code, keep a healthy amount of paranoia and constantly train developers on security issues. And to use external penetration testing, companies regularly and expose the system to different people different technology stacks to try to break security and then build it back stronger.
Security is a never-ending task, and it requires a significant amount of ongoing investment that can only be put into a system that many people use. This is why a commercial cloud-based system has a much better chance of getting adequately funded to pay for ongoing security.