[IPVM note: This comment originally came from the Hikvision hacking legal disclaimer article and is being re-posted here to highlight and encourage more discussion.]
As a business, we survive on cash flow. Many of our SMB customers are in the same position as we are. They need to optimize cash flow. Last week we finished a $20,000 project. Our competitor who was selling Axis cameras and Exacq came in at $36,000. We used Hikvision NVRs and Cameras on their small business campus. This customer needed a cost effect solution that worked to monitor potential workers compensation problems. They did not have the money to spend on a higher end solution. They understood the potential issues with installing hikvision and accepted the risk. Their IT team put in a sonic wall in front of each recorder at each building. They are not concerned about cyber security as they feel they have nothing of value to protect on their network. To customers with this attidude, I have no problem selling hikvision. They sign our agreement and assume the risk. To them, mitigating a potential lawsuit from a fake workers compensation request is more important than protecting their data. Does this attitude make me a non-professional for installing this equipment? No, we sold the customers what they wanted/could afford and covered ourselves the best we could by securing their network with their IT team and our contract. We installed the system with the same care and professionalism we would at the State Department, DOD or any of the power plants of nuclear facilities provide service for. With licenses in 13 states, we are far from truck slammers looking to sell cheap cameras.
On the other end of the spectrum, when we have a customer who has PCI compliance at stake, we will not connect the hikvision cameras to the internet or install something else.
There's a huge market that can not afford Milestone, Axis, Avigilon...etc. They also can not afford not to have video surveillance. Who am I to deny these small businesses access to surveillance systems. If I sell it to them, I can make sure it's installed properly and cameras are posistioned properly.
Would I recommend a high-security facility install Hikvision cameras? No. Would I install Hikvision if they paid me? Yes. In situations where cyber security is critical, we provide multiple quotes. We let the customers know the advantages and disadvantages of each system and let them choose if they decide to have us install hikvision than that is what we will install. Part of our agreement states that we recommended a more advanced security system and the subscriber reject it. If they contract us to install hikvision and they want the system on their network, it's up to them to provide that network security. We are not a network security firm and do not advertise ourselves as such.
All of that being said, as a company we have made the decision to reduce our Hikvision offerings and move in a different direction. When we first started selling hikvision there weren't many alternatives to hikvision in the US through legitimate distributors. We will continue to sell their cameras, but not their recorders. We will reevaluate this decision as more information comes to us. We need more quality lower cost offerings like Dahua, Hikvision and Digital Watchdog.