Genetec Cloud Tested

Author: Ethan Ace, Published on Aug 12, 2015

Not since Axis public and prolonged agony with AVHS, has a major manufacturer bet as heavily as Genetec is now doing on the cloud.

Genetec started with Stratocast, which took a similar small camera count approach as Axis AVHS, with similar poor adoption (their most famous customer here).

Genetec is not giving up. Indeed, they are taking an aggressive 'cloud first' strategy more deeply integrating cloud services with its flagship Security Center platform adding Cloud Archiving, Cloud Cameras, and AutoVu Plate Reader Cloud in the past year as well as offering free camera channels and storage to attract users.

In this report, we test:

  • Stratocast - the stand-alone small camera count cloud offering
  • Cloud Cameras - federating Stratocast into Security Center
  • Cloud Archiving - extended cloud archiving for Security Center
  • Cloud LPR - processing LPR in the cloud, integrated within Security Center

*** ***** **** ****** *** ************** **** ****, *** * ***** ************ *** ** ******* ** ******* ** now ***** ** *** *****.

******* ******* **** **********, ***** **** * ******* ***** ****** count ******** ** **** ****, **** ******* **** ******** (***** **** ****** ******** ****).

******* ** *** ****** **. ******, **** *** ****** ** aggressive '***** *****' ******** **** ****** *********** ***** ******** **** its ******** ******** ************** *********** *********, ***** *******, ********* ***** ****** ***** ** *** **** **** ** **** ** ************ ****** ******** *** ********* ******* *****.

** **** ******, ** ****:

  • ********** - *** *****-***** ***** ****** ***** ***** ********
  • ***** ******* - ********** ********** **** ******** ******
  • ***** ********* - ******** ***** ********* *** ******** ******
  • ***** *** - ********** *** ** *** *****, ********** ****** Security ******

[***************]

Exec *******

****** ********** '**********' *** **** *********** ***********, *** *********** ** ***** services, **** ****** ** ***** *******, ********* *** *** ** their *** / **** ** ******** *** ********. ** ******* the ***** **** **** ************* ******* *** **** ***** ***** ***** that *** **** ********* ** ***** ******** ** ******* ***** systems.

Key ******** 

**** ***** ********** *** *** ******** *** **** ** *******'* cloud ********, **** **** ****** *****:

**********

********** *** *********** *********** ******** ** ******** ****** *** ***** full ***** *****:

  • **** **** ******* *** *********, ** ***** *************.
  • ********, ******, *** ****** ** ******* ** * ****** ****** with ** *****-****** *******.
  • ******** ****** ****** *** *** *** *****, ***** *** ** (and ***** ***) **** ****** ************, ********* **** ******* *****.
  • ** ************ ** ***** ******* **** ** ****** *******, *********, etc.

***********, ********** ****** * ********** ******* ** **** ****** ********* 3, ****** **** **** ******* *****, *** * ******* **** ** ~$6/camera (**. ****).

******** ****** ***** ******* (********** **********)

********** ********** ******* ** ******** ****** *********** ********** **** ** the *********** ********* *****.

******* *** ***** ******* *** ******, ****** ******** ******, ****, and ********, **** ***** ******* ********* ******* ** **-**** *******, **** a ****** ******** ** **** **** (~*-* *******) ** **** viewing *** ********.

***** ********

***** ******** ********** ****** ********** **** **-**** ***** ********, **** *** lack ** ********** *** ****** ******** ** **** **** *** only ********** **********. *******, ***** ****** ****** ** ****** ********* speeds **** ***** ***** ********, ** ***** ** ** ***** to ******** ***** ***** *** ** *** ***** ****'* ******** connection.

****** ***** ****** *****

*******, ***** ****** ***** ********** ****** **** ******** ****** *** add-on ******, ******* ****** **** **** ****** ***** ********, **** read ****** ********* *** ********* ** ~*-* *******, **** ***** a ****** **** **** *******'* **** *** ****** ***** ******. 

*******, *** ***** **** ** ********** ******* (******* ** models **** ****, *********, *** ****) *** *** ******* ***** (<15 *** *********) *** ** ****** *** **** *****.

*******

**** ** ***** ******** ** ** *******:

  • **********:**** ****** **** $*/** (**** ******* ****) ** $**/** (***** HD, ** **** *******) *** ******,********* ** ****.
  • ***** *******: ********** ******* *** ** ********* ** ** ********** ******, *** Security ****** ********** ** ******** (** * ************ ************ ** * *******).
  • ***** ********:*** **** ** ***** ******** ** $**/** *** **, *.*., 5TB = $***/** ****.
  • ***** ****** *****: $**/** *** ******

**** ******** **** ****

**** **** *** ******* ***** **** * ***** *** **** access ** **** **** ***** ******* *** ********. ***** ******* for **** ******* ****** *** ******* **** **** ***** ******* / *******

Genetec ********** 

*******'* ********** ***** ******** **** *** ********* **********:

  • *** *** **** ********* ** **** *** ********* ** *** system, ********* **** *** ******** ***** *******, ******, *** ***** user **********/***********.
  • *** ********** ********* ** **** *** ****** *** ************* ******* *** local *******, ********* *****, ******** ****** ********** *****, *** ****** monitoring.

** ****** *** ****** ** **** ** ***** ********** *****:


******* *****

*** "****" ******* ** *** *** **** ********* (*********** ** the ****** ****) ** **** *** **** *** ******** ******* and ***** ******. **** **** *** "***********" ***, *********** ** *** magnifying ***** **** ******** * **** ** *********, *** ****** functions, ******* ** **** **** *** **'*.

*******, ***** ** ** *****-****** ****** ** ******. ********* * ****** to ******** **** ** * *****-****** **** ******** *** **** to * ****** ****** ******. ***** **** ****** *** ****** each ****** ************, ***** *** ** ******* ** ******** ******* are ******** ** ** ********.

** ****** ***** ********* ** **** *****:


****** *******

******* **** ** ***** ** *** ********** ********* ** **********, and ******* ********** ** ***** *** ****** ****** *** *** (owner ************** ***) ** **** ******. **** *****, ********** **** up *** **********, * ******* **** ***** *-* ******* *** camera, **** ***** ****** * ********* ****, **********, *** **** the ******.

***** ** ** *** ** *** ******** ******* ** **** or ****** *** ***** ******* *** ******* ** ** *****, so ********-****** ******** *** ** * ****-********* *******.

**** ******* ** ***** ** **** *****:


**** **** *** ****** ****** ** *** *** ******* ** the ****** *** *** ** ****** ********* *** * ******* ** the ****** ****** ** ** *** *** *********. *******, *** OAK ** **** ******** ** *** ***** ************* ******** **** each ****** *** *** ** ****** **** ** ****** *** during ************. ***** *** ******* **** ** ********** ******* ** retrieve *** *** *** ***** *******.

Cloud *******/********** **********

********** ******* *** ** ********* ** ******* ******** ****** ** simply ******** * ********** **** *** ******** *** ************* ********* server ****, ****, *** ********. 

***** ******* ****** ** ********* **** ***** *******, **** * slight ******** ** **** **** (*-* ******* **. *-*) *** only ******* **********. ***** ****** ***** *** ** **** ** Stratocast ** ******** ******* ***** **'* ********* ******** ****.

** **** ***** ** **** ***** ******* ******** *** ********** Federation *** ******* ***** ****** *****:


Cloud ********

***** ******** ******** * ***** ****** ** *** ******** ****** server *** **** *** *** ****** **** ******** **** *** main ** ***********. ***** **** ****** ****, ***** *** ** the ******* *** ** ***** ********, **** ***** ***** **** this ******* ******** ************* ** *** *****.

**** **** ***** ** ** *** ** ******** ********* ** Cloud ******* ******* *** ** *** ****** ******** ***** ***********. In *** *****, ****** ********* *** ********* *-* **/*. ******* explained **** **** **** *** ********* ***** **** **** ** bandwidth ********** *** ** *** ** ***** ** * ****** release. 

***** ***** ******* ********* ** ********* ********, **** ***** ******** and ****** *** **** *** ** ***** ********, **** **** thumbnails *** *** ******** **** ***** ***** ****** ** *** cloud, ****** ***** *****. ***** **** ****, ************* ** *********** similar.


Plate ****** *****

***** ****** ***** ********** **** ******** ****** *** ** ***-** plugin. **** *********, ***** ********* * ********* ***** **** *** ****** as *** *** ******, **** * ****** ****** ********** **** for ********. **** *********

***** *** ********** ** ********* ***** ** ********* ********* (**** a ******* ******* * ******** *****) ** ******* */* (**** a ****** ********* **** ** ** **** ** ********* ** a *******) ** *** ** **********. ***** ****** ***** **** includes **** ** *** ********* ***** ** *******'* ****** ****** releases, **** ** ***** ** ****** *** ******* ****. *******, direction ** ****** *** ***** ********** *** *** ********.

*** **** ******* * ***** ***** ******* *** *** **** event ********* ** ******** ****** *** ~*-* *******, ******* ** or ******** ****** **** * ****-***** ****** ***** ******.


** ***** ** ****** ******* ****** *** ** ***** ** 15 *** ** ***** ***** ** **** ***** **** *******'* recommended ********. ***** ***** *** **, **, *** ** *** properly **** ****** ** ****** ***% ** *****, ** ****. Accuracy ** ** ***, ****** *** ** *** **************, *** solid ** ****, ****** ***** ***** ** ****** ****** **********. 

Versions ****

***** *** *** ******** ******** **** ** **** ****:

  • ******* ******** ******: *.* *** (*.*.****.**)
  • ***** ****** *****: *.*.***.*
  • ***** ********: *.*.****.** 

Comments (10)

In reviews of "cloud" based security systems such as this, shouldn't the subject of cloud security be addressed alongside other technical considerations? A recent HP sponsored study suggests so. In other words, can it be hacked thus making client data available to cybercriminals?

In other words, can it be hacked thus making client data available to cybercriminals?

In short: maybe. The issue with making claims about cybersecurity one way or another is that so much hacking involves finding exploits, which by nature are unknown. Like Heartbleed, which left many, many systems vulnerable. No one knew that vulnerability was there until it became a problem, and literally millions of users were impacted, since so many things were developed with OpenSSL.

Genetec uses Microsoft's Azure cloud services platform for Stratocast. Microsoft does routine penetration testing on these services and have a lot at stake keeping them secure. And according to Genetec, they're using 256-bit SSL encryption. We confirmed this with Wireshark traces. After the connection is made, you don't see any traffic other than TLS, similar to this trace (from our Remote Network Access for Video Surveillance report):

So there are a lot of measures already taken to keep things secure. But does that mean it can't be hacked? No.

If anyone has suggestions for things specific to these issues we can test, please comment.

The knee-jerk reaction to cloud-based systems says they must be less secure than data under ones own purview simply because you don’t know what security measures are taking place at the cloud-provider.

This is a lot like saying I would rather put my money in a safe in my home office with my own alarm system on my doors/windows than put it in the bank—because I don’t control the bank’s security. And if I don’t control it then I can’t trust it, right?

Reality is most banks have better (physical) security than most homes. And I believe that holds true for most professionally run cloud-based service as well.

Cloud based systems present a slightly different type of risk in that everybody knows where the front door to your data is located (it’s at your-cloud-provider.com). But alas the sense of satisfaction you get from ‘security through obscurity’ when you store your data in your own wiring closet is often short lived if you suffer a deliberate and targeted attack.

As Ethan points out the large IaaS/PaaS providers like Google, AWS, Azure provide a lot of support to keep the infrastructure secure. In our case, on AWS, in addition to the underlying security of AWS’s infrastructure they also offer a tremendous amount of turn-key platform security that we can utilize ourselves to provide a much more secure environment with less effort than would be required if we constructed our own infrastructure.

All that being said, Richard’s right that cloud-security is another attribute of any cloud-based product that needs to be evaluated. I just think in many situations you’ll find that the system can be more secure as a side effect of being cloud based than systems that are not.

This is a lot like saying I would rather put my money in a safe in my home office with my own alarm system on my doors/windows than put it in the bank—because I don’t control the bank’s security.

Disagree.

Your money is either in your home safe OR the bank safe.

Cloud security does not obviate the need for on-site security, the rule of weakest link dominates here.

Let's say, instead of money, you have the keys to your Ferrari in your home safe.

Would you really argue that putting duplicate set of keys in the bank's safe would make your car more secure?

Would you really argue that putting duplicate set of keys in the bank's safe would make your car more secure?

In my analogy I'm saying putting a duplicate set of keys in the bank's safe would not necessarily make it any less secure than only keeping a set in my home safe. I'm arguing against the idea that just because there's a cloud based component to the system now it's less secure than a VMS that is protected by only the customer's IT infrastructure.

I don't dissagree that the weakest link dominates. But when IPVM reviews a VMS people do not immediately ask "but how secure is it?" They only tend to do so when IPVM reviews a cloud based service.

I just think in many situations you’ll find that the system can be more secure as a side effect of being cloud based than systems that are not.

Guess I should have more clearly framed my question. Cloud computing security is a partnership between the provider (MS, Amazon et.al.) and the user (their clients). I’ve no doubt that providers invest heavily in their half of the equation and of course their clients and their clients end users (you and I) reap the shared benefits of this investment. However, what about the security provided by the cloud clients? Is it as robust and as well thought out and implemented? At the end of the day our end user data (yours, mine and others) are held and secured not by the cloud provider who secures the framework within which that data are held, but by the cloud client who is the first line of defense in regard to protecting that data and it’s that data we should be most concerned about. So, my original question did not pertain to the provider but rather to the client.

Hi Richard, I guess I'm not following what you mean by "client."

In the case of Genetec's service, is Genetec the client (of MS) to which you refer?

If that's true then you're asking, how do you trust Genetec's implementation of security upon MS's infrastructure?

Steve, let me start by making two points, one is that by use of names I am not pointing fingers or making accusations and two, I’m certainly not aware of the internal designs of the Genetec cloud products but can make an education guess as to the architecture.

By way of the present example, I see the following as being the likely scenario. There are likely 4 actors responsible for the security of the installation: the cloud “provider” who in this example is Microsoft, their “client” who in this example is Genetec, what I refer to as the “customer gateway” (an application at the customer site that collects such things as event notifications, equipment status, inputs from cameras and whatnot, and pushes it all to the cloud) who in this example is Genetec and finally the “customer”, Genetics customer who in this example is IPVM.

So, in the cloud itself there 2 players, the provider MS and the client Genetect. They share security responsibility within the domain of the cloud. MS is responsible for such aspects as infrastructure, cross-pollination, environment et.al. Genetec is responsible for just about everything else such as for example; protect and securely manage credentials, protecting against impersonation attacks, protecting against identify fraud, protecting customer video data, protecting customer operational and site data, encryption of sensitive data, providing for secure access and a long list of other activities. In essence, in this example Genetec assumes responsibility for ALL aspects of security in the cloud that would, in a typical non-cloud installation, be shared in part by the customers IT department and in part by Genetec.

So, as you can see, in this example Genetec, and in general the “client” in every cloud installation, takes on a HUGE responsibility role in the overall security of the installation. Hence the reason for my initial query.

Sorry Steve, forgot to answer your specific question. Yes, in this example my question is in regard to Genetec's security measures but, in general I'd ask the same question of any cloud client installation. My reason is simple, use of cloud technology does not of itself insure security but rather, in practice it tends to complicate it, and where VMS is concerned that complexity is compounded.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

October 2018 Camera Course - Save $50 - Last Chance on Sep 13, 2018
Today is the last day to save $50 on the October 2018 Camera Course, register now. This is the only independent surveillance camera course,...
Dell Launches IoT for Surveillance on Sep 05, 2018
Historically, Dell has been a PC and server provider (e.g., "Dude, you're getting a Dell") and widely used for surveillance storage. However, in...
Synology Surveillance Station VMS Tested on Aug 22, 2018
With so many low-cost NVRs and enterprise VMSes, is there any place in the market for NAS-based VMSes? Recently, IPVM bought a Synology NAS for...
SNMP / Network Monitoring For Surveillance 2018 on Aug 21, 2018
Surveillance systems typically rely on the the VMS to report issues, but this most often just means knowing a camera is "down" with no warning or...
2Gig Gun Lock / Motion Detector Tested on Aug 17, 2018
Safer guns for families and an opportunity for security dealers to sell more services? That is the aim of Nortek's 2GIG 'Gun Motion Detector'...
Video Analytics Integration Guide on Aug 16, 2018
Video analytics is hot again (at least conceptually) but integrating video analytics with VMSes can be challenging. This is especially significant...
ISS VMS / Video Analytics Company Profile on Aug 16, 2018
Who is ISS? In the past few months, they had one of the craziest ISC West promo items in years. Then, they hired industry veteran and ex-Dahua...
Cut Milestone Licensing Costs 80% By Using Hikvision and Dahua NVRs (Tested) on Aug 13, 2018
Enterprise VMS licensing can be quite expensive, with $200 or more per channel common, meaning a 100 camera system can cost $20,000 in VMS...
Milestone / Canon Spinout Arcules Cloud Launch on Jul 30, 2018
Canon and Milestone's VSaaS Startup spinoff Arcules launched their platform at Google Cloud Next. IPVM spoke with CEO Andreas Pettersson about the...
Eagle Eye Networks Cloud VMS Tested on Jul 26, 2018
Eagle Eye has become one of the most significant players in the industry in the past few years: Eagle Eye's Owner Acquired Brivo Eagle Eye...

Most Recent Industry Reports

25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...
Chinese Government Praises Hikvision Following Xi Jinping on Sep 17, 2018
The Chinese government council responsible for managing China's state-owned companies praised Hikvision’s obedience to China’s authoritarian leader...
Amazon Ring Spotlight Cam Tested on Sep 17, 2018
Amazon's Ring has released their latest camera entry, the Spotlight Cam, which we bought and tested in our Consumer IP Camera Analytics...
European Mega Security Firm Verisure Pushing Security Fog on Sep 17, 2018
The European mega security firm Verisure (Securitas Direct), with a reported 2 million customers, is pushing security fog, as shown in this BBC...
IP Camera Cable Labeling Guide on Sep 14, 2018
Labeling cables can save a lot of money and headaches. While it is easy to overlook, taking time to label runs during installation significantly...
Favorite Intercom Manufacturers 2018 on Sep 14, 2018
Intercoms are certainly increasing in popularity, driven by the integration of video and IP networking. But who is the favorite? On the one side,...
Vivotek 4MP Camera Tested (FD8379-HV) on Sep 13, 2018
Next in our series of updated 4MP testing, we bought and tested Vivotek's FD8379-HV, and entry level 4MP model claiming "top-notch quality video in...
Ascent / MONI Faces Lender Lawsuit and Debt Crisis on Sep 13, 2018
ASCMA, aka Ascent, aka Brinks Home Security, aka MONI, aka Monitronics is being sued by a group of their lenders who allege: As of June 30,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact