Zero Trust Security And Video Surveillance

By Sean Patton, Published Jul 07, 2021, 09:48am EDT

Designing "Zero Trust" IP networks is a cybersecurity trend, but what does it really mean for video surveillance?

IPVM Image

We examine:

  • How is "Zero Trust" defined?
  • How does it impact video surveillance?
  • How can video surveillance manufacturers support Zero Trust?
  • What advantages and challenges are there for Zero Trust?
  • How should integrators approach Zero Trust networking?
  • What are the limitations of Zero Trust?
  • What is the US DoD / federal government approach to Zero Trust?
  • How is Hikvision advocating for building Zero Trust?

"Zero *****" ********

**** ******* * ********** ******** approach **** ******** ** devices, ******* *** *****, not ***** *******, **** if **** *** '******' the ************'* *** *******.

******* ******** ****** ** verification *** ******* ******* segregation ** ***** *** devices, ****** ** ******* only ** *** ******* amount ** *** ******* based ** *** ************ of *** **** *** application.

******* *** ****, "**** trust" **** *** ****** nor ** ** ******* of *** ****** ** trust ********. *** *******, video ************ *******, ********** if ***** **********, ***** still ** ****** ** the ******'* ***** ********** or *************** **** *** cloud ********** (** ** examine ***** **** *** Verkada ****).

Zero ***** **********

***** **** *** ****** must ** ************ ******** and ********** *** **** given ****** ** ********** resources **** *********. ***** access ***** *** ******** as * "******", ***** only ******* ***** ** actions, *** ***** ** devices:

IPVM Image

****** ** ********, ** practice, ******-********** *********(****), ***** *** ** software-based ** ******* **********, and ******* **** ****** inspection (*.*. **** *********** is ********* **** ** this ****?) ** ******** to ********* ** *********** firewalls (*.*. ***).

************, ***** ******** * Zero ***** ******* *** start **** ** ****, there *** **** ****** of ********** *** ***********, for * ***** ********** Zero ***** ******* (*.*. Multi-factor **************, ***.**, **** encryption, **** ******** **********, etc.). **** ********** ******** specialized ******** *** ********* that ** ******** ** video ************.

Impact ** ***** ************

***** ************ ********* **** been ******* ** ****** of *****, *** ** a **** ******** ** devices **** ******** ** significant *************** (*** ****'********** ** ***** ************ Cybersecurity *************** *** ********). ***** **** ***** networks *** ***** ************ could **** ******** **** of ***** *************** *** exploits.

*******, *** ********** ** cybersecurity ** * *********** challenge *** **** ***** surveillance ************* *** ***********.

Barriers ** **** *****

***** *** * ******* barriers ** **** ***** in ***** ************:

  • *********** ****** ** ** on ***** ***
  • *********** ********* *********
  • *** ******** ************* ** not ** ******

*********** ****** ** **** Trust *****

***** ************ ******* *** typically **** * ******** of ** ************'* ** network, ** **** *****, a **** ***** ********. Because ** ****, **** integrators **** **** ************** for *** ************ *******, and**** ** ***** ****** dedicated ************ *** **********, ************ over ************* ********.

*******, **** ***** ********** needs ** ** *********** across *** ****** ************ and ***** ******* * high ***** ** ***********/************* outside *** ************ **********'* purview. *** *******, **** trust ***** *** ** applied ** ******* ***, smartphones, ********, *** ***** various **-******* ******* ****** physical ******** *******.

*********** ********* *********

************ **** ***** ******* the **** ** *** and **** ** ****** within ***'* *******. **** needs ** ** ******* against *** ******** ******** of *** ********.

* ******** ****** ** Zero ***** ** ********* users *** ******* *** accessing ********* (*.*. *** recorders, ****** *******) **** Policy ****** ****. **** Touch ******* ******* *** use ** *****-****** ************** (e.g. ***-****-*********, **********, *** keys, ***.) ***** ***** to ****** **** *** identity ** *** **** is *********.

*******, **** **** ******** steps ** *** ******* of ***** ******* ** to **** *****, *** in * *****-**** ******** potentially ******* *** * user **** ********** ** an ********* ********, *** to * ********* ***** out ** ***** *******.

** ****** *** ** Trust ************* *** **** They **

***** **** ***** *** help ******* ********** ******* from ********* ** ********** other ********* ******* ** one's *******, *** ***** needs ** ***** ****** manufacturers *** **** **** control **********. *** *******, VSaaS *****, **** **** zero *****, **** ** trust **** ***** ***** providers **** *** ** breached **, *****, ***** trust ** ****** ** their *********.

Verkada *** **** *******

**** ******* *** ******** in ***** ****, *** CSO ** ******** ************ ***** ********** *********** ***** **** trust ******** ************. **** rightfully ********** **** **** though ******* ******** **** access ** ******, ******* Verkada *** ******* ******* Verkada ***** ******* ***** devices ****** ****'* *** network.

*******, ** *** ******* showed, **** **** **** to *** ********* *********** from ****'* *** ***** surveillance ******.

US *** **** ***** *************

***** ********** ** ******* launched ** ********** ** 2020 ** ****** *** capabilities ** **** ***** architecture*** ** ********* *** adoption. *******, *** *** does *** ****** ** to ** ***% *** to ********* ******** ***** in ******* ** ***** this.

*** ******** ** **** level ** *****, *** there *** ** ********/******** specifications, ** ****** ** a ***** *** *** stakeholders:

*** *********** ** *** Zero ******* ** ** ***** the *********, ********, *******, and **** ** **** Trust ** *** *********** of********* ** ********* * Zero ***** ********* ****** an ******** ***********.

**** ****** * **** to ********* *** **** away **** *********-***** ******* that **** **** ************** managed, ****** *** ***********:

********** ******* **** ****** on********* ******* ******* **** fetter ****** *** ***** implicit ***** ******* ***************. ******* *** ********** to ******* ********, ***** on ***** **** ****************, **** *** ** inconsistently *******, ************,***/** ******** ***************, ******* ****** **** porous *** ***********.

**** **** ******** **** well-trained *****-****** *******:

*****-****** ******* *** **** trained, ****-*********,*** **********. *** *** of *** *******,**********, *** ********** ******** with **** ******** ******* can ****** ****************** ********** **** **** ********** unseen ***** *** ********.

Hikvision ********** **** *****

********* ******** *********** ********* **** *****, * ************** ******* its *** ************* ******; if ** *******'* ******* can ** *******, **** every ******* ** ** a ***** ******* *****.

***********, *** ********** ****** poor *************** *** ************ a ****** **** ***** network *********:

********* *** ********* *** IP ********* *** *** addresses **** **** *** need ** ****** *** video ************ ******

************ ** ********* ****** "these ******* *** *******" which ******* *** ****** purpose ** **** *****.

Limitations ** **** *****

* *********** **********/**** ** ZTA ** ******** ***** **** ********** *** *********. ******* employees ****** ******* **** 'Super *****' ********** ** view *** ********'* ****** footage ** *** ****. Moreover, ** ******** ****** to *** **** ***** inside *** ******* ******* inside **** ********'* ********.

*** ** *** ******* was "**********" **** *** standpoint ** **************, **** Security, *** ************* ********. Even ** * **** is ********** **** ***** in *******, ** **** not ****** **** ***** systems ** *** ******* infrastructure/admin ******* ** ***********.

**** * ********* ********** per** **** ************* ***************, ***** ** ******* that ***** **** ****** it, ******* *** ******* was ************ ******* ******* Verkada's *** *******:

IPVM Image

Video ************ ************ ********* *******

******* ** *********, **** is *** **** ***** top ***** ************ ******* that ****** ********* *********** on **** *****, **** a****** **** ****. **** ****** ******** that ************ ************* ***, at ****, ******* ** securing ***** *** ******* and ************. ******** ***'* entire ******* ** ******** the ***** ** ***-**-*** networking ************* (*.*. *****, Fortinet, ***-*****) *** *********** security ********* (*.*. **** Alto, **********, ***** ****).

***** *********** *** ******** of **** ******** ********* is **********, ** **** not ******** *** ********** of ******** **** *************** are ********* *** **** one *** ******** ***** one's ******'* *********.

Comments (8)

***** ******* ** ********* the ********* ** ****-*****. The ********* ********* ** white-lists ** * **** face-palm ******.

*******, * ***** ************* must ** ****. ********* cloud ******* ** *** hardcode ***** ***** ********* into ****** ******* *** then ****** **** ** the ********. *** ***** level ** *** ***** audits ** ******, *******, & ********* ***** **** caught **** ** ******* had ***** ** ***. What ******** *** ********** inexcusable *** ** ******** only ** **** *** vendor. ***** *** **** very ******** ******* *** preventing **** *****-***** ******** within *** ***** ******** from ********* *******, ****** surveillance ****, *** ***** evidence, *** ***** ***** providing ****** *******.

***** ****** ****** *** the ************** ** *** vendors ** ********* *** the ************** ** *** integrators *** *** *** then ******* *** *******. Yes, **** **** *********** investment *** ***** *********** pay ********* **** *** can ***** **** ***** of ***** ** *** partners *** *** ***-*****.

Agree: 4
Disagree
Informative
Unhelpful
Funny

********* *** *********** *******.

Agree: 2
Disagree
Informative
Unhelpful
Funny

**** ******* ******* ** conclude **** **** ***** Architecture (***) ** * worthless *******, ******* "*** still ***** ** ***** device *************." * ***** that ********** ** *** base. ** **** ****** implemented ***, **** *** their ******* ********* ***** be ** ** ******** sub-network (** ****), ** that * ****** ** the ******* **** ***** not ********* *** **** of *** **** *******. So ***** ***** ** fact ** * ******** valuable ********** ** **** for ****** ** *** having ***. *** ******* is ******* ** ****** that ******* ********* **** still ******* ** *** sense **** *** ***** video **** *** ******* were ********, *** **** is *** **** *** run ******* *** *** SaaS ** *** ****, i.e. **** *** **** provider **** **** ** their *** ********. ** @Jacob ****** ******* *** above, ** ******* *** ZTA ** ******'* **** helped ****** ******* ** their ********** ******* ** publishing ***** *** ***** admin *********. *** ** all ***** ****** *** dimensions ** **************, *** no **** ****** ** the ******** *** **** you ** **** ******** is ******-****** *** ******* else *** **.

Agree: 2
Disagree
Informative: 2
Unhelpful
Funny

#*, ** *** *** contending **** *** ** useless. ** *** ******** with *** **** **** you **** ****:

******* ********* **** ***** screwed ** *** ***** that *** ***** ***** data *** ******* **** breached, *** **** ** the **** *** *** anytime *** *** **** of *** ****, *.*. will *** **** ******** take **** ** ***** own ********.

*** ***** *** *** not ******** **** ***, they **** ******** **** ZTA ********** *** ******** risks ******* *** **** ensured *** ** *** 'trust' *** ******** *** trust ** ***** ********* in *** ********** **** providers *** ****** ** various ******** ******* ** is ***** ** *** or *****, ***.

Agree: 1
Disagree
Informative
Unhelpful
Funny

** ** ***** ** ZTA * ********* *******, but ***** *** ***** risks, ** ** ***** about ****

**** ********** ********** **** even ****** ******* ******** root ****** ** ******, neither ******* *** ******* hacking ******* ***** ******* other ******* ****** ****'* own *******.

**** ************ *** ***** in ***, ** ****** is ** ***** *** enforced, **** ******** ** managed, *** ********** *** segmented ********.

*******, **** ** * company **** * *********** background *** ******** ** cybersecurity. **** **** *** internal ************ *** ********* to ********** ****. ***** schools, *********, ***** ********** companies, *** ********* ***** verticals **** ************ **** are ****** ** ******** to ** **, *** related ** *** ***** of ****, ************/******** ******* are **** *** ***** piece ** *** ********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

***** *********** *** ******** of **** ******** ********* is **********, ** **** not ******** *** ********** of ******** **** *************** are ********* *** **** one *** ******** ***** one's ******'* *********.

***** **** ****.

*'** ****** **** ********** sentence ***** ******* ** encapsulates (***) *** ******* of **** **** - which ** ********.

***** ***** ** ************** ** **** **** everything ** **** ********** space (***** ************) *** is * '**** ********' vs *** **** ** cyber ******* *******.

***, ********** ********* ** *********** that *** ************* **** represent ******** ***'* ********** in *** ****** ** their ********.

Agree
Disagree
Informative
Unhelpful
Funny

**** ********/******* ******* ******** VSaaS ** *** ** secure ** ******* ***** models **** ***/******* ***** to *** ******** ********** networks, ***** ** **'* own **** **** ***'*, VPNs *** ****** (*** even *****) ****** *** 2FA ******* ********(**** *** access ***** *************). *** still **** ***** ******* or ******** **** *** VMS ****** ** *** internet ** **** **** no "***** ****" ************. Send **** ***/** ******** video ***** ** ** intermediate, ******* ***** *******(*), VM's ** *** *** allow ****/*** ******* ****** to *** ***** ******* that **** ** ************ with *** *** ********. Log *** ****** *** access ******* ****** **** notification ** *** ********* local ******** ****. **** all ***** ** * cost. ** **** ***** security ** ***** **** level ** **********, **** it ** ***** ********* for ** ****. **** type ** ******** ** not ****** ******* ***** business ** **** **** likely ***** ** ****** to ******* **** **** burdens. *** **** ******** is **** ******? *** do *** *****, *** what ** *** *****. Trust ** *** ******* of **** ********** *********- purchase ******* ************ ***** equipment(if ** *****'* *****, lobby *** ** ** exist. ****** ********* **** helped ** ******* *** security), ******* ****** **** review **** ***'* ** protect **. ** **** own *******'* ************ ******** are ****** ** ***, there ** ****** *** can ** ***** ****

Agree
Disagree
Informative
Unhelpful
Funny

*** ** *** **** important ***** ** **** trust ** ****** *** product **** ** ***** as * ******* ********. You ******* ****** **** ever ***** ** ***** the *******. **** **** with ****, ***...... *** not ** ******* ***.

**** ** * **** about ********* ** ******** ?, *** ***** **** the ********** ******** * until *****. ***** ********* and ******** *** *********.

**** * **** ** a *******, **** -* Group *** ***** **** Trust ******** *** ************ if *** ****** **** to ***** ***** **** Trust **** ***** ** products **** *** *** do ***** ******** **** cloud ****** ********, ***....

* ***'* **** *** them. ******* * ** analyze **** ***** ******** that ****** **** *** their ******** ****. **** I ***'* **** *****.

***** **** ** ****** here **** **** *** other ******** ********* **** will *** ****** *** better, *********** **** **** your *****, *** *** what **** ** ** and **** **** *** your ***** **** *** test **** **** ** side **** *** **** company *** ******* ***** products ** ******'*.

***** ***** ******** ** used **** ***** *** video, *** *** *** today.

Agree
Disagree
Informative: 1
Unhelpful
Funny: 1
Read this IPVM report for free.

This article is part of IPVM's 7,211 reports and 960 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports