Opinions on Cloud based video surveillance systems ?

[someguywhoworkswithcams]

Everything seems to be so on premise focused when it comes to security while literally every other business systems are in the cloud or connected somehow.

Why are security professional so reluctant to move ahead with technology?

EDITED BY FENDERMAN: This spammer works for eagle eye networks a cloud camera provider. WTF.

 

[wittaj]

Because when it is out on the cloud it can be hacked and your cameras can be hacked.

Other business systems have continual security improvements, and even they are hacked.

A camera or NVR firmware may be updated 2 or 3 times at most in it's life. Microsoft and other antivirus are updated more than that in one week. That is a big difference.

Security cameras are notorious for not being very secure. Most have vulnerabilities. Even the premier Axis was hacked a couple weeks back.

Hackers don't care about your camera feed - they want your internet for DDoS and bot attacks.

Plus 24/7 camera feeds take a lot of data and would not be cost effective to most residential users, and their internet would be slow as snot too.

 

[mat200]

Everything seems to be so on premise focused when it comes to security while literally every other business systems are in the cloud or connected somehow.

Why are security professional so reluctant to move ahead with technology?

Hi @someguywhoworkswithcams

What is your internet bandwidth? ( down and up ? )

 

[sebastiantombs]

Just a few quick thoughts.

The cloud is about as secure as an open door with a sign pointing to it that says "NO ONE IS AT HOME". Recently, a much vaunted surveillance company, using their own "cloud" was hacked here in the US and video of secure areas of many governmental and sensitive businesses ended up on the internet.

Here, in the US, in terms of evidence for court proceedings possession of the video needs to be provable and documented. Using a cloud, shall we say, clouds that process and renders the video as questionable in the eyes of many, like judges and juries.

When the video is stored and maintained locally there is very little that can go wrong other than disk failure. In a truly important situation duplication of the storage is far more secure than cloud storage, IMHO.

 

[someguywhoworkswithcams]

Because when it is out on the cloud it can be hacked and your cameras can be hacked.

Other business systems have continual security improvements, and even they are hacked.

A camera or NVR firmware may be updated 2 or 3 times at most in it's life. Microsoft and other antivirus are updated more than that in one week. That is a big difference.

Security cameras are notorious for not being very secure. Most have vulnerabilities. Even the premier Axis was hacked a couple weeks back.

Hackers don't care about your camera feed - they want your internet for DDoS and bot attacks.

Plus 24/7 camera feeds take a lot of data and would not be cost effective to most residential users, and their internet would be slow as snot too.

I appreciate the response. Could you elaborate on this statement:

''A camera or NVR firmware may be updated 2 or 3 times at most in it's life. Microsoft and other antivirus are updated more than that in one week. That is a big difference.''

What importance does this have?

 

[someguywhoworkswithcams]

Just a few quick thoughts.

The cloud is about as secure as an open door with a sign pointing to it that says "NO ONE IS AT HOME". Recently, a much vaunted surveillance company, using their own "cloud" was hacked here in the US and video of secure areas of many governmental and sensitive businesses ended up on the internet.

Here, in the US, in terms of evidence for court proceedings possession of the video needs to be provable and documented. Using a cloud, shall we say, clouds that process and renders the video as questionable in the eyes of many, like judges and juries.

When the video is stored and maintained locally there is very little that can go wrong other than disk failure. In a truly important situation duplication of the storage is far more secure than cloud storage, IMHO.

Thanks for the response!

Yet nearly all business systems like our email, banks, CRM are all Cloud based today. I understand a lot of high security facilities like gov offices, power stations or so might not need or even be allowed to be connected to any cloud solution but when you look at fast food, supermarkets or anything with multiple location using Cloud would allow for much easier management and overview of these locations. And also you mention maintenance, when this has to be done at one location that is doable but having to do maintenance across hundreds of locations just becomes costly and gives room for mistakes to happen.

So I definitely understand the Cloud or internet connected solutions should not be used by everyone but in some cases it just seems to make so much more sense.

 

[someguywhoworkswithcams]

Hi @someguywhoworkswithcams

What is your internet bandwidth? ( down and up ? )

Well enough to stream HD video, play demanding games online etc...

Then for sure it wouldn't allow me to send video of one hundred cameras to a cloud server somewhere. But some Cloud solution for video surveillance already exist so some genius must have been able to solve the bandwidth issue of sending hundreds of high definition streams to a cloud server.

 

[sebastiantombs]

Let's just say the is inherent distrust in "cloud" situations. A cloud, run by a corporate entity for its' own systems, is one thing. A public cloud, that allows anyone to attach to it, is a completely different scenario.

As an example. When I was in IT I ran the data backup system for a 1000 seat network that supported design engineers. If a file got corrupted or deleted it would be back for production in under an hour. A major change came to our IT department and everything was "outsourced". File restores went from under an hour to a week or more to happen. The cost in production time was immense, but the bean counters patted themselves on the back because they "saved money" on IT support. Unfortunately they lost more in production time of engineers making $150K, and up, per year instead but they didn't see that as part of the IT cost. The same happens with cloud based operations of all sorts. False sense of security and a false sense of economy. The company ended up bankrupt and out of business in under two years.

As a private surveillance system user it is not in my budget to supply the bandwidth needed nor the disk space requirements to store video other than locally. No bandwidth to worry about and I select how much storage I want at a very fixed and economical cost.

There is no "magic bullet" for the bandwidth problem. A megabit is a megabit. Some compression can occur, but as soon as you compress you're altering the original product, the direct output of the camera, which brings up a whole new level of authenticity to be questioned if the video is needed as evidence in court. Local storage doesn't have that problem at all.

 

[mat200]

Well enough to stream HD video, play demanding games online etc...

Then for sure it wouldn't allow me to send video of one hundred cameras to a cloud server somewhere. But some Cloud solution for video surveillance already exist so some genius must have been able to solve the bandwidth issue of sending hundreds of high definition streams to a cloud server.

Hi @someguywhoworkswithcams

We need real numbers to play this game of

"Everything seems to be so on premise focused when it comes to security while literally every other business systems are in the cloud or connected somehow.

Why are security professional so reluctant to move ahead with technology? "

If you don't understand the reason why, the numbers will show you ..

So the question is very important if you want a meaningful answer:

Q: What is your internet bandwidth? ( down and up ? )

 

[wittaj]

I appreciate the response. Could you elaborate on this statement:

''A camera or NVR firmware may be updated 2 or 3 times at most in it's life. Microsoft and other antivirus are updated more than that in one week. That is a big difference.''

What importance does this have?

If you don't understand the importance of frequent security updates to keep something secure, then you have some reading to do about network and hardware security...

Even with banks and email and almost everything else, those systems are constantly getting new updates as security vulnerabilities are found and they still get hacked. As soon as an exploit is found, Microsoft or Google or Apple are on top of it.

Cameras and NVRs are rarely updated. Maybe the first year or so, and after that they are on their own. Search here for all the vulnerabilities found and how long it takes a manufacturer to fix it, if ever.

Would you really want to use a bank website if they haven't updated their software and security and platforms in 4 years?

Virus protection on your computer doesn't protect the camera as it is its own device with its own software. The router firewall will do little as well since they are exploiting backdoors into the camera or NVR itself and then deploying malicious code from there.

Many people are running cameras and NVRs that haven't had a firmware update since 2018 or older. Would you trust the piddly security of that device to keep out bad actors? I don't. Many here don't either. We keep our cameras off the internet with VLANs or dual NIC.

Even when banks and Microsoft and the like implement almost daily security updates, they are still getting hacked, so imagine a device with software that is over 3 years old! So if we have the ability to keep our cameras off the net, we do so.

Between the security and bandwidth needed to transmit video across the net, it just isn't worth it.

What @mat200 is getting to is the bandwidth demands of these cameras.

My cameras are on their own isolated network that does not touch the router or the internet. My cameras are streaming between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit internet, a 3rd of non-buffering 24/7 data will impact its speed.

People will say stuff like "we stream 5 TVs with no problem". Yeah that is because streaming services like Netflix and others buffer the video. It may buffer 15 seconds to a minute or more of video. This allows it to send some video, pause to let something else on the network use the internet, send some more video, and repeat process.

These cameras do not buffer and all full-on nonstop. Pull the internet cable and the surveillance camera stops instantly. Pull the internet cable while watching Netflix and you may get an additional minute of watching the video.

 

[Nunofya]

If you don't understand the importance of frequent security updates to keep something secure, then you have some reading to do about network and hardware security...

Even with banks and email and almost everything else, those systems are constantly getting new updates as security vulnerabilities are found and they still get hacked. As soon as an exploit is found, Microsoft or Google or Apple are on top of it.

Cameras and NVRs are rarely updated. Maybe the first year or so, and after that they are on their own. Search here for all the vulnerabilities found and how long it takes a manufacturer to fix it, if ever.

Would you really want to use a bank website if they haven't updated their software and security and platforms in 4 years?

Virus protection on your computer doesn't protect the camera as it is its own device with its own software. The router firewall will do little as well since they are exploiting backdoors into the camera or NVR itself and then deploying malicious code from there.

Many people are running cameras and NVRs that haven't had a firmware update since 2018 or older. Would you trust the piddly security of that device to keep out bad actors? I don't. Many here don't either. We keep our cameras off the internet with VLANs or dual NIC.

Even when banks and Microsoft and the like implement almost daily security updates, they are still getting hacked, so imagine a device with software that is over 3 years old! So if we have the ability to keep our cameras off the net, we do so.

Between the security and bandwidth needed to transmit video across the net, it just isn't worth it.

What @mat200 is getting to is the bandwidth demands of these cameras.

My cameras are on their own isolated network that does not touch the router or the internet. My cameras are streaming between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit internet, a 3rd of non-buffering 24/7 data will impact its speed.

People will say stuff like "we stream 5 TVs with no problem". Yeah that is because streaming services like Netflix and others buffer the video. It may buffer 15 seconds to a minute or more of video. This allows it to send some video, pause to let something else on the network use the internet, send some more video, and repeat process.

These cameras do not buffer and all full-on nonstop. Pull the internet cable and the surveillance camera stops instantly. Pull the internet cable while watching Netflix and you may get an additional minute of watching the video.

How do you get alerts when you're away from home? How do you get live access to look in when you're not at home?

 

[The Automation Guy]

I'd say there is a HUGE difference between enterprise cloud solutions and consumer CCTV cloud solutions.

First, companies that want a cloud solution make that decision after much thought. They have some specific reasons for doing so and they are willing to pay the cost of of the service. They also have full time IT people that monitor their systems 24/7 even if most of the solutions are off-sourced to the cloud.

Compare that with consumers who don't know shit about IT security and simply want a cheap solution that works (cheap, reliable, and secure are rarely available together). The expense (you have the choice of shopping services, but can't actually control their prices), reliability, and security are all outside of my control with a cloud based solution. The fact is that most of us are storing very little data over the long term - perhaps a dozen TB (and that's probably more than 90% of us store). There is little reason to NOT do this locally. I can buy a single 12TB drive now for a couple hundred bucks and nearly every computer ever made has the capacity to add a second drive to it. This means I can host these file locally and have a cheap, reliable, and secure solution. Why in the hell would I consider moving to a cloud solution?

 

[sebastiantombs]

@Nunofya Ever hear of OpenVPN? I can get to my system from anywhere, anytime I need to from my phone.

 

[The Automation Guy]

@Nunofya Ever hear of OpenVPN? I can get to my system from anywhere, anytime I need to from my phone.

@Nunofya And more securely than using a cloud solution too.

Your locally stored data requires an encryption key to access via a VPN vs a cloud solution that needs only a simple username/password for access and which is stored on a network/server that we have no control over the security of. Not all online hacks are user name/password based. Many are executed through a network/server that is susceptible to security exploits.

 

[bp2008]

What @mat200 is getting to is the bandwidth demands of these cameras.

My cameras are on their own isolated network that does not touch the router or the internet. My cameras are streaming between 280Mbps to 350Mbps depending on motion. This is full-on, never stopping to take a breath. Even if someone has a gigabit internet, a 3rd of non-buffering 24/7 data will impact its speed.

Yep, even if the last-mile network can handle it, the ISP is going to notice someone using 100 to 10000 times as much bandwidth as their neighbors who pay the same price, and decide this customer isn't worth it.

Cloud surveillance products only work by compressing the video a lot more than anyone should for local storage, and/or by sending video only upon motion detection. Or both, if the service provider knows what they are doing.

I can buy a single 12TB drive now for a couple hundred bucks and nearly every computer ever made has the capacity to add a second drive to it. This means I can host these file locally and have a cheap, reliable, and secure solution. Why in the hell would I consider moving to a cloud solution?

Maybe if you had too much money to burn. 12 TB of cloud storage, even with minimal data transfer fees, is about as expensive as buying a new 12 TB HDD every month or two.

 

[Nunofya]

@Nunofya Ever hear of OpenVPN? I can get to my system from anywhere, anytime I need to from my phone.

Learning about it from you guys here Have an Asus RT-AC87U that has it on it. Don't really know how to set it up though. I have T-Mobile 5g home internet and I know there's issues with setting up VPNs with it. Kind of went through the steps and this is what I get, "The wireless router currently used a private WAN IP address" and "This router may be in the multiple-Nat environment and DDNS service cannot work in this environment."

 

[sebastiantombs]

I think Matt can help you with that. Wireless 5G connections are problematic, and even if you used port forwarding with 5G it won't work.

 

[iwanttosee]

Learning about it from you guys here Have an Asus RT-AC87U that has it on it. Don't really know how to set it up though. I have T-Mobile 5g home internet and I know there's issues with setting up VPNs with it. Kind of went through the steps and this is what I get, "The wireless router currently used a private WAN IP address" and "This router may be in the multiple-Nat environment and DDNS service cannot work in this environment."

You need T-Mobile to get you a public IP address.

 

[Nunofya]

I think Matt can help you with that. Wireless 5G connections are problematic, and even if you used port forwarding with 5G it won't work.

Who's Matt?

 

[SpacemanSpiff]

Quite a few great comments that have already been posted, which means I will not bother repeating 'em.

I will add... cloud based systems are useless when the cloud is inaccessible, or even worser-r-er-er the cloud is down.