Security Overview: Faster, Safer, Stronger
It has been almost a year and a half since a new security regulation — GDPR — was implemented. Effective in the EU, this regulation has also affected many international companies and provided a good example of a high-level security standard for other countries. Among other areas, the CCTV industry was pretty much shaken by GDPR implementation.
Despite there have been many talks on the subject, some common misconceptions reveal that not everyone fully understands how it works. We are sometimes asked: is your software GDPR compliant? But this just does not make sense! The software itself is not the data processor; instead, the end customer's company is. Our developers wear their fingers to the bone creating instruments that will help your customers achieve GDPR compliance. But storing a sandwich in the fridge does not satisfy your hunger. Installing the software, no matter how dandy, does not automatically guarantee 100% compliance with a security standard.
Is there something else in our power to assist? At this point, we would like to highlight the existing security features and remind you how they are related to GDPR, helping you build the most secure CCTV system ever.
Access Levels
Feature: Elaborate user permissions and resource grouping.
Granting permissions one by one for a long list of resources is enormously time-consuming. To speed things up, we have added grouping for all resources in EVO Console. With just a few clicks, you can create suitable access profiles (permission sets). When adding a new user, simply put him into the necessary groups, and then grant individual permissions on top. Detailed permissions include temporary access to the video archive (e.g., user can only access the last N days), and stream access selection (video/audio/data/VCA..) for both live and archive mode. For your convenience, EVO supports both internal and AD/LDAP users.
Why: Convenient, flexible access management with a high degree of detail.
On top of that: EVO Monitor features automatic logoff after a certain inactivity period. Also, you can prompt users for a login reason every time they connect to the server.
If not used: Using a single administrative user account on all occasions is convenient yet insecure. If you employ automatic client login, better use dedicated accounts with limited permissions to prevent data breaches.
Information Tracking
What: Detailed audit log.
EVO records every user action, and stores action history in a separate database. It also keeps track of all important server events, like restarts and configuration backup. Using E&A, you can add extra events triggered by miscellaneous resources to be audited, too. The audit information is textual: it does not require extra terabytes for storage. Furthermore, EVO allows extracting any part of the log into a CSV file.
Every step you take, I'll be watching you © Gordon Sumner.
Why it matters: auditing is an efficient way to track all changes in the system configuration. It is also the tool you will need to handle the consequences of a data leak (hope you will never have to!).
What if not: you may have to handle mysterious configuration changes or discover video clips from the archive being uploaded to Youtube without a chance to learn who did it. But yes, you can disable auditing via Console from under the administrative account.
The Crypto Bit
What: Encryption on all levels.
All EVO databases are encrypted by default. The data flow — server-to-server and server-to-client connections, both TCP and HTTP — can be encrypted at will. A recent software update also introduces HTTPS for the server-camera connections. For the video archive: you can protect every storage item with a different password. In-software archive access is shielded by user password, therefore, clients decrypt the archive automatically. Anyone accessing the proprietary archive format (unreadable by third party software) with our Portable Player will have to enter the password. One more precaution: several databases instead of one add extra resistance against corruption.
What for: Help enforce integrity and confidentiality, protecting you from accidental data loss or damage. Unauthorized party with malicious intent cannot gain access to your data.
Do you need it: Imagine anyone breaking into the system with hassle-free access to all resources. Unencrypted passwords pose even more threat: there is a chance the same user accounts are applied elsewhere within the establishment.
Privacy Masking
In case you missed it: Motion filter upon video export.
The logic: If the video information leaves the data collector's jurisdiction, they need to make sure the unnecessary details are not revealed to the third party. This appertains to the confidentiality principle of GDPR, providing anonymization to protect the identity of personal data. Upon extracting any video clip and before converting it into a common file format, you can choose to blur certain scene areas. The masking may be either permanent or motion-based.
Can you live without it: quite, as long as the video is not exported. Or, as long as you are under no [legal] obligation to use masking.
Archive Control
The news: An option to remove archive and protect it from deletion.
All EVO servers now offer a possibility to delete selected parts of the video archive at will. Consequently, there is a "counterpower" to protect any part of the archive from being deleted.
This one is rated "The TOP 1 Contradictory EVO Feature", allegedly being a potential threat to the archive integrity. Hence, this feature is disabled by default and can only be activated by the system administrator explicitly. To stay on the safe side, keep this setting disabled and prevent even users with elevated rights from having the "delete" button in EVO Monitor.
After enabling this setting, you can remove the parts of the archive which are no longer required — without having to wait until quotas are applied. This improves your compliance with the data minimization principle of GDPR. You can delete a specific part of the footage, should you be requested to do so. Per-server and per-channel recording quotas and event-driven recording also complement to the storage limitation principle.
Pros: only collect and store the data you need, and get rid of the rest. As GDPR obliges data processors to be able to remove personal data upon request, EVO provides a perfect tool for this.
Cons: maybe a bit too powerful of a tool, so grant this permission with extra care. Practice shows, you can spend years living happily without it — this feature was not implemented in Luxriot VMS. However, if its usage is inevitable, it is just one click away.
Miscellaneous
EVO presents many components aimed at improving your current and future installations. Be it GDPR compliance, other security principles, or simply common sense.
All EVO footage has a watermark on it. For the native archive format, the watermark is added and verified automatically upon playback. If any frame does not have it — e.g., being broken or modified — the software will notify you. For the video clips exported in common formats, and snapshots, watermarks are appended as well. A tiny validation tool comes along, allowing watermark verification with a single click.
Speaking of fulfilling the information accuracy principle of GDPR: this one seems to be easy in CCTV, as the video information is quite unambiguous. However, if the video is stored in low quality, there may be doubts. It cannot serve as evidence, it may be not enough to prove the location or identity. EVO allows storing video of virtually unlimited frame resolution, accompanied by audio and other supplementary data. Thus, you gain a more precise identification of the objects of interest.
EVO Global, amongst its enterprise features, also offers archive replication. If you have used it already, you probably remember that replicas are copies of the original archive tracks. Stored in different physical locations, they serve as additional protection from data loss.
And, should someone wish to execute their rights to access to the information you store about them, EVO has all the tools to ensure a fast and effective process:
- rapid motion-based search and video sequencing
- event-based recording and bookmarks
- video export in common formats with watermark validation
- own portable player to ensure data readability without EVO installation
Do you think we have missed something? Let us know!