Blog
Published:
July 2023
Encryption is an important component of your overall cyber security infrastructure. Here are four ‘encryption essentials’ to help keep your surveillance data safe and secure.
Encryption is an important component of your overall cyber security infrastructure. Here are four ‘encryption essentials’ to help keep your surveillance data safe and secure.
There are two types of data. For instance, data in transit travelling from the camera to the server or is sent to the cloud. And data at rest, referring to surveillance data held on servers, evidence lockers, storage devices etc.
The former is typically considered the greater security risk for CCTV systems, the fear being that hackers can more easily intercept surveillance data while it is ‘moving’. But often, data held is potentially deemed more valuable, with would-be hackers thinking it’s “kept for a reason”. Encryption measures should be employed in both cases.
Your surveillance solution provider should employ a mixture of encryption techniques to keep your data safe, so knowing what to look out for is useful.
AES-256 is regarded as the gold standard for data encryption and is typically, but not exclusively, applied to data at rest. This is often paired with secure transport protocols such as HTTP encryption (HTTPS) – something all internet users will be familiar with – and Transport Layer Security (TLS), a transport protocol that provides end-to-end security for data in transit over the internet. Make sure your provider is using TLS v1.2, at least.
Encryption is a two-way process to maintain data security. It is designed to be reversible. Data is encrypted with a specific encryption key and returned to its original state when an authorised individual uses an agreed decryption key.
By contrast, hashing is a one-way process for data validation. Once a Secure Hash Algorithm (SHA) has been applied to surveillance data it creates a unique number. That number will only change if the data concerned has been altered somehow, making hashing vital for things like evidence validation. Both should be employed as part of any surveillance system.
One area of encryption often overlooked is system configuration. It’s all very well encrypting data at rest and/or in transit, but that information is still vulnerable if someone knows how your system is configured. It’s like creating a pattern lock for a phone and then leaving a post-it note reminder on the device.
Most surveillance systems will offer manual encryption, but the best option is to select a solution that provides system configuration encryption by default. It’s also worth looking for solutions that monitor configurations and system activity to flag potential security risks, e.g. password vulnerabilities.