It’s Video Insecurity Time
Security Magazine asked Richard “Chip” Howes, CEO and co-founder of Steelbox Networks, to talk about the current and future of security technology.
Security Magazine: How do you view the security situation today?
Howes: We live in a world that always tries to find better ways to protect everything from top secret government facilities to e-mail. And yet, one of the major opportunities for attack and misuse is very often the security tools that we depend on. Networked video is no different.
The market for networked video is booming. Businesses use it for facilities surveillance, customer contact, employee training and monitoring employee behavior. Consumers use it to download movies or TV shows. Increasingly, the Internet’s ample bandwidth and inexpensive digital cameras and PC-based editing tools make it possible for anyone to create and post high quality work. Every day, more people do.
Security Magazine: What has been overlooked?
Howes: One very important element has been overlooked during this rush to create new ways to use digital networked video – security. It’s a particularly acute irony, when one considers how often networked video itself is used for security purposes. And the increasing popularity of IP-based network video makes it an ever-more attractive target for attack.
Data is data, whether an accounting database or a video clip. The same security risks apply to digital networked video that apply to any other piece of digital information. Privacy and confidentiality laws and regulations apply – with similar levels of liability for any failure to comply.
Security Magazine: What does it mean to have a secure video network?
Howes: The simple answer is that anyone collecting, editing, storing or retrieving video across a network must limit access to appropriate users, at appropriate times, for appropriate purposes. These organizations must document that security controls, as defined via security policy, work as and when expected. Any video that is legally actionable must be stored in accordance with the organization’s overall information retention and destruction policy.
Fortunately, many of the same tools and techniques used for network security can be applied to video networks. For example, sensitive material should never be available on a public network without a firewall, access control, intrusion protection and (when appropriate) data encryption. Digital video, by definition, allows specific rather than random access to material of interest, which greatly simplifies building a log of who accessed what, and when.
Security Magazine: What are video challenges and strategies as you see them?
Howes: Video has its challenges, which limit the utility of third party security solutions. Video can consume huge quantities of network bandwidth and storage. That load may be more than most network security technologies can handle.
In addition, one of the most common strategies to minimize the impact of video on networks is to delete unnecessary segments. The problem is that choosing which segments to trim must be aligned with information management policy, which typically requires human intervention. It takes too much time to perform these tasks manually, so many organizations either keep too much or risk deleting the wrong material.
Data compression provides a similar problem. If the compression degrades the video too much, then the reliability and legal admissibility of the data becomes open to question.
Our position is that too many network video vendors push these issues off onto the customer.
Security Magazine: What is the difference at Steelbox as you see it?
Howes: We took a different approach. We build intelligent networks designed for the specialized needs of video transport, storage and retrieval. These networks use a highly secure operating system with built-in firewall functionality and other appropriate IP-based security features. The security is built into the network itself.
Our technology also has the unique ability to automatically delete or reduce the frame rate of less significant video to create more efficient storage. The video stream is otherwise unaltered. Which frames or clips are kept is determined by corporate policy, so that essential data is retained at all times, while also maintaining instant access to any frame stored anywhere in the system. In other words, our networks work very comfortably and automatically within existing information retention policy, which greatly simplifies security, management and storage.
This industry needs to make it easier for customers to handle things like securing video networks without distracting them from their core business operations.
We’ve made some interesting innovations to bring this vision to fruition. However, this market will never reach its full potential until crucial elements such as security become the bedrock for everyone’s products and services.