Cloud-Based Video Surveillance

Clearing up confusion and presenting the different ways that video surveillance systems can connect to and use the cloud

"Cloud-Based Video Surveillance" doesn't have a very steady definition and can mean three very different things.

So, lets get on the same page.

In most other industries, "Cloud" means that the service is performed on a group of servers on the internet, rather than a local device. So, for example, you interact with "cloud based accounting software" on a website - you don't install it on your computer. Obviously, it can't mean that in video surveillance as the camera still has to be on location. So, what is in "the cloud" in cloud video surveillance, then?

What's in the cloud anyways? Why does anyone want cloud?

With cloud based video surveillance, there are three things that might be in the cloud.

  • The footage.
  • Additional processing power to analyze important video footage.
  • The program you use to view the footage or live feeds.

Q. Why do people want footage in the cloud?

A. To have a backup in case a hard drive get corrupted or if the storage system gets stolen, to see what happened right before a power outage or network disconnect, or to help manage an emergency where many first responders may need to all access the footage at once.

Q. Why do people want additional processing power?

A. To count people or vehicles, to measure statistics on activity, to run facial recognition, or many, many other types of video analysis.

Q. Why do people want the program that views footage to be in the cloud?

A. To decrease their local network cyber security risks. Many institutions do not want to give access to the local network for remote employees or third party security guards.

Not all solutions have the same things in the cloud.

Three Different Design Architectures that People can mean when they say "Cloud-Based" Surveillance:

Web View Not Cloud

1. No Cloud

It might sound strange, but a significant number of people who say that their video surveillance system is "cloud based" are wrong. In part because several companies started using "Cloud" branding to describe their NVR or camera's webpage-login, there's a significant misperception of what "Cloud-based video surveillance" means. To be clear, there is no cloud in this design (by cloud we mean a server managed by the surveillance provider, the NVR is essentially a very small server but it is managed by you).

When you connect to a NVR or POE IP camera, you are using a peer-to-peer connection back to the local network where the camera or NVR is located and talking directly to the device - not a server. The footage is stored on the device (camera or NVR) on your local network. The web-based application that views the footage on the device is located on the device, as well. There is no server being used at all in most NVR or camera setups.

This can be insecure from a network / cyber security perspective.

The easiest way to setup remote viewing is to poke holes in your firewall, which is not advised but is often done. The video streams in most cameras do not use cyber security best practices, as they are intended to have as little latency (how much delay footage seen on a screen is to real events) as possible. RTSP (the common way of streaming video) isn't encrypted and the username / password are in the URL.

The media makes a lot of hay about cloud providers being hacked but makes almost no mention of local networks being hacked. The local network being hacked far more often and are far, far more serious threats.

For a big company, the risk of a hacked device isn't that someone might watch you camera feeds - what are they going to see, some people working at a desk? a clean up on aisle nice? - hackers want access to your network data, where you are moving source code. The major risk is that that that username and password can also be used to upgrade firmware on the camera, which means that you're essentially publicly announcing the username and password needed to put malicious code behind your firewall.

The most common attack that uses this method is the Mirai botnet, which uses camera firmware vulnerabilities to spread viruses and other malicious code to other devices on your network. Mirai affect nearly 1.5 Billion cameras and cheap routers. It is primarily used to disrupt government or utility services but also can be used to steal source code and infect other devices, such as computers or routers with other more harmful viruses.

There's also a secure way to view a NVR remotely:

You can solve this cyber / network security problem by using a commercial grade VPN (virtual private network), firewall, and VLANs.

ring doorbell - camera to cloud

2. Camera to Cloud.

Some providers try to go from camera to cloud - without using an additional hardware in between. In this sort of design, the camera is on the local network and the footage and viewing program are on a server. If the video surveillance application is on the There are two different ways that you can go from camera to cloud The first route is (1) RTSP feed based, camera agnostic open platforms or (2) Service locked camera platforms.

RTSP-feed based, camera agnostic open platforms

Open platform are preferred, but again, this is insecure. RTSP cannot be made secure, so it really should not be leaving the internal network. This gives remote actors access to your network and a way to run malicious code behind your firewall.

RTSP-feed based, camera agnostic open platforms also have the added drawback of not working when you don't have internet access. If your internet is out that feed has nowhere to go and your feed is saved as a recording.

RTSP-feed based, camera agnostic open platforms are usually cloud-only recording solutions. Even if the camera can store a copy locally on a SD card, on a NAS or in a NVR, these open platforms often don't have ways to pull that data from those locations.

Lastly, cloud-only recording is a bad fit for non-residential use. Most camera to cloud consumer products are doorbells and factor only about 3 minutes a day of recording into their business plans (6 times going out your door per day at 30 seconds an instance). Corporate cameras may record a busy workplace for 8 hours a day and government cameras may record a busy intersection that gets traffic 24/7. Institutions also have far greater number of cameras per location. Whereas most homes have 2 or 3 low resolution cameras, the state university located near our headquarters has over 1000 4K cameras on campus. That's about 8 Gbps per second in data being created. Cloud only recording works perfectly well for consumers because consumer devices only capture events sparingly and don't tend to put cameras up on the inside of their home. Non-residential camera deployment create more data because they record more active and more numerous locations.

Corporate, government, and non-profit clients should absolutely rule out RTSP feed based cloud-only recording.

Cloud-locked Camera Platforms

Some cameras can only talk to the same cloud platform. These service-locked-hardware models are quite popular with consumer brands, because of two reasons (1) the services and products are subsidized by the fact that you're the product - the T&Cs for most of these offers indicate that you're agreeing to let those companies mine your video so they can usually serve you better advertising (2) super cheap consumer grade cameras can treat the hardware as disposable.

Camera to cloud using service locked camera platforms solves most of the problems brought up with "no additional hardware" RTSP based platforms, but introduce new ones as well.

Usually camera-to-cloud utilize hybrid storage, with some video files located on a SD-card in the camera and some footage located in the cloud. This does a great of solving the "just can't upload it all" problem and the "internet down" problem. But, this creates a really big new problem. With on-premises surveillance systems, the storage is not primarily located in the camera because cameras get vandalized quite frequently. Using the camera as the primary source of footage storage is a remarkably bad physical security decision.

By locking you into a service and disabling remote access from any where else, you solve the cyber security concerns, however that "lock in" has some big downsides. You get security, but not lose flexibility. If you don't want to use that service anymore, your cameras are completely useless. Considering that these "cloud locked" camera typically cost $2,000 - $10,000, that's a big issue. Many people who buy these product don't realize this and often feel mislead and "locked in" - like they had to buy the car and then also pay for a lease.

The other main problem is market size. Obviously someone who sells cameras that you can use with any cloud platform or any on-network recording device (NVR or VMS) are going to have more clients and thus more model diversity than a camera that only works with one platform. This often means that you have limited camera hardware options. If you need a viewing angle or super long distance camera, and the lock in service doesn't carry it, you can't go buy a third party camera and "integrate" it.

hybrid cloud bridge

3. Hybrid cloud open platforms

Hybrid cloud based platforms use bridge, pcs, or appliances that solve all of the above problems.

They solve the lock-in problem by being camera agnostic.

They solve camera vandalism problem by storing the video in a secure location, like a server room or stage closet.

They store the majority of the video locally and send it to the cloud on-demand (when the user asks to play it) or automatically when it meets certain criteria. This helps solve the "too much data to send" problem and the "internet down" problems.

These devices solve the cyber security issues by receive the unencrypted RTSP camera feeds on the local area network, adding a layer of security to them (such as encryption, white listed ip addresses, and one direction data transfer). They also move the viewing application to the cloud and thus remove any need to expose the network to logins from remote locations.

Some hybrid cloud platforms, like Survail, even add additional cyber security protections like integrated VLANs and VPNs. Some, again, like Survail, are also able to analyze footage in the local network to determine if footage contains events of note by using computer vision and machine learning.