Introduction

Security is a key part of all aspects of Ops and is built-in from the start at levels that meet or exceed industry standards.

Infrastructure

The infrastructure is run in a highly secure environment which is hardened to industry standard levels and heavily tested, with considerations such as:

1. Isolated: Runs in an isolated network away from all other systems.
2. Hardened: Servers are all hardened to PCI v3.2 levels which includes the use of the latest TLS 1.2 encryption standards.
3. Databases Secured: Databases are encrypted at rest and in transit using the industry standard AES-256 encryption algorithm, and have strict security and hardening rules including restrictions that ensure they can never be exposed to the internet.
4. Application Servers Secured: Application servers have strict security and hardening rules including restrictions that ensure only application ports are exposed to the internet.
5. Networks Secured: Networks have strict rulesets controlling the flow and monitoring of data.
6. Administration Secured: Administration is performed under a strict set of controls covered by our ISO 27001 certification including being limited to a select number of trained and trusted staff, access being via a single managed path instead of direct to servers which provides additional security and auditing, and all infrastructure administrators requiring Multi-Factor Authentication and secure passwords to ensure that unauthorized infrastructure access is not possible.
7. Penetration Tested: Penetration Testing is performed on the infrastructure by external providers to provide confirmation on the security of the system.

Application

The Ops application is also highly secure and heavily tested, with considerations such as:

1. Data Encrypted: Data transmission is encrypted using industry standard 2048-bit encryption using the latest TLS 1.2 protocol.
2. Tenants Separated: Tenant Separation is enforced at all levels of the application to ensure you only get to see your own data.
3. Users Secured: Password complexity detection, timed lockout on repeated failed attempts, and Multi-Factor authentication are all provided to ensure all user access is secure, additionally user passwords are stored as one-way salted hashes to ensure they cannot be reversed. Organizations can also leverage Single Sign On (SSO) for user authentication against their own Identity Provider.
4. Customer Support Secured: Customer Support is performed under a strict set of controls covered by our ISO 27001 certification, including being limited to a select number of trained and trusted staff, being restricted to only access one tenant at a time, and the requirement for strong passwords and use of Multi-Factor authentication to ensure that unauthorized application access is not possible. Additionally, customers can control the access that the SureView support team has to their account, granted access for a specific amount of time.
5. Penetration Tested: Penetration Testing is performed on the application by external providers to provide confirmation on the security of the system.

Cameras & Ops Link

The use of cameras (whether direct or via an Ops Link) is also highly secure and heavily tested, with considerations such as:

1. Data Encrypted: All data between Ops Link and the Ops servers is encrypted using industry standard 2048-bit encryption over the latest TLS 1.2 protocol.
2. Tenants Separated: Tenant Separation is strictly enforced to ensure no other tenant can view your cameras.
3. Access Restricted: Ops Link restricts connections to only the cameras on your network that you permit.
4. Privilege Restriction: The Ops Link service runs as a non-privileged user so in the unlikely event of a security breach an attacker does not have root access to the system it is running on.
5. Penetration Tested: Penetration Testing is performed on the application—including the Ops Link component—by external providers to provide confirmation on the security of the system.

IMPORTANT: we recommend the following additional steps to provide an even higher level of safety:

1. Isolation: Place your cameras and Ops Link in an isolated network (such as a VLAN) to separate them from other business systems, or, set access rules on your network switches to restrict your Ops Link so that it is only able to talk to your cameras.
2. Privilege Restriction: Provide a read-only username for your cameras, so the only permission Ops has on the cameras is to view video (Ops does not need permissions that allow altering settings on your cameras).