Encryption and Security
Verkada’s Command Software is Built for Compliance
Updated over a week ago

Overview

Verkada systems are designed with the needs of law enforcement in mind. Specifically, we understand that an enterprise-grade video security system must be able to support requirements, such as chain of custody, in a way that enables easy sharing of information while holding up under legal scrutiny.

Highlights

  • End to end state-of-the-art AES encryption, ensuring the security of data in storage and transit

  • Permanent storage of digital evidence with full traceability to source

  • Complete audit logs allowing for traceability on viewing, archiving, and user actions

  • Secure sharing capabilities inside and outside of the organization

Security and authenticity by design

Verkada’s modern system architecture and security infrastructure ensures that there is
end-to-end encryption and validation of digital evidence from the camera to our Command software and on to law enforcement and other external parties.

  • On-board storage: Verkada's video cameras securely store video and audio on the device. Video data stored on the camera is encrypted using modern RSA and AES encryption standards. PKI encryption ensures that, even in the unlikely event
    that someone gets their hands on your Verkada camera, they'll find it impossible
    to extract any video data from its onboard storage. Data is retained on the device
    for 30, 60, 90, 120, or 365 days (depending on the model purchased) and cannot be tampered with.

  • Data in transit: By default, all Verkada systems encrypt data in transit using
    HTTPS/SSL to prevent anyone from intercepting or altering the data
    communications. Thumbnails, firmware updates, and settings are securely transmitted between the cloud and device using AES 128-bit encryption, TLS v1.2, and RSA2048.

  • Data in the cloud: Data is redundantly stored within Amazon Web Services' S3
    data storage system. All data is securely encrypted using AES 256 PKI
    infrastructure.

  • Data at rest (locally on the camera): 30+ days of video is securely encrypted on the solid-state storage of the camera using AES 128-bit encryption.

  • Data at rest (AWS): Archived videos, user history, and audit logs are securely stored in AWS using AES 256-bit encryption.

  • User authentication on the Command application: Verkada has stringent
    password requirements and session management to ensure security, and
    supports SAML/OAuth for single sign-on and 2-factor authentication (via SMS and
    authenticator applications).

  • Role-based access control: Our secure cloud management software, Command,
    supports control over the locations, cameras, and functions (such as viewing,
    sharing live, archived video clips, and notifications) ensuring that only authorized
    personnel is managing camera feeds and archives.

  • Audit logging: All actions in Verkada's Command application are tracked and
    available for review and export by administrators and law enforcement (as
    necessary). When a user archives and downloads a clip, those actions are
    recorded to confirm appropriate personnel is performing the action.

  • Secure archive sharing: Video archives that are created through the system can
    securely be shared with individuals inside or outside of the organization. These
    permissions are time-bound and enable secure viewing of the video.

Benefits of our approach

By developing a secure system from the start, Verkada has simplified and addressed
many of the inherent security risks of legacy digital evidence management systems. No longer are video clips subject to chain of custody or non-repudiation claims - the system securely saves archives for the life of your subscription without requiring backup to other storage media. Authenticity is confirmed by our PKI infrastructure, and additional security can be made available for offline viewing and management. Role-based access controls give your administrators the ability to ensure only authorized personnel have viewing and management rights. Finally, audit logs are redundantly stored in the cloud and track all actions taken with any camera on the system giving you and law enforcement a full view of the staff involved in gathering and exporting data.

Did this answer your question?