Meet High Standards of Data Protection and Privacy
Running a video surveillance system is a great responsibility. It involves receiving, viewing, collecting, storing and handling visual images and various auxiliary data, some of which are classified as personal and are therefore subject to strict data protection regulations. While in some countries such regulations have been in effect for a long time already, the General Data Protection Regulation (GDPR), which came into force on May 25th, 2018, put a new face on the data protection and privacy principles in Europe. We do our best to ensure that our users comply with these by implementing enhanced security features.
This article highlights software functionalities that help you safeguard the data, which are collected and handled by EVO servers.
Record and Store Only What You Really Need
All Luxriot EVO products provide flexible configuration options for data recording, thus aiding you to comply with GDPR's data minimization principle. You can create different recording profiles and sets of profiles based on time, motion, video analytics, hardware sensors and other external events of different types to ensure that only the required data are recorded.
- base recording configuration for channel A: recording by motion at night and no recording during the day
- event-driven recording for channel A is enabled and configured so that the recording is triggered by VCA (video analytics) events
- additionally, there is an "emergency recording" button for the operator: manually trigger full FPS recording for one minute
Software settings let you define a data retention profiles for each server separately; moreover, individual archive duration settings can be applied to specific video channels groups of channels. These settings are easily adjustable so re-defining the time limits – archive duration quotas – only requires a few clicks in EVO Console. Quotas ensure that data older than specified are deleted automatically so you do not have to worry about it.
EVO Monitor permits removing individual parts or the video archive, thus allowing people to exercise their right to erasure ('right to be forgotten'). Understandably, you should grant corresponding user privileges to trusted personnel only in order to prevent unauthorized erasure. Also, a separate permission lets users protect specific parts of the archive, preventing them from being deleted.
Protect Your Data from Unauthorized Access
Enhanced security features are an integral part of Luxriot EVO software. What exactly are they? Here's the list:
- server security policy for strong and secure user passwords
- advanced permissions for live and archived resource access and management with support for built-in and AD/LDAP users and user groups
- all user actions that involve permissions are logged and securely stored
- internal server activity is logged as well
- your server databases, where all the settings and logs are kept, are encrypted by default
- all connections between servers and clients support encrypted mode, including HTTPS for mobile applications and Web browser clients
- you can define a password to encrypt each storage item (and you can also change it whenever you want)
- archive backups can be protected with a password as well
- you can lock individual parts of the archive so that they cannot be erased
Example: access to the server management via EVO Console application is only permitted for designated users and is protected with a password. All unauthorized connection attempts from other user accounts are logged into an encrypted database, and only designated users have access to these logs.
Another example: regular operators only have access to live video/audio streams. Chief operators have elevated rights so they can access the footage for playback. And only administrators can export snapshots and video data.
Say No to Data Loss
Accidental data loss may have severe consequences so we have added several redundancy features, which act on different levels.
First and foremost, the server databases – where the settings, audit logs and events are kept – are automatically backed up; backup frequency and destination directory are configurable. Additionally, a special wizard lets you create a manual database backup at any time, so, after applying major changes to the server configuration, you can have a copy of it and store it safely on a different computer or on a USB memory stick. The same wizard can help you restore the EVO server database to an earlier version.
Within each server, there is a fallback storage option: you can pre-configure a storage item that will serve as a "last chance" recording destination if all the other storages within the same server have failed. Naturally, when the main storage is available again, the software automatically switches back!
Speaking of potential server-camera connection issues: for those cameras that support edge recording, EVO will automatically download the recordings from the camera SD card after the connection between the server and the camera is restored.
Apart from the manual archive backup, which is available for all EVO software editions, EVO Global offers automatic backup for the recordings – we call it "replication". You can create multiple copies of each channel and store them on different servers; thus, even if the main recording server storage is lost irretrievably (hope this never happens), there will be an intact copy (or copies) of the recordings on other servers.
EVO Global, with its multi-server system and centralized management, has two great features that ensure high availability at the server level. For recording servers, any number of failover clusters can be created with any required redundancy level; failover activation and de-activation is automatic. For the central management server, a specially designated mirroring server can be set up. The reaction time for the failover servers and the mirror server is configurable and can be as fast as immediate (no delay whatsoever).
And last but not least, all the cases described above trigger events on the EVO servers: this means you are notified straight away if something goes wrong.
Investigate in No Time at All
Luxriot EVO Monitor provides you with smart tools that search in the footage based on time, motion, external and VCA events. For video streams having no metadata, a special sequencing mode is available: instead of skimming through hours of footage (which takes considerable time even at 128x speed), you can swiftly find the scene of interest using this search mechanism.
Individual images, multichannel snapshots and chunks of footage can be quickly exported, saved into a network location or burned onto a CD/DVD, and then played back later either using common video players or using Luxriot own portable player tool. Many popular video formats are supported, and you can also choose to generate soft or hard subtitles with the video channel name, timestamp and other details. All the exported files have watermarks on them: a special watermark validation tool is used for verification so you will know if the original files have been tampered with. The portable player tool also provides an opportunity to play back Luxriot EVO archive in the proprietary format.
Keep It Perfectly Accurate
Precision is crucial for video surveillance. As EVO software operates through Windows API, we use system clock information to date the footage. This means you can either use any of the public NTP servers or your own one to synchronize the system clock for several EVO servers. Once it is done, EVO archive has accurate timestamps, which can be used when playing back and searching the archive, and also exporting video clips: timestamps will overlay the exported video as soft or hard subtitles. All metadata from video analytics and textual data received from external sources also have timestamps.
All data recorded by EVO are watermarked so you will know immediately if any footage has been altered, be it original archive or exported video. When the proprietary archive is played back, the watermark is checked automatically; for exported video clips and snapshots, we provide a special utility that validates the watermark. Thus, we ensure that your data are genuine and integral.
Should you have any doubts or need assistance configuring any functionality described above, do not hesitate to contact us!