March 18, 2019
Data Security, Privacy, and Durability with Rhombus Security Cameras
At Rhombus, we have a mantra about always finding ways to improve. From hardware and software to process and culture, we are never content with where we are and always keep an eye on where we want to be. We believe that if you’re not improving, you’re declining.
When we recently sought to make improvements with data storage, we inevitably went deeper and took it as an opportunity to improve everything we do with customer data. We’ll explore some of those changes as they relate to how your data is protected from malicious actors (data security), how your data is treated internally to ensure you maintain control of it (data privacy), and how we ensure we never lose your data (data durability).
From day 1, we have always ensured all of our customers’ data is stored and transmitted with the most modern encryption techniques. But there are always ways to better encrypt data.
• Encryption Key Segregation – Previously, the same encryption keys were used across multiple storage devices. This increases risk as a compromised key would give access to all data. We’ve improved this to use a different encryption key for each medium.
• Encryption Key Rotation – The same encryption key used previously never expired. This increases the exposure if a key were ever compromised, as a malicious user could potentially continue to access private data in perpetuity. We improved this to rotate all keys every 365 days.
• Encryption by Default – We previously relied on our endpoints to specify that the data they are uploading should be encrypted when stored. This created a risk of clients at some point (either intentionally or unintentionally) not including that specification. We improved this to always encrypt all data that we store, regardless of what the client specifies.
There has been much public debate lately around who truly owns the data that tech companies operate on. We are unequivocal in our belief that your video security data is yours alone, and that no one, including Rhombus, should have access to your data without your permission. This has been so important to us from the beginning, and we have always had strict policies around this. And now, we’ve gone a step further and added technical controls to ensure that this is always the case.
• Encryption Key Policies – When troubleshooting, the easiest thing to do is simply pull the problematic data and see what’s going on. The problem with this approach is that once you have pulled the data, it’s effectively out of the purview of anyone else. We no longer know who or what is accessing it. We’ve changed this approach and have explicitly prevented any employees from directly accessing the data. Instead, only specific systems used for troubleshooting can access customer data.
• Encryption Key Audit Trail – We’ve added a complete audit trail any time the encryption keys used to decrypt customer data is used. This ensures we always know the when/what/who associated with decryption events. If there were ever an issue, we would know the complete extent of access, along with the responsible party.
• Support Access – We have always relied on access to a customer’s account by our support team to troubleshoot certain issues. This has always required that a valid user in the account authorize this access by clicking a link. This access would automatically expire after 24 hours. We’re in the process of releasing an improvement to this that would allow a customer to both see if support access is currently enabled and manually revoke it at any time.
Just as important as knowing that your data is secure, is knowing that it’s there when you need it. Our underlying data storage system operates at 11 9’s of durability (yes 11), which means it will lose a piece of your data once every 659,000 years. Down below are some of the ways we ensure this level of durability is sufficient for most customers.
• Transition States – We don’t make a habit of deleting customer data, but it’s not uncommon for one reason or another that old data needs to be expunged. Whether it’s a former customer who wants their data gone (we don’t have any of those!), or data that just needs to be cycled out to reduce costs, sometimes a delete command is required. This comes at the huge risk of accidentally deleting the wrong data, and so we’ve made improvements to how data is removed. Instead of deleting data immediately, it’s moved to a “hidden” state for a period of time. During this time, the data is effectively inaccessible but can be restored if necessary. Following that time period, the data is next moved to cheaper “cold storage” for another period of time. At this point, the data takes time to recover, but it’s there if you need it. Finally, after all of that, if the data still isn’t needed, it is then permanently deleted.
• Checksum Validation – It’s rare for data to become corrupted while in transit, but it does happen. And so, we’ve added a validation step to our clients to ensure that after data has been uploaded, the checksum of the data and the server matches what the client has sent.
We hope you enjoyed this in-depth post on how we ensure that your data is secure, private, and durable. Though these steps require a lot of work from our team, we believe that the peace of mind we deliver to customers is well worth the effort. We not only want to provide a powerful enterprise product, but we also want to ensure that the infrastructure we built can handle any situation.