SlideShare a Scribd company logo

DataSecurityTechnicalOverview

L
Lloyd SOLDATT
1 of 8
Download to read offline
prism.com Data Security, Privacy, & Technical Requirements Real-time imagery. Real-world insight.
2 Table of Contents Introduction……………………………………………………..………………….........……....Page Operational Overview Prism Video Processing…………………………………………………………..Page On-camera connection…………………………………………………………...Page Server-based connection……………………………………………………….Page Set up Operations and Requirements………………………………..Page Cloud Connection Bandwidth, Ports & Data Transmission…………………………......Page Authentication………………………………………………………………….......….Page Data Storage & Security..………..……………………………………….........Page User Access and Data Ownership…………………………………….…Page Prism on Privacy…………………………………………….....………………………..........Page Frequently Asked Questions………………………………………………….……...Page 3 4 4 4 4 5 5 6 6 6 7
Welcome to Prism Prism transforms any video camera into a visual merchandising, auditing, and business intelligence tool by generating aggregate data from video and securely transmitting this data to our cloud-based platform. Users can view and analyze the data to better understand, manage, and optimize their real-world stores. Prism uses an encrypted, low-bandwidth connection to continuously transmit real-time data where it’s securely stored in the Prism cloud. Customers have full access to and control over their data including privacy configuration and permissions for an unlimited number of users in their account. Data Security & Technical Overview Scalable Video Processing Video is processed on Prism enabled cameras or local server. Layers of images and metadata are extracted and pushed to the Prism cloud through an encrypted, low-bandwidth, real-time stream. Secure Cloud Storage All data and visualizations are securely stored in the Prism cloud. Prism uses Amazon Web Services to handle data storage with Identify and Access Management (IAM). Unlimited User Access Insights generated by Prism can be accessed by an unlimited number of approved users in a single account. Customers own all of the data provided to and generated from Prism.
4 Prism Video Processing Prism processes video locally by extracting layers of images and metadata to create visualizations and analytic outputs. At each instance, (i.e., at each store/ camera) a low-bandwidth, real-time stream of images and data is securely pushed to the Prism Cloud. An unlimited number of approved users can log in to the Prism application in a single account to access and customize in-store visualizations, create data trend reports, and view analytics for each connection. —— These visualizations and reports can include images of stores and merchandise, occupancy data, pathmaps and heatmaps indicating activity hotspots while removing people from the foreground —— Unlimited approved users can simultaneously access insights from their mobile device or laptop without requiring individual connections to the local store’s network. —— Unlimited end-user access is included in Prism’s standard service. —— Prism also works with analog cameras, with the addition of an IP video encoder from which Prism can extract video Deploying Prism in-store is accomplished by: 1. On-camera connection to video When running on a camera, Prism collects and processes video frames as a separate function without disrupting the normal operation of the camera. Prism runs as an embedded software in enabled cameras using internal APIs to collect and process video frames. The only requirement: the enabled camera must be connected to a local network that enables an outbound internet connection. 2. Server-based connection to video Prism can be installed in an existing camera using a local server to collect a separate video feed from the camera or VMS system. Prism layers on to existing (or new) in-store video infrastructure to process visual data jointly without disrupting the camera’s normal operation. Set-up Operations and Requirements The Prism platform collects and processes video sources and securely sends data to the cloud. Each installation of the application (either in camera or on a server) establishes an authenticated, encrypted connection with the Prism cloud service that is uniquely associated with the customer’s account. During the installation process, the user is asked to provide administrator level credentials in the form of a user login or a token. This enables proper authentication of any instance to the customer account.
5 To connect a Prism-enabled device, —— The store must have local Internet connection —— The Prism-enabled device must have access to the store’s local Internet in order to establish an outbound connection to the Prism cloud For server-based connection, —— The server running Prism must be on the same subnet as the video sources in order to discover cameras and establish a connection —— Prism’s platform can interface with IP cameras and analogue cameras connected to encoders —— IP cameras can be communicated with directly (i.e., no requirement to connect to video via an installed VMS) During the initial system connection, Prism sends a single image from each video source to the cloud application. The users can then identify and label the source. Once it’s identified, the video source can be enabled. Prism can be configured to scan the network continuously for changes to available video sources or to only scan upon request. Once a connection to the Prism platform is established, the administrator account credentials are exchanged for a temporary install-specific unique token. For security reasons, the user credentials are temporary, and used only for the initial verification. Cloud Connection: Bandwidth, Ports & Data Transmission —— Prism uses HTTPS protocols to establish a connection to the Prism platform —— Prism uses port 443 to establish an encrypted outbound connection to iapi.prismsl.net —— If no connection can be made, Prism will attempt a re-connection every minute (images and data will continue to buffer until connection is successful to avoid any data loss). —— Prism’s average upload bandwidth requirement ranges between 20 - 50 kbps per camera, which is dependent on the data and image outputs configured Authentication Access to Prism data is authenticated using strict security at each step of the service. —— User passwords are sent encrypted and stored indirectly, using PBKDF2 hash
6 —— Cross-site scripting (XSS) and request forgery (CSRF) are handled at the application level using standard libraries —— All access is continually logged and audited on a per-request basis Data Storage Prism uses Amazon Web Services to handle data storage with Identify and Access Management (IAM), an industry-leading secure cloud storage. —— The IAM system manages what Prism does in the cloud (using EC2) and how we store our data (S3) —— IAM uses multi-factor authentication and limits network access by port and IP address on a per-machine-type basis User Access Controls and Data Ownership Prism customers own all data they provide for processing by Prism and all data generated by the processing. The customer remains in control of the information sent to the cloud and what data is available to the end users. Specifically, the customer has ultimate control over: —— What data (video, cameras) is processed locally by Prism —— What data (privacy or non-privacy enabled) leaves the store —— Who has access to certain data Additionally: —— No customer data is public —— Customer created user accounts and access privileges can be adjusted and controlled for specific sites, cameras and data types —— Data anonymity is user controlled and all aggregate analytics are anonymous —— Prism users control what data is outbound (sent to the cloud) —— All user logins and passwords are protected Prism on Privacy Privacy is a core pillar of Prism’s corporate policy and services. Prism uses video cameras as visual sensors to collect data - not as video cameras in the traditional sense, where they stream, monitor, and store full frame rate video. In order to protect the privacy of individuals, regional and national governments are putting into place laws, requirements, and audits to regulate video surveillance systems. While these regulations do not apply to Prism, as
7 our solution is not a CCTV or video surveillance system, Prism understands and respects the value of data privacy that these regulations are made to protect. Prism was designed with privacy protection as a foundational feature of the overall technology since its inception. Therefore: —— Prism can be configured to refrain from storing video data ­— Our platform processes camera output in real-time to generate aggregate, de-identified data. None of the raw video input is stored, ensuring that it is impossible to save, monitor or retrieve people or faces —— Prism masks identifiable information from the output imagery — Prism’s visual output is privacy protected and contains no identifiable information. — Prism can be configured to remove foreground images (people, faces, and other identifiers and generate aggregate data models of activity over background images. —— No images are capable of being reconstructed to create identifiable data. This functionality ensures that Prism data is not “privacy data” as defined by various regional and country regulations —— Simply put, Prism can eliminate the monitoring and surveillance of people in every way. To understand more about Prism’s position on privacy, see our full Privacy Policy at www.prism.com/privacy. Frequently asked questions What cameras are currently configured to support Prism internally? Does this remove the need for a server in my store? —— Currently Prism is enabled on-camera for certain models from Axis and ISD. Visit our website for the latest list of manufacturers. —— With Prism running on camera, there is no need for any additional hardware or server in your store. For server-based solutions, how does Prism connect to video? —— Prism uses RTSP and HTTP protocols to collect a secondary stream of video without disrupting your existing VMS or normal camera operation. Does Prism resell customer data? —— Privacy is a core pillar of Prism’s service policy. We do not re-sell customer data at anytime.
8 Does Prism store data locally? —— With the exception of temporary buffers to ensure data is transmitted to the cloud, Prism can be configured to not store data, including video, locally. What data can Prism see? —— Authorized employees can view customer data in order to understand how users are interacting with the platform and to troubleshoot customer issues. This access can be restricted by the customer at anytime. What cameras are compatible with Prism’s server-based solution? —— Prism works with a variety of cameras - see the full list in Appendix B or refer to our website for hardware specifications. We recommend customers use cameras with a minimum resolution of 720p. What bandwidth does Prism use? —— Prism’s average upload bandwidth ranges between ~ 20 to 50 kbps per camera. What ports do Prism use? —— Prism uses port 443 for secure, SSL encrypted transmission of data between all instances of communication between the platform and the Prism cloud service. How long is data stored? —— Prism stores imagery and analytic data for one year as part of our standard service. Can I export the data? —— Yes. The application provides tools for downloading specific data sets as a CSV formatted file. Prism also provides a REST API for secure programmatic access to your data. Reach out to support@prism.com for more information on the API. Who owns the data? —— The customer owns all data entered and generated through Prism.

Recommended

Data Security and Technical White Paper Final (1)
Data Security and Technical White Paper Final (1)Data Security and Technical White Paper Final (1)
Data Security and Technical White Paper Final (1)
Lloyd SOLDATT
 
Поддержка, конфигурирование и мониторинг сети с помощью HP IMC
Поддержка, конфигурирование и мониторинг сети с помощью HP IMCПоддержка, конфигурирование и мониторинг сети с помощью HP IMC
Поддержка, конфигурирование и мониторинг сети с помощью HP IMC
TechExpert
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Akamai Technologies
 
ClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User GuideClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User Guide
Aruba, a Hewlett Packard Enterprise company
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 

Recommended

Data Security and Technical White Paper Final (1)
Data Security and Technical White Paper Final (1)Data Security and Technical White Paper Final (1)
Data Security and Technical White Paper Final (1)
Lloyd SOLDATT
 
Поддержка, конфигурирование и мониторинг сети с помощью HP IMC
Поддержка, конфигурирование и мониторинг сети с помощью HP IMCПоддержка, конфигурирование и мониторинг сети с помощью HP IMC
Поддержка, конфигурирование и мониторинг сети с помощью HP IMC
TechExpert
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Akamai Technologies
 
ClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User GuideClearPass Guest 6.4 User Guide
ClearPass Guest 6.4 User Guide
Aruba, a Hewlett Packard Enterprise company
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Security from the Inside
Security from the InsideSecurity from the Inside
Security from the Inside
Naomi Weisz
 
ClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release NotesClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release Notes
Aruba, a Hewlett Packard Enterprise company
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
Aruba, a Hewlett Packard Enterprise company
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
Aruba, a Hewlett Packard Enterprise company
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
Maliha Ali
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
davebrosnan
 
Akamai waf
Akamai wafAkamai waf
Akamai waf
Aysegul Ekinci
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
MarketingArrowECS_CZ
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
 
Managing HotSpot Clients With FreeRadius
Managing HotSpot Clients With FreeRadiusManaging HotSpot Clients With FreeRadius
Managing HotSpot Clients With FreeRadius
Dashamir Hoxha
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam
Rodrigo Martini
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Aruba, a Hewlett Packard Enterprise company
 
resume 2016
resume 2016resume 2016
resume 2016
Brandon Jarvis
 
Week 6 13
Week 6 13Week 6 13
Week 6 13
missfcmay
 
render-certificate
render-certificaterender-certificate
render-certificate
Indrajeet Verma
 
Normas apa para citas
Normas apa para citasNormas apa para citas
Normas apa para citas
SemilleroPoliticasPublicas
 
Rupert Groenewald CV1
Rupert Groenewald CV1Rupert Groenewald CV1
Rupert Groenewald CV1
Rupert Groenewald
 
Week 4
Week 4Week 4
Week 4
missfcmay
 
Week 15
Week 15Week 15
Week 15
missfcmay
 

More Related Content

What's hot

CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
Maliha Ali
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
davebrosnan
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Aruba, a Hewlett Packard Enterprise company
 

What's hot (15)

Security from the Inside
Security from the InsideSecurity from the Inside
Security from the Inside
 
ClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release NotesClearPass 6.4.0 Release Notes
ClearPass 6.4.0 Release Notes
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
Akamai waf
Akamai wafAkamai waf
Akamai waf
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Managing HotSpot Clients With FreeRadius
Managing HotSpot Clients With FreeRadiusManaging HotSpot Clients With FreeRadius
Managing HotSpot Clients With FreeRadius
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 

Viewers also liked

MGIS Capstone Walking for Leisure 2013
MGIS Capstone Walking for Leisure 2013MGIS Capstone Walking for Leisure 2013
MGIS Capstone Walking for Leisure 2013
George Sprehn
 
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing NeedsVera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Paymetric, Inc.
 

Viewers also liked (19)

resume 2016
resume 2016resume 2016
resume 2016
 
Week 6 13
Week 6 13Week 6 13
Week 6 13
 
render-certificate
render-certificaterender-certificate
render-certificate
 
Normas apa para citas
Normas apa para citasNormas apa para citas
Normas apa para citas
 
Rupert Groenewald CV1
Rupert Groenewald CV1Rupert Groenewald CV1
Rupert Groenewald CV1
 
Week 4
Week 4Week 4
Week 4
 
Week 15
Week 15Week 15
Week 15
 
Aprendizaje significativo
Aprendizaje significativoAprendizaje significativo
Aprendizaje significativo
 
Aurrera begira 2015. Indicadores de expectativas juveniles
Aurrera begira 2015. Indicadores de expectativas juvenilesAurrera begira 2015. Indicadores de expectativas juveniles
Aurrera begira 2015. Indicadores de expectativas juveniles
 
MGIS Capstone Walking for Leisure 2013
MGIS Capstone Walking for Leisure 2013MGIS Capstone Walking for Leisure 2013
MGIS Capstone Walking for Leisure 2013
 
Autoestimacesun 2012
Autoestimacesun 2012Autoestimacesun 2012
Autoestimacesun 2012
 
Calendario septiembre 2015
Calendario septiembre 2015Calendario septiembre 2015
Calendario septiembre 2015
 
Week 2
Week 2Week 2
Week 2
 
AN ASSESSMENT OF HAUSA
AN ASSESSMENT OF HAUSAAN ASSESSMENT OF HAUSA
AN ASSESSMENT OF HAUSA
 
Vanishing pointS IN PHOTOGRAPHY
Vanishing pointS IN PHOTOGRAPHYVanishing pointS IN PHOTOGRAPHY
Vanishing pointS IN PHOTOGRAPHY
 
W 11
W 11W 11
W 11
 
Year 11 mock exam
Year 11 mock exam Year 11 mock exam
Year 11 mock exam
 
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing NeedsVera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
Vera Bradley Chooses Paymetric to Automate Their Payment Processing Needs
 
Modelo informe residencia_paralizacion_obra
Modelo informe residencia_paralizacion_obraModelo informe residencia_paralizacion_obra
Modelo informe residencia_paralizacion_obra
 

Similar to DataSecurityTechnicalOverview

SoftLayer & Ingram Micro: A Winning Combination for Partners
SoftLayer & Ingram Micro: A Winning Combination for PartnersSoftLayer & Ingram Micro: A Winning Combination for Partners
SoftLayer & Ingram Micro: A Winning Combination for Partners
Ingram Micro Cloud
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Sara electronics presentation
Sara electronics presentationSara electronics presentation
Sara electronics presentation
Maxpromotion
 
Sara electronics presentation 1
Sara electronics presentation 1Sara electronics presentation 1
Sara electronics presentation 1
Maxpromotion
 
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Symantec
 

Similar to DataSecurityTechnicalOverview (20)

Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
 
PCI Virtual Terminals - The Easy Way
PCI Virtual Terminals - The Easy WayPCI Virtual Terminals - The Easy Way
PCI Virtual Terminals - The Easy Way
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
 
Cisco umbrella youtube
Cisco umbrella youtubeCisco umbrella youtube
Cisco umbrella youtube
 
SoftLayer & Ingram Micro: A Winning Combination for Partners
SoftLayer & Ingram Micro: A Winning Combination for PartnersSoftLayer & Ingram Micro: A Winning Combination for Partners
SoftLayer & Ingram Micro: A Winning Combination for Partners
 
Comodo one | Patch Management Software
Comodo one | Patch Management SoftwareComodo one | Patch Management Software
Comodo one | Patch Management Software
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Sara electronics presentation
Sara electronics presentationSara electronics presentation
Sara electronics presentation
 
Sara electronics presentation 1
Sara electronics presentation 1Sara electronics presentation 1
Sara electronics presentation 1
 
PMM database open source monitoring solution
PMM database open source monitoring solutionPMM database open source monitoring solution
PMM database open source monitoring solution
 
IBM Informix on cloud webcast August 2017
IBM Informix on cloud webcast August 2017IBM Informix on cloud webcast August 2017
IBM Informix on cloud webcast August 2017
 
Pros and Cons of Cloud-Based and On-Premise CMMS Software
Pros and Cons of Cloud-Based and On-Premise CMMS SoftwarePros and Cons of Cloud-Based and On-Premise CMMS Software
Pros and Cons of Cloud-Based and On-Premise CMMS Software
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
 
b_siem_deployment.pdf
b_siem_deployment.pdfb_siem_deployment.pdf
b_siem_deployment.pdf
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges
 
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
Best Practices for Running Symantec Endpoint Protection 12.1 on Microsoft Azure
 
Why Security-Grade Servers and Storage?
Why Security-Grade Servers and Storage?Why Security-Grade Servers and Storage?
Why Security-Grade Servers and Storage?
 
Security Grade Servers and Storage - Quantifying Value
Security Grade Servers and Storage - Quantifying ValueSecurity Grade Servers and Storage - Quantifying Value
Security Grade Servers and Storage - Quantifying Value
 
DevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran RoshanDevFest | Presentation | Final - Imran Roshan
DevFest | Presentation | Final - Imran Roshan
 

DataSecurityTechnicalOverview

  • 2. 2 Table of Contents Introduction……………………………………………………..………………….........……....Page Operational Overview Prism Video Processing…………………………………………………………..Page On-camera connection…………………………………………………………...Page Server-based connection……………………………………………………….Page Set up Operations and Requirements………………………………..Page Cloud Connection Bandwidth, Ports & Data Transmission…………………………......Page Authentication………………………………………………………………….......….Page Data Storage & Security..………..……………………………………….........Page User Access and Data Ownership…………………………………….…Page Prism on Privacy…………………………………………….....………………………..........Page Frequently Asked Questions………………………………………………….……...Page 3 4 4 4 4 5 5 6 6 6 7
  • 3. Welcome to Prism Prism transforms any video camera into a visual merchandising, auditing, and business intelligence tool by generating aggregate data from video and securely transmitting this data to our cloud-based platform. Users can view and analyze the data to better understand, manage, and optimize their real-world stores. Prism uses an encrypted, low-bandwidth connection to continuously transmit real-time data where it’s securely stored in the Prism cloud. Customers have full access to and control over their data including privacy configuration and permissions for an unlimited number of users in their account. Data Security & Technical Overview Scalable Video Processing Video is processed on Prism enabled cameras or local server. Layers of images and metadata are extracted and pushed to the Prism cloud through an encrypted, low-bandwidth, real-time stream. Secure Cloud Storage All data and visualizations are securely stored in the Prism cloud. Prism uses Amazon Web Services to handle data storage with Identify and Access Management (IAM). Unlimited User Access Insights generated by Prism can be accessed by an unlimited number of approved users in a single account. Customers own all of the data provided to and generated from Prism.
  • 4. 4 Prism Video Processing Prism processes video locally by extracting layers of images and metadata to create visualizations and analytic outputs. At each instance, (i.e., at each store/ camera) a low-bandwidth, real-time stream of images and data is securely pushed to the Prism Cloud. An unlimited number of approved users can log in to the Prism application in a single account to access and customize in-store visualizations, create data trend reports, and view analytics for each connection. —— These visualizations and reports can include images of stores and merchandise, occupancy data, pathmaps and heatmaps indicating activity hotspots while removing people from the foreground —— Unlimited approved users can simultaneously access insights from their mobile device or laptop without requiring individual connections to the local store’s network. —— Unlimited end-user access is included in Prism’s standard service. —— Prism also works with analog cameras, with the addition of an IP video encoder from which Prism can extract video Deploying Prism in-store is accomplished by: 1. On-camera connection to video When running on a camera, Prism collects and processes video frames as a separate function without disrupting the normal operation of the camera. Prism runs as an embedded software in enabled cameras using internal APIs to collect and process video frames. The only requirement: the enabled camera must be connected to a local network that enables an outbound internet connection. 2. Server-based connection to video Prism can be installed in an existing camera using a local server to collect a separate video feed from the camera or VMS system. Prism layers on to existing (or new) in-store video infrastructure to process visual data jointly without disrupting the camera’s normal operation. Set-up Operations and Requirements The Prism platform collects and processes video sources and securely sends data to the cloud. Each installation of the application (either in camera or on a server) establishes an authenticated, encrypted connection with the Prism cloud service that is uniquely associated with the customer’s account. During the installation process, the user is asked to provide administrator level credentials in the form of a user login or a token. This enables proper authentication of any instance to the customer account.
  • 5. 5 To connect a Prism-enabled device, —— The store must have local Internet connection —— The Prism-enabled device must have access to the store’s local Internet in order to establish an outbound connection to the Prism cloud For server-based connection, —— The server running Prism must be on the same subnet as the video sources in order to discover cameras and establish a connection —— Prism’s platform can interface with IP cameras and analogue cameras connected to encoders —— IP cameras can be communicated with directly (i.e., no requirement to connect to video via an installed VMS) During the initial system connection, Prism sends a single image from each video source to the cloud application. The users can then identify and label the source. Once it’s identified, the video source can be enabled. Prism can be configured to scan the network continuously for changes to available video sources or to only scan upon request. Once a connection to the Prism platform is established, the administrator account credentials are exchanged for a temporary install-specific unique token. For security reasons, the user credentials are temporary, and used only for the initial verification. Cloud Connection: Bandwidth, Ports & Data Transmission —— Prism uses HTTPS protocols to establish a connection to the Prism platform —— Prism uses port 443 to establish an encrypted outbound connection to iapi.prismsl.net —— If no connection can be made, Prism will attempt a re-connection every minute (images and data will continue to buffer until connection is successful to avoid any data loss). —— Prism’s average upload bandwidth requirement ranges between 20 - 50 kbps per camera, which is dependent on the data and image outputs configured Authentication Access to Prism data is authenticated using strict security at each step of the service. —— User passwords are sent encrypted and stored indirectly, using PBKDF2 hash
  • 6. 6 —— Cross-site scripting (XSS) and request forgery (CSRF) are handled at the application level using standard libraries —— All access is continually logged and audited on a per-request basis Data Storage Prism uses Amazon Web Services to handle data storage with Identify and Access Management (IAM), an industry-leading secure cloud storage. —— The IAM system manages what Prism does in the cloud (using EC2) and how we store our data (S3) —— IAM uses multi-factor authentication and limits network access by port and IP address on a per-machine-type basis User Access Controls and Data Ownership Prism customers own all data they provide for processing by Prism and all data generated by the processing. The customer remains in control of the information sent to the cloud and what data is available to the end users. Specifically, the customer has ultimate control over: —— What data (video, cameras) is processed locally by Prism —— What data (privacy or non-privacy enabled) leaves the store —— Who has access to certain data Additionally: —— No customer data is public —— Customer created user accounts and access privileges can be adjusted and controlled for specific sites, cameras and data types —— Data anonymity is user controlled and all aggregate analytics are anonymous —— Prism users control what data is outbound (sent to the cloud) —— All user logins and passwords are protected Prism on Privacy Privacy is a core pillar of Prism’s corporate policy and services. Prism uses video cameras as visual sensors to collect data - not as video cameras in the traditional sense, where they stream, monitor, and store full frame rate video. In order to protect the privacy of individuals, regional and national governments are putting into place laws, requirements, and audits to regulate video surveillance systems. While these regulations do not apply to Prism, as
  • 7. 7 our solution is not a CCTV or video surveillance system, Prism understands and respects the value of data privacy that these regulations are made to protect. Prism was designed with privacy protection as a foundational feature of the overall technology since its inception. Therefore: —— Prism can be configured to refrain from storing video data ­— Our platform processes camera output in real-time to generate aggregate, de-identified data. None of the raw video input is stored, ensuring that it is impossible to save, monitor or retrieve people or faces —— Prism masks identifiable information from the output imagery — Prism’s visual output is privacy protected and contains no identifiable information. — Prism can be configured to remove foreground images (people, faces, and other identifiers and generate aggregate data models of activity over background images. —— No images are capable of being reconstructed to create identifiable data. This functionality ensures that Prism data is not “privacy data” as defined by various regional and country regulations —— Simply put, Prism can eliminate the monitoring and surveillance of people in every way. To understand more about Prism’s position on privacy, see our full Privacy Policy at www.prism.com/privacy. Frequently asked questions What cameras are currently configured to support Prism internally? Does this remove the need for a server in my store? —— Currently Prism is enabled on-camera for certain models from Axis and ISD. Visit our website for the latest list of manufacturers. —— With Prism running on camera, there is no need for any additional hardware or server in your store. For server-based solutions, how does Prism connect to video? —— Prism uses RTSP and HTTP protocols to collect a secondary stream of video without disrupting your existing VMS or normal camera operation. Does Prism resell customer data? —— Privacy is a core pillar of Prism’s service policy. We do not re-sell customer data at anytime.
  • 8. 8 Does Prism store data locally? —— With the exception of temporary buffers to ensure data is transmitted to the cloud, Prism can be configured to not store data, including video, locally. What data can Prism see? —— Authorized employees can view customer data in order to understand how users are interacting with the platform and to troubleshoot customer issues. This access can be restricted by the customer at anytime. What cameras are compatible with Prism’s server-based solution? —— Prism works with a variety of cameras - see the full list in Appendix B or refer to our website for hardware specifications. We recommend customers use cameras with a minimum resolution of 720p. What bandwidth does Prism use? —— Prism’s average upload bandwidth ranges between ~ 20 to 50 kbps per camera. What ports do Prism use? —— Prism uses port 443 for secure, SSL encrypted transmission of data between all instances of communication between the platform and the Prism cloud service. How long is data stored? —— Prism stores imagery and analytic data for one year as part of our standard service. Can I export the data? —— Yes. The application provides tools for downloading specific data sets as a CSV formatted file. Prism also provides a REST API for secure programmatic access to your data. Reach out to support@prism.com for more information on the API. Who owns the data? —— The customer owns all data entered and generated through Prism.