- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there, Mark here.
Background and disclaimer: I currently work on GDPR regulation for my clients.
With all the recent data breaches and misuses of private information, I would need to know how Arlo/Netgear ensures that video footage stored in the cloud (likely Amazon S3 - US zone) is not improperly accessed by either support staff or third parties. That question can be extended to all the data (metadata) also stored in the magical "cloud".
I just learned that foreign governments groomed Twitter employees to spy on citizens abroad ... and attempt to kidnap/jail them later on (this is not fake news). If you remember, a couple years ago, a Google engineer was fired for stalking users conversations on Hangouts/Chats and later on stalking them *physically*. Just a couple months ago GoDaddy leaked large amounts of private, sensitive data due to poor Amazon S3 bucket configuration... and I could go on for hours like this 🙂
So my point is, beyond encrypting data in transit with good old SSL like any other decent service out there, how do you guys prevent data from being accessed by someone ELSE than the user/account owner?
I'm more specifically looking at protection of videos at rest, privileged/temporary access management, encryption key management, auditing, etc. What makes you different than others?
I believe Arlo/Netgear, having already a vast experience on the security subject as a company, should have something pertinent to say... since we're looking at security systems here 🙂
Thanks!
- Related Labels:
-
Service and Storage
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi James,
Thanks for your quick reply! I reviewed this document (legalese is not easy to digest for most people!) and also reviewed your updated privacy policy, but everything sounds very vague. I dont understand how you protect our data. In fact the 2 documents look more like a declaration of intent than a description of the security controls in place to actually prevent misuses and abuses of your products containing private, sensitive information.
Paragraph 9 states "We maintain administrative, technical and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession."
This is a typical boilerplate legal clause, and pretty much every major (bigger) company that has suffered a serious breach had the same. So I think the question remains unanswered: in simple technical terms, how do you ensure that the same admin privilege abuse that happened at Twitter or Google in the past does not happen with our sensitive footage? How do you make sure that when you get breached footage of your customers cannot be accessed?
We agree that protecting account passwords is nowhere near the state of the art of security 🙂 Since Arlo is marketed as a security system I would like to understand how it is secure.
Maybe you periodically execute third party security verifications (penetration tests, vulnerability scans)? Maybe you have implemented an industry-standard security framework such as ISO 27001?
I'm sure you already have controls in place, but current documentation fails to describe it, so we're ... in the dark. Not great for a security solution.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarkLeSage42,
If you'd like more information on this, please reach out here for more info: privacy.policy@arlo.com
JamesC
-
Apple HomeKit
1 -
Arlo Mobile App
372 -
Arlo Pro
27 -
Arlo Pro 2
1 -
Arlo Pro 3
2 -
Arlo Secure
1 -
Arlo Smart
89 -
Arlo Ultra
1 -
Arlo Web and Mobile Apps
6 -
Arlo Wire-Free
10 -
Before You Buy
1,189 -
Discovery
1 -
Features
207 -
Firmware
1 -
Firmware Release Notes
119 -
Hardware
2 -
IFTTT
1 -
IFTTT (If This Then That)
48 -
Installation
1,402 -
Installation & Upgrade
1 -
Online and Mobile Apps
1,266 -
Partner Integrations
1 -
Security
1 -
Service and Storage
563 -
Smart Subscription
1 -
SmartThings
39 -
Software & Apps
1 -
Troubleshooting
7,196 -
Videos
1
- « Previous
- Next »