Thousands of the world’s leading businesses trust Cloudvue for smart and secure video surveillance and access control.
We invented cloud video surveillance in 1999 and we have been continuously innovating ever since. This gives Cloudvue a proven track-record for reliability. Today, Cloudvue is trusted all over the world to simplify surveillance, streamline access control, and provide powerful intelligence that improves security operations and helps with organizational efficiency.
Privacy and cybersecurity are not just features – it is the core of who we are.
We believe that expert-driven cybersecurity designs provide the forethought required to reduce cybersecurity risk. With this philosophy in mind, Johnson Controls has invested in establishing a centralized dedicated Global Product Security team that is focused on managing cyber security practices and is dedicated to enforce compliance. Having engineering teams trained in cybersecurity ensures Johnson Controls develops products with a cybersecurity-first approach.
Security Requirements
The product lifecycle begins with design requirements. Our baseline requirement address 14 core threat categories including authentication, access control, session management, data protection and malicious input handling. These requirements were derived from established cybersecurity standards. Some examples of these standards include, OWASP, NIST SP 800-53r5, ISA/IEC 62442 (Sections 3-3, 4-1 and 4-2) and the Department of Defense Unified Facilities Criteria, UFC 4-010-06.
Security Design and Development
Security champions and architects are assigned to each product being developed. These champions and architects assist with the security designs and lead the threat modeling process. All third-party suppliers must undergo a cybersecurity validation process before any components they provide can be used in any of our products. Code reviews are conducted throughout the development process, so that security issues are resolved as early as possible.
Testing
A cybersecurity test plan is established to meet each product’s function and intended environments. Test plans often incorporate source code assessments, vulnerability scans, fuzz testing and penetration testing. Multiple tools are often utilized to reduce risk. Third party penetration is conducted as required. Cybersecurity certifications and approvals provide specific security assurance.
Rapid Response
Our dedicated rapid response cybersecurity team quickly assesses new threats and vulnerabilities. They advise our developers and customers on how to reduce cybersecurity exposure and risk. Since protecting against cyber threats is a shared responsibility, we engage in market facing programs to provide customer engagement, education, and thought leadership to help our customers achieve success in their mission of a more secure system.
ISA Secure
Johnson Controls is a strategic voting member of ISA Secure Compliance Institute. Conformity assessments to ISA/IEC 62443
GCA
Johnson Controls is a founding member of the International Society of Automation’s Global Security Alliance (GCA)
FIRST
Full member of the Forum of Incident
Response and Security Teams (FIRST)
MITRE
CVE Numbering authority
OWASP
Contributing member of OWASP
JCI Cyber Solutions
Visit our cyber solutions website
Cybersecurity Brief
Sleep well at night. We have 20 years of proven reliability with cloud-based surveillance technology. Cloudvue solutions operate worldwide every day and have been delivering versatile and scalable security services for customers from retail, manufacturing and finance to hospitals, restaurants and smart cities since 1999. To learn more about Cloudvue cybersecurity, complete this quick and easy form to download our security brief.