By Gijs van den Heuvel, Senior Technology Partner Manager, IQSIGHT
The shift to cloud-based streaming and recording for video surveillance as a service (VSaaS) brings tangible commercial and operational advantages to the physical security industry. For customers, cloud recording fundamentally changes how surveillance systems are accessed, scaled, and monetized.
Cloud connectivity enables secure remote access to live and recorded video from anywhere, reducing dependence on local infrastructure and supporting centralized management across distributed sites. Additionally, cloud storage introduces elastic scalability, allowing organizations to expand or contract storage capacity on demand rather than over‑provisioning on‑premise hardware. Cloud-based recording also enables cost optimization by selectively recording only video that is of interest—such as events, alarms, or analytics-triggered footage— instead of continuously storing every stream.
Despite these clear benefits, today’s approach to cloud connectivity presents a paradox. While VSaaS promises openness and flexibility, the ecosystem—so far—remains fragmented. Connecting a surveillance device to an external cloud service typically depends on proprietary, vendor-specific integrations. One manufacturer defines the device‑to‑cloud connection differently from the next, with unique protocols, data models, and control mechanisms. This lack of standardization limits customer choice, slows innovation, and increases integration complexity—ultimately preventing organizations from fully realizing the commercial benefits that cloud-based video surveillance is intended to deliver.
The Interoperability Gap in Today’s Cloud Landscape
In the current model, connecting a surveillance device to a cloud service typically requires vendor-specific integrations. A camera from one manufacturer may reach the cloud in a completely different way than a camera from another. This lack of standardization adds significant complexity as it locks customers into single-vendor ecosystems, slows industry innovation, and raises deployment and maintenance costs for integrators and end customers.
ONVIF has already demonstrated the power of open standards in the on-premise world, where interoperability between devices and systems became the norm through profiles such as Profile T. The challenge now is to extend this success into a cloud-native future.
The Necessity of Flipping the Architectural Model
The core issue with current proprietary cloud integration approaches is the reliance on legacy architecture. Traditional ONVIF profiles assume the client initiates the connection by reaching into the device. Cloud connectivity often requires complex network configurations—such as opening inbound ports—to bypass firewalls and security restrictions. In modern IT environments, these requirements are increasingly unacceptable. To address this, the ONVIF cloud standardization effort flips the architectural model. Instead of the cloud reaching into the device, the device initiates a secure outbound connection to the cloud. This shift dramatically reduces network complexity, improves security, and aligns with how modern cloud services are designed to operate.
Establishing the Uplink: The Foundation of Cloud Interoperability
At the heart of this new approach is the standardization of the uplink channel—a secure, bidirectional communication path between the device and a cloud-based service.
This “reverse tunnel” enables the cloud to configure, manage, and interact with the device without requiring custom network workarounds. Without a standardized uplink, cloud services cannot reliably access device functionality or deliver consistent experiences across different manufacturers.
By defining this mechanism, ONVIF lays out the groundwork for seamless, vendor-neutral device-to-cloud communication.
Mandating Cloud-Native Performance and Efficiency
True cloud interoperability must go beyond connectivity alone. To be commercially viable at scale, standardized cloud integrations must also be efficient, resilient, and cloud‑native by design.
Low‑latency live streaming is addressed through the adoption of WebRTC transport, replacing traditional RTSP used in on‑premise environments. WebRTC is a proven technology widely deployed in modern applications such as Microsoft Teams, WhatsApp, and browser‑based collaboration tools. Its inclusion enables low‑latency live video that can be rendered directly in cloud clients without proprietary players.
Efficient cloud recording requires a fundamental shift away from continuous streaming models. Instead, processing is moved to the edge, where the device generates MP4 or CMAF fragments and pushes them directly into cloud object storage such as Amazon S3 or Azure Blob Storage. This approach dramatically reduces cloud processing costs and enables robust failover behavior by recording to the edge device. If connectivity is temporarily interrupted, the device with fail-over recording can resume or restart file uploads—something that is not possible with continuous streaming, where loss of a keyframe can halt recording entirely.
Authenticity as a Non-negotiable Foundation
When devices connect directly to cloud services over the public internet, robust authentication becomes non-negotiable. Legacy mechanisms such as digest authentication are insufficient for modern cloud deployments.
Cloud-related specification work at ONVIF intends to replace these methods with widely adopted, enterprise-grade frameworks such as OAuth 2.0. This ensures mutual authentication between devices and cloud services, establishing trust before any functionality or data exchange occurs—consistent with best practices across the broader cloud ecosystem.
The Outcome: Interoperability, Choice and Scale
Standardizing device-to-cloud connectivity eliminates network overhead, mandates cloud-native security and delivers cost-efficient streaming and recording.
For customers and system integrators, this means greater freedom of choice. Cameras can be added to cloud-based systems without requiring on-premises servers or vendor-specific integrations. Existing ONVIF capabilities—such as Media2 APIs and standard PTZ controls—are preserved and extended into the cloud through a unified transport mechanism.
A New Era of Cloud-Native Interoperability
ONVIF is currently defining the technical blueprint that will underpin this transformation—detailing features, configurations, capabilities, and operational nuances that together form a comprehensive cloud interoperability specification.
This work represents a critical step toward eliminating vendor lock-in and enabling an open, scalable future for physical security. As these standards take shape, the industry has an opportunity to prepare and actively participate in a new era where cloud-native interoperability becomes the norm rather than the exception.
Be sure to follow us on LinkedIn and subscribe to our newsletter to receive the latest news on our cloud profile!
