The Journey to Zero Trust: Best Practices to Achieve Consensus at Your Organization

June 8, 2021

Hikvision HikWire blog article Zero Trust: Best Practices to Achieve Consensus at Your Organization

The Journey to Zero Trust: Best Practices to Achieve Consensus at Your Organization


In today’s digital world, organizations are experiencing unprecedented levels of cyber risk. In May, we released a white paper “Securing a New Digital World with Zero Trust: How Zero Trust Cybersecurity is Transforming the IoT (internet of things) Industry.” We outlined how to take steps to safeguard your data, assets, users, and IoT from malicious hackers through the Zero Trust framework, which regards all network activity as potentially harmful until proven otherwise. Now that we’ve discussed the technical side, let’s take a look at best practices for aligning with organizational leadership on the Zero Trust journey.

Given the advantages of Zero Trust to reducing cyber risk by establishing robust safeguards, protocols and security practices that stop malicious actors from gaining traction, one might think it easier to get enterprises aligned with the perimeter-less model. Yet many have not yet begun the journey. A 2020 study by Okta found about 60% of organizations in North America, and only 40% globally, are working on Zero Trust projects. In this blog, we’ll discuss strategies for promoting Zero Trust as a key cybersecurity framework to the decision makers within your organizations.

Advocating for Zero Trust to Leadership in Your Organization

Zero Trust typically requires buy-in from many levels and departments, often from IT, management, and operations. To secure the endorsement from IT and business decision makers to undergo the Zero Trust journey, consider each department’s own goals and needs and speak their language: some business functions may be more interested in reducing cyber risk exposure, while others may be concerned with introducing friction to how users go about their work - or simply may have concerns with changing the status quo. Implementing Zero Trust can seem like a complex business sale, in that evangelizing for the cybersecurity framework can require making a personalized case to all involved stakeholders (management, IT, operations) to secure their sign-off.

Some leaders respond to different business cases for Zero Trust. You can make the case for Zero Trust’s ability to achieve stronger compliance, particularly if you work with customers or partners with enhanced regulatory safeguards or needs. Separately, you can highlight the benefits of scalability, with some Zero Trust architectures enabling you to scale applications and cloud access with a lower investment than traditional security measures that are less effective. Finally, the reduced risk exposure to cyber threats is a clear incentive. Use data and facts to make your case for mitigating risk. It can also help to bring in expert third-party counsel to advise your organization on best practices and make the case for Zero Trust. If you go this route, ensure that your outside partners have strong familiarity with your industry and can speak the business language of your leadership.

Understanding the Practicalities of Zero Trust Implementation

Organizations should also understand how cybersecurity implementations will affect the end user. How will measures like multi-factor authentication, password security practices and new security solutions impact users’ ability to access data and handle their day job? If the security practices are considered too overbearing, there can be a risk of users finding ways to sidestep or ignore certain security practices, such as sharing logins or moving sensitive data offline. These factors should be considered at the outset, and it can help to have informal conversations with internal stakeholders before launching new vendor systems and cyber solutions. Further, identifying these roadblocks early can help enable realistic conversations with management, operations, and IT on how Zero Trust practices will work.

On the journey to implementing Zero Trust, it’s best to be proactive and consider your organization’s needs for both securing assets and data as well as how end users will respond to new security protocols. If there’s a concern that users will not respond well to security changes that inconvenience them, consider strategies to address this through better communication.  One solution is simply to educate staff and end users on how security practices will benefit them, particularly if they are inconvenienced by more restricted access, new security protocols like automatic sign-out and lock-outs, and greater two-factor authentication requirements. By educating users on how Zero Trust protocols will safeguard them and the organization, you can increase the likelihood that they will adhere to security protocols.

Building Zero Trust as a Commercial Differentiator

Increasingly, customers are more loyal to companies with strong cybersecurity. Partners are more likely to trust organizations that prioritize cybersecurity best practices. Investors view cybersecurity best practices as non-negotiable. Yet for most customers, there’s a significant gap between expectations and reality. In a 2020 study, 70% of consumers across North America, the United Kingdom, France, and Germany believe businesses aren’t doing enough to secure their personal data. The same study found that 59% of consumers would be likely to avoid conducting business with an organization that experienced a cyberattack in the last 12 months.

Organizations that prioritize cybersecurity are better equipped to do business. While reducing exposure to cyber breaches is typically the most important objective, companies with stronger cybersecurity posture can also enjoy commercial benefits in the form of stronger customer loyalty and more trusted partnerships and stakeholder relationships. When evangelizing on Zero Trust internally, consider pointing to the commercial benefits of cybersecurity best practices for your enterprise’s growth prospects and ability to create long-term value for customers and shareholders.

Achieving Zero Trust is a journey, and it often requires achieving stakeholder buy-in from many different functions within your organization. To do this, be sure to highlight the business benefits alongside the reduction in cyber risk exposure.

Learn more about Zero Trust in our white paper, available here: “Securing a New Digital World with Zero Trust.”

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

View the most updated version of this document here:


The I-series NVR (such as the DS-7716NI-I4) is one of Hikvision's most popular and feature-rich recorders. As such, many firmware revisions have been introduced over the years to continually ensure the product is compatible with the newest technology available. Due to the many revisions, we recommend that the user closely follows the instructions below in order to reduce the amount of time spent as well as the chance of failure.


Database Optimization and Repair

As more affordable IP cameras are introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.


After upgrading to v4.X, the recorder database will need to be converted and optimized. If you are experiencing issues where playback is expected but not found, make sure "Database Repair" is performed as indicated in the procedures and scenarios below.


Preparing the Upgrade

Before proceeding with upgrade, it is recommended that NVR configuration file is exported from the NVR over the network or on to a local USB drive.


Upgrading from v3.4.92 build 170518 or Older

  1. All recorders must reach v3.4.92 before proceeding further. Upgrading from versions before v3.4.92 directly to any version of v4.X will likely cause the recorder to fail.
  2. If the recorder is already at v3.4.92, a full factory default is highly recommended before upgrading to any version of v4.X. There is a high chance of unit failure (requiring RMA) if the unit is not defaulted before upgrade.
  3. After reaching v3.4.92 and performing a full factory default, an upgrade directly to v4.50.00 is acceptable.
  4. After the upgrade is completed and the recorder is reprogrammed, it may be beneficial to perform a Database Repair. For details, refer to the section "Database Optimization and Repair" above.
  5. To verify repair progress, you may refer to the HDD status, or search the recorder log for repair started and stopped entries. Note that while the HDD is repairing, new recordings are still being made, but some existing recordings may not be searchable until repair is complete.
  6. If you continue to observe playback issues after database repair, ensure there are no power, network, or motion detection issues. Should the problem persist, contact technical support.


Upgrading from Any v4.X Build to v4.50.00.

  1. Any v4.X build can be upgraded directly to v4.50.00.
  2. Export configuration is highly recommended before performing the upgrade.
  3. If upgrading from any v4.X version that was not v4.22.005, a Database Repair is recommended. Refer to Step 4 and onwards in the previous section.



Downgrading is not recommended. Due to new features and parameters constantly being added, downgrading may cause the NVR to factory default itself or require a manual default to operate properly.

View the most updated version of this document here:
K-Series DVR upgrade instruction
The Turbo 4 Hybrid DVR K series has multiple models and across different platform and chipset. It also has similar firmware development of other recording product line; DVR K series has also introduced the GUI4.0 to ensure the series to be compatible to the newest technology available. The new database architecture is also brought into the DVR firmware v4.0 to be future proof and for better recording search experience. 

Database Optimization and Repair

As more affordable cameras introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.
After upgrading to v4.X, the recorder database will need to be converted and optimize. If you are experiencing issues, where playback is expected but not found, please make sure to perform "Database Rebuild" as indicated in the procedures and scenarios below.

Preparing the Upgrade

Before proceeding with upgrade, it is recommend exporting DVR configuration file from the DVR over the network or on to a local USB drive.


Action after firmware upgraded 

1. Upgrade the DVR according to the chart above. 

2. Reconfirming Channel's Recording Schedule 

    - Confirm channel's recording schedule is enable. 

    - Check if the channel is on correct recording schedule.

3. Double Check Storage Setting

    - Make sure all channel are assigned to record on its HDD group when the Storage setting is under Group Mode. 

4. Perform Database Rebuild locally. 

    • Some version above support Database Rebuild via web access - K51 and K72

    • Perform Database Rebuild regardless if system is having any database issue symptom. 

    • Database Rebuild process is average ~30 to 60min per TB. The process may still varies depends recording data.

    • After Database Rebuild - Check log to confirm Database Rebuild has went thru properly. 

    • If Database Rebuild Started and Stopped log has been log only within few minutes. Database rebuild may not has been completed properly. It is strongly recommend performing the Database Rebuild again.

    • To check log > System > Log > Information > Database Rebuild Started and Stopped.

    • If the log option is not available - access system via SSH can also obtain similar result.

5. Recording Data is still missing after database rebuild process. 

If the data has not been recorded or has been overwritten, Database rebuild process is not able retrieve those lost data. Have the system upgraded to the latest available firmware version above to prevent any future data lost is strongly recommended for all application.





By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).