Cloud storage and the fear of being hacked. 6 possible system threats

Cloud storage and the fear of being hacked. 6 possible system threats

Penn State University experts have shown empirically that the lion’s share of human fears never come true. The study results have shown that 91.4% of pessimistic predictions did not come true among the experiment participants. Accordingly, we can conclude that the probability with which fears come true is 8.6%.

Despite its apparent vulnerability, video surveillance cloud storage is a reliable way of data storage. Let’s talk about the TOP-6 most popular fears and threats in this area, as well as data protection methods.

What is cloud storage of a video archive?

The online storage model where data is sent to numerous distributed in the operator’s network servers is cloud-based.

Cloud data storage used in video surveillance is simple, convenient and economical. Today, cloud-based remote access and control technology is the leading and most advanced one.

What you need to create a security system with cloud storage:

  • IP video equipment or an ordinary smartphone with Internet access;
  • an agreement with a provider;
  • choice of a tariff plan. For example, if you choose the “Basic” tariff from Faceter, you will get the cloud for free (up to 24 hours of storage in SD quality).

IMPORTANT: the cloud storage service automatically updates the system (without user intervention), taking cybersecurity care. Also, the provider bears the entire burden of legal responsibility for the safety and nondisclosure of data.

What are the concerns of users? Real statistics

33% of the global business community representatives and 26% of Russian companies are concerned about possible cyberattacks on cloud storage.

Research conducted by Kaspersky Lab among IT specialists from 29 countries (including 772 people from the Russian Federation) confirmed that the human factor causes 90% of data leaks from the cloud, and the provider causes only 11% of incidents.

Six possible threats and recommendations for protection

To properly balance the benefits against the threats and distinguish between the reality and the ephemerality of possible hazards, let’s conduct a comprehensive analysis.

Privacy issues

Attack aim Reasons Control measures
Capture / steal data Purposeful action Least privilege principle
View Human factor Monitoring logging
Publication Technical vulnerability The reliable rapid response mechanism
Deleting Lack of security measures Additional data encryption

Invalid client settings

According to analyst Neil MacDonald (Vice President, Fellow and Distinguished Analyst at Gartner Research), almost all successful cyberattacks on cloud services are carried out with the easy submission of incorrect client settings.

Attack aim Reasons Control measures
Capture / steal data Invalid configuration parameters A detailed description of the infrastructure life cycle in instructions and logs
View Inadequate control Proactive service management
Publication Insufficient protection of backups


Additional data encryption
Deleting Open network space connected to the network  

Lack of security strategy. Lack of security architecture

Attack aim Reasons Control measures
Capture / steal data Lack of benchmarks and strategies Implementation of security architecture according to the objectives
View Lack of documentation Providing continuous visibility of the actual state of security
Publication Lack of balance between innovation and control Constant system update

Insufficient identification procedures, separation of rights and access control

Attack aim Reasons Control measures
Capture / steal data Insufficient data protection Using temporary credentials instead of long-term keys
View Lack of automatic rotation of keys, passwords and certificates Periodic key change
Publication Lack of regularity of automatic rotation Removing unused keys
Observation Lack of secure access control systems. Setting up multi-factor authentication
Deleting Avoiding strong passwords Regular key rotation
Obtaining control and management privileges Opt-out of multi-factor authentication  
Virus injection    

Accounts hacking and stealing 

Attack aim Reasons Control measures
Capture / steal data Insufficient protection of control and access data Making backups
View Lack of in-depth protection of the client cabinet Introduce a reliable method of users authentication
Publication Avoid logging activity monitoring


Separation of administrative functions
Observation Lack of protection against phishing and exploitation of stolen information Restriction of IP addresses for access
Deleting Target attack  
Obtaining control and management privileges    
Virus injection    
Accounts selling    

Internal threats

Attack aim Reasons Control measures
Capture / steal data Insufficient data protection Implementation of a strict identity and access policy
View The human factor, including pressure, threats, coercion Limiting privileges
Publication   Prophylaxis
Observation   Staff training
Deleting Creating a safe work environment
Obtaining control and management privileges   Keeping journals
Virus injection    


Are the fears worth attention?

As you can see from the tables, there are many protection measures for each type of threat.

In an interview with “Izvestia”, Evgeny Kaspersky said that modern hackers could carry out previously “tough” attacks even for state security agencies. At the same time, the level of protection of the cloud space is also constantly evolving. Therefore, hacking a cloud, despite its apparent insecurity, is a complex undertaking.

And compared to the degree of protection of video materials on local devices (recorders and external devices), the cloud is the safest way to store data. At least in favour of the cloud is the fact that it is impossible to exert a negative physical effect on the server as on a video recorder (steal, break, destroy).


Users are concerned about the integrity and reliability of external cloud platforms. However, the video archive’s cloud storage is protected on maximum from the influence of unauthorized persons and the users themselves. An additional plus is the automatic update of security systems and the absence of legal responsibility for information storage and confidentiality.

Александр Вебер

Alexander Weber

Specialist in video surveillance, video analytics, cloud storage systems. Consultant on the integration of video surveillance systems and tools in various business sectors. Over 10 years of industry experience.

See also