Cloud storage and the fear of being hacked. 6 possible system threats
Cloud storage and the fear of being hacked. 6 possible system threats
Penn State University experts have shown empirically that the lion’s share of human fears never come true. The study results have shown that 91.4% of pessimistic predictions did not come true among the experiment participants. Accordingly, we can conclude that the probability with which fears come true is 8.6%.
Despite its apparent vulnerability, video surveillance cloud storage is a reliable way of data storage. Let’s talk about the TOP-6 most popular fears and threats in this area, as well as data protection methods.
What is cloud storage of a video archive?
The online storage model where data is sent to numerous distributed in the operator’s network servers is cloud-based.
Cloud data storage used in video surveillance is simple, convenient and economical. Today, cloud-based remote access and control technology is the leading and most advanced one.
What you need to create a security system with cloud storage:
- IP video equipment or an ordinary smartphone with Internet access;
- an agreement with a provider;
- choice of a tariff plan. For example, if you choose the “Basic” tariff from Faceter, you will get the cloud for free (up to 24 hours of storage in SD quality).
IMPORTANT: the cloud storage service automatically updates the system (without user intervention), taking cybersecurity care. Also, the provider bears the entire burden of legal responsibility for the safety and nondisclosure of data.
What are the concerns of users? Real statistics
33% of the global business community representatives and 26% of Russian companies are concerned about possible cyberattacks on cloud storage.
Research conducted by Kaspersky Lab among IT specialists from 29 countries (including 772 people from the Russian Federation) confirmed that the human factor causes 90% of data leaks from the cloud, and the provider causes only 11% of incidents.
Six possible threats and recommendations for protection
To properly balance the benefits against the threats and distinguish between the reality and the ephemerality of possible hazards, let’s conduct a comprehensive analysis.
Privacy issues
| Attack aim | Reasons | Control measures |
| Capture / steal data | Purposeful action | Least privilege principle |
| View | Human factor | Monitoring logging |
| Publication | Technical vulnerability | The reliable rapid response mechanism |
| Deleting | Lack of security measures | Additional data encryption |
Invalid client settings
According to analyst Neil MacDonald (Vice President, Fellow and Distinguished Analyst at Gartner Research), almost all successful cyberattacks on cloud services are carried out with the easy submission of incorrect client settings.
| Attack aim | Reasons | Control measures |
| Capture / steal data | Invalid configuration parameters | A detailed description of the infrastructure life cycle in instructions and logs |
| View | Inadequate control | Proactive service management |
| Publication | Insufficient protection of backups
|
Additional data encryption |
| Deleting | Open network space connected to the network | |
| Observation |
Lack of security strategy. Lack of security architecture
| Attack aim | Reasons | Control measures |
| Capture / steal data | Lack of benchmarks and strategies | Implementation of security architecture according to the objectives |
| View | Lack of documentation | Providing continuous visibility of the actual state of security |
| Publication | Lack of balance between innovation and control | Constant system update |
| Observation | ||
| Deleting |
Insufficient identification procedures, separation of rights and access control
| Attack aim | Reasons | Control measures |
| Capture / steal data | Insufficient data protection | Using temporary credentials instead of long-term keys |
| View | Lack of automatic rotation of keys, passwords and certificates | Periodic key change |
| Publication | Lack of regularity of automatic rotation | Removing unused keys |
| Observation | Lack of secure access control systems. | Setting up multi-factor authentication |
| Deleting | Avoiding strong passwords | Regular key rotation |
| Obtaining control and management privileges | Opt-out of multi-factor authentication | |
| Virus injection |
Accounts hacking and stealing
| Attack aim | Reasons | Control measures |
| Capture / steal data | Insufficient protection of control and access data | Making backups |
| View | Lack of in-depth protection of the client cabinet | Introduce a reliable method of users authentication |
| Publication | Avoid logging activity monitoring
|
Separation of administrative functions |
| Observation | Lack of protection against phishing and exploitation of stolen information | Restriction of IP addresses for access |
| Deleting | Target attack | |
| Obtaining control and management privileges | ||
| Virus injection | ||
| Accounts selling |
Internal threats
| Attack aim | Reasons | Control measures |
| Capture / steal data | Insufficient data protection | Implementation of a strict identity and access policy |
| View | The human factor, including pressure, threats, coercion | Limiting privileges |
| Publication | Prophylaxis | |
| Observation | Staff training | |
| Deleting | Creating a safe work environment | |
| Obtaining control and management privileges | Keeping journals | |
| Virus injection |
Are the fears worth attention?
As you can see from the tables, there are many protection measures for each type of threat.
In an interview with “Izvestia”, Evgeny Kaspersky said that modern hackers could carry out previously “tough” attacks even for state security agencies. At the same time, the level of protection of the cloud space is also constantly evolving. Therefore, hacking a cloud, despite its apparent insecurity, is a complex undertaking.
And compared to the degree of protection of video materials on local devices (recorders and external devices), the cloud is the safest way to store data. At least in favour of the cloud is the fact that it is impossible to exert a negative physical effect on the server as on a video recorder (steal, break, destroy).
Results
Users are concerned about the integrity and reliability of external cloud platforms. However, the video archive’s cloud storage is protected on maximum from the influence of unauthorized persons and the users themselves. An additional plus is the automatic update of security systems and the absence of legal responsibility for information storage and confidentiality.
