Cloud storage security in the era of Internet of Things

9월 01, 2019

The development of the Internet of Things (IoT) has greatly promoted the development of cloud computing and cloud storage. While the cloud storage technology has developed rapidly, the data security challenges it faces are becoming more and more severe. To ensure user information security, cloud storage protection technology is essential for the development of IoT.

In the past, most security and surveillance systems worked in a stand-alone way, meaning that they were not connected to other systems, or to the public internet. Now, things have changed, and IoT in particular makes it possible to automate surveillance alerts and share them with other systems and users across the organization. Systems are also frequently connected with cloud-based solutions, with video data passing over the WAN and public internet to be stored off-site.

The advantages and risks of cloud storage
Cloud storage is a cloud-based computing model in which data is stored on remote servers and accessed over the internet. It is maintained, operated and managed by a cloud storage service provider using storage servers built on virtualization techniques.

The core security concern of for cloud storage users is data safety. And the biggest risk of data stored in the cloud is data leakage, which may occur during storage or transmission. Here, we’d like to talk about the risks and solutions associated with cloud data storage while security concerns on data transmission you can find the answer in another blog article regarding HTTPS protocols.

How Hikvision ensure user data security with encryption technologies
To help you minimize the risk of data leakage in the cloud, EZVIZ[1] Cloud offers a dual encryption solution which covers both server-side encryption and client-side encryption. We also maximize cybersecurity by following best practices, and we are certified to the relevant security standards, such as CSA STAR Certification.

1. Server-side encryption
Generally speaking, we ensure encryption before saving data on disks at the data center and downloading it from there. Specifically, the server-side encryption can be further divided into two categories. The first kind occurs when a cloud service provides a secret key, protecting data using server-side encryption with secret key; the second type occurs when developers manage the secret keys themselves, protecting data using server-side encryption with customer-provided encryption keys.

Either way, server-side encryption reduces the complexity of user-managed keys. Additionally, we also advise users to ensure their data is stored on physical devices in encrypted form, which will reduce the risks associated with unauthorized access to physical devices for data.

2. Client-side encryption
Today, we can not only provide basic cryptographic key solutions to protect cloud-based application development and services, but also leave these protection measures up to our users. In this scenario, data is encrypted on the client-side and uploaded to cloud storage servers, and users manage both the encryption process, the keys, and related tools.

Client-side encryption gives users more power over their keys while increasing the complexity of the user-managed key. The secret key on the client-side is managed by the user. For data security reasons, we will still encrypt data stored in the cloud on the server-side, so no additional user action is required there.

Find out more about boosting your cybersecurity with Hikvision
We hope this blog has given you a flavour of Hikvision’s cybersecurity innovations and how they can help you protect your people, assets and customers. For more information about how we can help you optimize cybersecurity in the IoT era, read our product security white paper or contact us.

[1]EZVIZ Cloud, a global video cloud service platform provided by EZVIZ, which is the consumer and residentially-focused subsidiary of Hikvision.