Massive Surveillance Breach Shows Importance of Cloud Data Security

This week it was revealed that one of the largest Video Surveillance as a Service (VSaaS) vendors suffered a massive breach of security on a global scale. All of the customers of Verkada, a VSaaS company founded in 2016, were compromised when a group of hackers gained access to 150,000 video cameras and archived footage. Video footage from organizations that focus heavily on security such as hospitals, schools, Fortune 500 companies, police departments, and prisons were compromised. 

According to a recent Bloomberg article, “Available to the hackers were 330 security cameras inside the Madison County Jail in Huntsville, Alabama.” From those 330 security cameras inside the jail, the article mentions, “The hackers say they were able to access live feeds and archived video, in some cases including audio, of interviews between police officers and criminal suspects, all in the high-definition resolution known as 4K.” 

Video of patients in ICU beds, workers in manufacturing facilities, and even one of Verkada’s own employees at home with his family were accessed by hackers.  An extensive breach to a company that is “committed to a comprehensively secure surveillance environment” proves that there is an inherent lack of security in VSaaS offerings. Taking specific measures to guarantee sensitive information is completely secure is a top priority.

Cloud based VSaaS is a niche market that is steadily growing. It’s attractive to organizations because they offer the promise of a reduced burden of managing physical security infrastructure. But the vulnerabilities of an “all-in” cloud solution have many exploring other alternatives for video surveillance solutions. It’s one thing to make sure the actual camera is secure (live stream), but it’s another to make sure the storage of that video, in transit and at rest, is secure. In the case of Verkada, both were compromised. A hybrid cloud solution that air-gaps video management software (VMS) on-premises, while utilizing the cloud primarily for storage is the first step in establishing effective protection for your surveillance video footage. 

Many organizations in the surveillance space are moving to a hybrid-cloud strategy, utilizing a combination of both on-premises and cloud storage technology, mixing and matching for the highest level of security and reliability as best suits their goals and requirements. This solution is a great way to mitigate data loss while also decreasing the purchases of replacement or additional on-premises infrastructure while sending older video data to the cloud. The only way to ensure that your surveillance video is completely secure in the cloud is with video file immutability.

In light of the Verkada breach, how can affected law enforcement agencies comply with CJIS and establish a chain of custody for evidence? How can affected healthcare institutions comply with HIPAA, knowing that video of their patients has been accessed? How can these organizations ensure that none of the video was altered or syndicated? The impact of this breach is a snowball effect of real-world consequences for organizations that place trust in a secure video surveillance solution. If that video was stored in immutable buckets using  Wasabi hot cloud storage the chain of custody would be secure and protected from alteration or deletion.   

At Wasabi, we implement video file immutability to ensure the highest level of security for our surveillance customers. Immutable video protects against accidental or malicious data destruction. An immutable object cannot be deleted or modified by anyone—including Wasabi. 

When you create a Wasabi storage bucket (the basic container that holds your data) you have the option of making it immutable for a configurable retention period (in increments of days, weeks, months, or years). If desired, you can also configure the storage bucket to automatically delete the data after the retention period has expired. Data written to that bucket cannot be deleted or altered in any way, by anyone, throughout its storage lifetime. 

In addition to Immutable buckets, Wasabi takes a “defense-in-depth” approach to security to protect against the widest range of threats. We ensure the physical security of our data centers; employ strong authentication and authorization controls for all cloud compute, storage and networking infrastructure; and encrypt data using AES256-bit at rest and in transit to safeguard confidential data. All data stored on Wasabi is encrypted by default to protect data at rest and all communications with Wasabi are transmitted using HTTPS to protect data in transit.  

The Verkada attack shows that the surveillance industry, specifically VSaaS, is vulnerable to hackers. With the increasing amount of sensitive data being generated, it’s incredibly important to implement effective security measures to prevent these breaches. The best defense in deterring hackers or malicious intent is encrypted, uneditable, undeletable, immutable video provided by Wasabi Cloud Storage.   

Learn more about how Wasabi hot cloud storage can help secure your surveillance video: Here