Russ Harvey Consulting - Computer and Internet Services

The “Cloud”

The “Cloud” | Cloud Services | Security Concerns | Internet of Things

What is the “Cloud”?

The “cloud” is the generic term given to any software service that provides interconnectivity to multiple devices wanting to access the same information everywhere. It is a series of computers and storage services accessible anywhere by anyone with the required passwords.

The way people talk about this “cloud” like it's a cloud. It isn't a cloud!. It's a load of hardware on an island somewhere, where anyone can access it, which is clear from the endless hacks that happen. Let's call it “the hard drive island” because then, immediately, it tells people “Oh, it's not in the sky, it's not untouchable by people.” Someone is monitoring it every day. — James Corden
It's almost impossible to avoid the cloud now, because of the movement of commercial and government services to the web, the multiplication of computing devices and the rapid growth in smartphones. These different trends reinforce one another. — The Guardian

Storage & Backup in the Cloud

Universal Access

With high speed access from anywhere and the move to multiple portable devices (smart phones, tablets, laptops, etc.) with the need to securely access the same information everywhere, you need to have a central remote storage facility for these files.

The cloud offers the ability for several users to simultaneously work on the same document. This is a powerful advantage for teams working remotely from each other rather than in the same office.

Remote Backup & Recovery

Online backup services provide recovery in cases of computer disasters such as catastrophic damage, theft, etc. Bandwidth issues can make larger backups inconvenient or lengthly.

Compared to other nations, Canadians suffer terrible upload speeds, with Canada ranking 53rd in upload speeds worldwide, according to CBC. Upload is critical to making use of public cloud solutions, especially storage. — Tektonika

Remote Computing

While the cloud is not an operating system yet, this is the direction we're heading. Windows 10 is getting close (it is Software as a Service or SaaS).

If you move the processing power to powerful remote computers along with the data then the work is done remotely rather than on the portable device. The resulting portable devices (called “thin clients”) can get smaller and more energy efficient and provide for much longer battery life.

Challenges

While convenient, the main issues facing this technology is security and speed of access.

[C]loud computing services offer the promise of convenience and cost savings, but at a price of reduced control over your own content, reliance on third-party providers, and potential privacy risks should the data “hosted in the cloud” be disclosed to law enforcement agencies without appropriate disclosure or oversight. — Michael Geist
  • Cloud access means that your information can be retrieved anywhere rather than sitting on a specific computer. The same information can be available at work, at home or on the go.
  • We expect to access our files quickly based upon the relative ease experienced on our computers. If the delay is too great, the benefits of cloud computing diminish.
  • While many free services are vying for your business, expect to pay for premium security and performance as well as for more storage space.

Things Can Go Very Wrong

Many things can go wrong, even for a larger service like Instapaper:

Yesterday, February 8th, at 12:30PM PT Instapaper suffered from an outage that has extended through this morning.
After spending multiple hours on the phone with our cloud service provider, it appears we hit a system limit for our hosted database that's preventing new articles from being saved. At this time, our only option is to export all data from our old database and import it into a new one. —Instapaper

Accessible Anywhere to Anyone

Because the security is Web-based, it becomes more vulnerable to being hacked precisely because it can be accessed anywhere.

In 2014 alone, more than one billion personal records were illegally accessed — including health, financial, email and home address data, and other personal information like Social Security numbers. That's up more than 54 percent on the year prior, according to Gemalto. This year, there's no sign of let-up. — ZDNet

New security technology which is less dependent upon remembering complex passwords will assist with this transition.

The Cost of Security Failures

Unfortunately, like with computer security, the user bears the cost of failure.

Companies seldom provide the same level of security for your data as they do for their own data. Notice that company documents aren't procured along with your passwords and credit information during the hacks perpetrated on these services. Companies seldom report these incidents until much later, if at all.

This will not change until the cost is too high for the cloud service to bear. Perhaps change is on the way. The revelations of the 2014 Yahoo! hack has already resulted in a $1 billion plus drop in the price offered by Verizon for this company.

Return to top

Cloud Services

Cloud services originally were mostly online storage and backup, but have since expanded into Software as a Service (SaaS) in its various forms. Unlike earlier versions, Windows 10 is SaaS.

Storage & Backup Services

More frequently people are looking to store information so that it is accessible anywhere and from any device. These services usually offer limited free storage but you can purchase storage for an additional monthly or annual fee.

Online backup services provide an alternative to local storage media and protect you from circumstances where the recovery media has been damaged or lost.

Considerations

There are some considerations to choosing a service such as where it is located and the encryption used to protect it, particularly in the wake of what Edward Snowden revealed about spying by the NSA and other governments. Privacy is more important than most people realize.

Even if data isn't stored in a US cloud service, if it's been emailed or transferred online in some way, it may be collected by the US government as it's estimated that 90% of Canadian internet traffic is routed via the US. — TechSoup Canada

Online backup services depend upon a reliable and speedy connection (and may become expensive if you're facing crippling data caps imposed by your ISP).

Recommended Services

The following are recommended cloud storage services:

  • SecureSafe is the most secure (here's why).
  • Dropbox is an excellent, cross-platform solution providing support for Linux and Blackberry as well as Windows, Mac OS X, Android, iOS and Windows Phone.

The following are recommended cloud backup services:

  • iDrive is strongly recommended by reviewers like PC Magazine, Wired and TechCrunch.
  • CrashPlan offers a free personal backup plan as well as subscription plans for individuals and businesses.

Other Services

These services are tied to an operating system or are not as universally accessible. There may also be issues with privacy.

  • GoogleDrive.
  • iCloud.
  • OneDrive (formerly SkyDrive).
  • Box is one of the oldest cloud services.
  • Mozy was originally known mostly for online backup but offers other services.

Learning More

These articles will help you to make the decision about which service is right for you.

Software as a Service

There are several terms used to describe the various aspects of cloud-based services. Of course there are a series of abbreviations for these:

  • SaaS refers to software that is run on remote servers. This includes online-based email, gaming and office suites.
  • PaaS can include a virtual operating system or web server environment.
  • IaaS can refer to virtual environments including virtual server models showing a web designer how their site will look on various operating systems and browsers.

These collectively are all part of the cloud. Each service can be subscribed to in different ways to custom design your experience.

From CD to SaaS

Traditionally, companies sold you a perpetual license for a piece of software for an up-front cost. While support for a product or its ability to run on newer equipment was not guaranteed, you paid for the product once and could continue to use it without paying any additional fees.

The concept of SaaS is that you don't pay a large up-front cost for a software product. Instead you pay monthly for the software for as long as you continue to use it, sort of like how you pay your ISP for Internet access.

Part of the arrangement of most SaaS is that you get continuous updates. Rather than paying another one-time fee for upgrades, these are part of the agreement with the software provider. Because the service is hosted on a remote server, you don't have to worry about installing patches and upgrades — it is all done for you automatically.

Rental Licensing

Not every cloud service is truly SaaS. One example is Adobe's Creative Cloud.

Traditionally, you would purchase an Adobe product like Photoshop for about $900 or a Creative Suite for about $1600. When a new version came around you'd have to purchase the upgrade (at a discounted, but still significant fee). With the new Adobe Creative Cloud you would pay a monthly fee of approximately $50 per month but would get access to all their products with automatic upgrades included in the price.

Adobe Acrobat Reader DC (released in April 2015) is a major update that moves towards focusing on access of documents from anywhere using Adobe Cloud (subscription required).

Adobe Creative Cloud is largely software rental licensing. True, you can share images across it with its built-in Infrastructure-as-a-Service (IaaS) storage, but that's about it when it comes to its “cloud.” There is no Photoshop in the cloud that you can run on any of your devices. Instead you still need to download and use a fat client to use it. This is not a Software-as-a-Service (SaaS) play although you might think so from its name. — Cloudy Weather

Advantages

The main advantage of SaaS is that you don't have to make major purchases at regular intervals yet have the latest product offerings.

This is a good deal ONLY if you tended to regularly upgrade with every new version and used the majority of the products you're paying for on a continuous basis.

Disadvantages

There is still a monthly financial commitment forever regardless of how much or how little you use the products.

Many individuals found little added value in the traditional product upgrades and seldom purchased an upgrade. Often it is easier to handle an occasional one-time upgrade fee when it is justified by increased productivity and timed with the ability to afford the purchase than being locked into a continuous monthly fee.

Return to top

Security Concerns

Like other services that are accessed online there are significant security concerns. Over time these can be minimized by taking care to use adequate security precautions and in selecting security-conscious vendors.

[In spite of potential] alternatives that might address Canadian concerns, including encrypting all data and retaining the encryption key in Canada (thereby making it difficult to access the actual data outside the country), the [Canadian] government insisted on Canadian-based storage. The reason? According to internal U.S. documents discussing the issue, Canadian officials pointed to privacy concerns stemming from the USA Patriot Act.

The privacy concerns raise a bigger question for millions of Canadians that use U.S. cloud services as well as organizations such as Canadian universities that are contemplating switching their email or document management services to U.S.-based alternatives. Simply put, if U.S. cloud services are not good enough for the Canadian government, why should they be good enough for individual Canadians? —Michael Geist — law professor at the University of Ottawa

We also need to trust who has access to our data, and under what circumstances. One commenter wrote: After Snowden, the idea of doing your computing in the cloud is preposterous. He isn't making a technical argument: a typical corporate data centre isn't any better defended than a cloud-computing one. He is making a legal argument. Under American law — and similar laws in other countries — the government can force your cloud provider to give up your data without your knowledge and consent. If your data is in your own data centre, you at least get to see a copy of the court order. — Bruce Schneier

Log-in Required

You need to use a user name and password to log into these services. In most cases your user name is your email so only your password is truly private. Your data is being stored “in the cloud” where anyone can access it — they only need to break your password — so your password should be long, strong and complex.

You Don't Control the Software

More significantly, you no longer completely control what happens to your personal information and data or how it is used.

Running a piece of software on your computer means that you can see what it does using various utilities and via your firewall program. Parts may be hidden, but you can see what is happening if you have the right technology (and many folks on the Web do and write about their experience).

Once you move that control to a remote server you no longer see the process. The result of that product is delivered to you, but you don't know what is shared or retained for advertising or other profiling.

Security Concerns May Be Overblown

DZone's 2014 Cloud Platform Research Report investigated 40 cloud-based solutions and discovered: While 75% expected security challenges, only 30% actually experienced them. This is the biggest gap in challenge expectations using a cloud platform.

But Perhaps Not

So far many of those experiencing security failures have been reluctant to release the details of those security breaches. The loss of customer data by major retail chains is seldom reported.

Until we are told exactly what caused the failures that resulted in unauthorized access to customer credit card and password data we cannot state categorically that the cloud is safe. This affects your privacy and you have the right to know if the vendor is incompetent.

Roadblocks to Security

Too many sites insist on password restrictions, usually because they are saving the data unencrypted on their servers. Many are lax in monitoring their network for suspect activity.

  • Sony was hacked after warnings that their security was too lax.
  • In a June 2015 security notice LastPass reported an attempted breach but indicated that no encrypted user vault data was taken.
  • An attempt was made to hack Kaspersky's site, using nation-state malware. The security software maker was vigilant and stopped the attack, but success would have made all of us less safe.

Misplaced Priorities

The tools they need to strengthen security are often withheld in the service of government spying (and corporations are busy gathering everything they can about you).

Rather than patching known zero-day vulnerabilities, the NSA and other agencies used these to spy on other nations and their own citizens. They have infiltrated U.S. technology firms without outside oversight. The back-door access they demand from encryption software has been used by criminals to hack celebrity private photos and more.

Return to top

www.russharvey.bc.ca/resources/cloud.html
Updated: April 3, 2017

The cloud offers interconnectivity between devices via remote storage.

The Internet of Things

The “cloud” is only the beginning. The Internet of Things (IoT) is creating an environment where everything is connected.

When many objects act in unison, they are known as having “ambient intelligence.” — Techopedia

Intel's “Guide to IoT” infographic

Intel's “A Guide to the Internet of Things” Infographic shows where we've come and where we're going with IoT.

Privacy Concerns

These small devices are not only communicating information but have access to information independent of what their owners and operators can see.

Smart phones can be tracked in real-time. Smart meters tell a great deal about your energy use (even when you're out). Imagine if everything about you is known in realtime.

The regulatory and legal system can't keep up with the changes in technology.

A study of 314 IoT devices in April 2016 found that:

  • 59% didn't adequately explain to customers how their personal data was collected, used and disclosed
  • 68% failed to properly explain how information was stored
  • 72% failed to explain how customers could delete their information off the device
  • 38% failed to include easily located contact details should customers have privacy concerns
  • 68% collected location data
  • 64% asked for date of birth details, and
  • 41% collected photo, video or audio files

The only thing we can do is lobby to ensure that those that are in control of this information are held accountable in a public forum.

Who's Watching the Watchers?

If we've learned anything from the NSA spying scandal, it is that we cannot trust secret courts with secret rulings for oversight.

Security Concerns

Security is also a concern. Many manufacturers of devices that traditionally did not connect have NO experience with connected devices and the requirement to secure them.

DDoS by Compromised IoT Devices

An October 2016 a botnet made up of 100,000 compromised gadgets took down Netflix, Twitter and many others.

Level3 Outage Map (US) - 21 October 2016

Health Issues

The IoT is built on 5G WiFi technology

5G frequencies appear to affect people, something the Chinese and Russian military have tested for crowd control and military applications.

Other Concerns

But these aren't the only concerns.

IoT Could Threaten Our Survival

We're building a world-size robot, and we don't even realize it.

This world-size robot is actually more than the Internet of Things.

It'll also get much more dangerous.

The world-size robot we're building can only be managed responsibly if we start making real choices about the interconnected world we live in.— Bruce Schneier

IoT's Potential Evolutionary Leap

If we can resolve the privacy, security and trust issues that both AI and the IoT present, we might make an evolutionary leap of historic proportions. — Stephen Balkam

Technical Discussions

The following are technical resources aimed at big businesses but will give you a clearer picture of who the players in the IoT game are.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!