Russ Harvey Consulting - Computer and Internet Services

The “Cloud”

Internet-connected devices, data & programs

Challenges | Web Apps | Cloud-based Storage | Backup Services
Software as a Service | Other Security Concerns | Internet of Things

A graphic with stylized clouds with “Cloud Computing” on the largest.

What is the “Cloud”?

The “cloud” is the generic term given to any service providing interconnectivity to multiple devices wanting to access the same information everywhere.

Wherever you are in the world, if you're using Microsoft to host your emails, Google to host your documents, Amazon to provide your storage, and Apple to provide your personal cloud, it's open season on your data as far as the US government is concerned.

“Cloud” Implies Services are Secure

“Cloud” or “in the cloud” implies services located in an inaccessible location.

A large bank of servers with an overlay showing the cloud symbol.

Instead, the “Cloud” is a remote service comprised of

In its simplest terms, the cloud is just somebody else's computer.

The Move to the Cloud

Cloud services originally were mostly online storage and backup, but have since expanded into Software as a Service (SaaS) including web apps, shopping, auctions, surveys, banking and email.

Productivity has moved from working with dedicated software on personal computers to online services including.

Web apps like Google Docs and Microsoft 365 offer the ability for several users to simultaneously work on the same document. This is a powerful advantage for teams working remotely from each other rather than in the same office.

No Longer a Choice

As much as many of us would prefer to retain control of our documents and data, it has become virtually impossible to avoid it.

Services and software that used to run on our computers has moved to the cloud. Help and instruction manuals are seldom available without going online.

It's almost impossible to avoid the cloud now, because of the movement of commercial and government services to the web, the multiplication of computing devices and the rapid growth in smartphones. These different trends reinforce one another.
The Guardian

Working on Multiple Devices

Storing your files online also allows you to start working on a document on one device (e.g., your computer) and finish it on another device (e.g., your smartphone).

Operating systems like Windows, macOS, Android and iOS have all moved in that direction. Chromebooks were designed specifically with that goal in mind.

Recent versions of Windows default to OneDrive for saving documents, partly because people want anywhere/anytime access across multiple devices.

Computers now come with smaller solid state drives (SSDs) installed. While these drives run faster, they store less because manufacturers assume that you'll be using online storage.

Online services are vulnerable to being hacked and suffer from outages during which time you won't have access to your documents.

I recommend keeping current backups of critical documents on a thumb drive in case of either data loss or inability to access your files in a timely manner.

Return to top

The Cloud Faces Challenges

While convenient, the main issues facing this technology is security and speed of access.

[C]loud computing services offer the promise of convenience and cost savings, but at a price of reduced control over your own content, reliance on third-party providers, and potential privacy risks should the data “hosted in the cloud” be disclosed to law enforcement agencies without appropriate disclosure or oversight.
Michael Geist

Accessible Anywhere by Anybody

Because the security is Web-based, it becomes more vulnerable to being hacked precisely because it can be accessed from anywhere.

Even a single cloud service provides so much more potential information to steal than the largest private networks, so hackers are going to exploit cloud services.

[C]loud hacks are tomorrow's greatest threat. There's so much data stored in the cloud. If you breach the cloud, you're basically breaching a basket full of eggs. I can tell you firsthand cloud is really where hackers are focusing right now. — Tektonika

The Cloud Insecure

The use of terminology like “Cloud” makes these services sound like they are immune from interference. Nothing can be further from the truth.

The way people talk about this “cloud” like it's a cloud.


It isn't a cloud! It's a load of hardware on an island somewhere, where anyone can access it, which is clear from the endless hacks that happen.


Let's call it “the hard drive island” because then, immediately, it tells people “Oh, it's not in the sky, it's not untouchable by people.” Someone is monitoring it every day.
James Corden

These services are more vulnerable than the owners would have you believe.

Cybercriminals target cloud services because that is where the data has gone. The cloud has become more vulnerable which endangers a common backup for compromised computers.

Cloud and virtualization technologies will be increasingly hit by attackers. While businesses often transfer parts of their data and operations to the cloud, they also often use partner services which may not be well configured or contain vulnerabilities.


Companies may not be aware of cloud infrastructure intrusions, as some cloud providers do not log important system events.

iCloud Insecure

Your iPhone is secured by your unique password. That's why the FBI had difficulty breaking the encryption on the terrorist's iPhone.

iCloud doesn't have the same security.

U.S. law enforcement agencies demanded access to iCloud accounts so Apple had to have access to the encryption on iCloud when a warrant is issued.

So what's the difference between iCloud and the iPhone?


The iPhone, as DOJ puts it, is “warrant proof”, whereas the data stored in iCloud is warrant friendly, and was designed with this in mind.


Data in the iCloud is encrypted and heavily protected by Apple, but the encryption is escrowed in a way that Apple has complete access to the content so that they can service law enforcement requests for data.
Jonathan Zdziarski

That weakness was exploited by a hacker to gain access to iCloud accounts and steal private nude photos of celebrity women. The Exif location data embedded within those photos endangered their safety by revealing their location.

Unwanted Influences

Increasingly there are more automated visitors (bots) that search for content, vulnerabilities and opportunities to influence outcomes.

More often ads are served “on the fly.” Visitor information is sent to a multitude of potential buyers, some of which only wish to collect the metadata.

Most website visitors aren't human. They're bots. Today, bots make up 52% of all web traffic. And these automated accounts have had serious, real world impact — from the 2016 [US] election, to the FCC's recent, controversial net neutrality vote.
Mozilla Blog

Things Can Go Very Wrong

Many things can go wrong, even with a larger cloud service:

Yesterday, February 8th, at 12:30PM PT Instapaper suffered from an outage that has extended through this morning.


After spending multiple hours on the phone with our cloud service provider, it appears we hit a system limit for our hosted database that's preventing new articles from being saved. At this time, our only option is to export all data from our old database and import it into a new one.

US banks ATMs are suddenly seeing a Cyber attack that forces ATMs to spit out money for hackers. These ATMs were exposed by a nearby USB port. (Have these folks not even considered the security implications?)

The affected ATMs are standalone internet-connected units, which should serve as yet another reminder of the security risk of IoT hardware.

The User Pays for Security Failures

Unfortunately, like with computer security, the end user bears the cost of failure.

Companies seldom provide the same level of security for your data as they do for their own data.

Notice that company documents are seldom procured along with your passwords and credit information during the hacks perpetrated on these services. Companies seldom report these incidents until much later, if at all.

The LastPass Breach

One example is the 2022 LastPass breach.

The first notice on August 25th was relatively quick, but the company waited until December 22nd to report the loss of backups of users' password vault even though that was accomplished between August 20 and September 16, 2022.

It wasn't until March 2023 that users learned the full story — more than six months after their data was stolen. Given the critical nature of that data (all the passwords used by most LastPass users) that was far too late.

This lax reporting standard will not change until the cost is too high for the cloud service to bear (i.e., more than “a cost of doing business.”)

Breach Costs Yahoo! >$1 Billion

Verizon reduced their offer for Yahoo! by more than $1 billion after learning about its 2016 breach:

Verizon (VZ) agreed to buy Yahoo's core properties for $4.83 billion in late July, just days before the hack was first reported. The deal is expected to close in the first quarter of 2017.

Return to top

Web Apps

Web apps run within your browser, accessing and processing information remotely.

Web App Examples

People run Gmail, Google Docs, iCloud, banking and other online services without realizing that they're using a web app.

A web application (or web app) is application software that runs on a web server, unlike computer-based software programs that are stored locally on the Operating System (OS) of the device.

The move to mobile devices has greatly sped up the use of web apps because of their run-from-anywhere capability.

Security Concerns

Because web apps run remotely, the end-user has no control over the security. This is both a good thing and a bad thing.

The Good

Consumers are moving to using their mobile devices rather than computers in e-commerce, email, banking and more. Web apps provide an excellent anywhere, any time access.

One of the biggest issues for IT departments is training employees to have a security mindset aware of potential security threats and good security habits in the maintenance and updating of their security software.

By managing security remotely (MSSP), the responsibility for security moves from the end user to a service specializing in threat protection.

The Bad

Trust Wave noted in their 2018 white paper, Best Practices for Web Application Firewall Management, that too many web apps have rapid development cycles that leave little time for the discovery and elimination of vulnerabilities. This is aggravated when open source components are used without verification:

Most applications have vulnerabilities. In a recent study, the Trustwave SpiderLabs team identified at least one vulnerability in 100% of the applications they investigated. Most had more than one.

Web browsers all have security issues that compound any on the web app itself. If someone chooses to use an obsolete browser (like Internet Explorer) or an obsolete version of any browser, then it places the data managed by the web app at risk.

The Ugly

The biggest threats often come from within the company. People begin to use poor password hygiene, making remote access to confidential company information more vulnerable to hacking, ransomware and data breaches.

Mobile devices tend to have a great deal of personal information and seldom have the quality of security software that protects computers (if any at all). The use of web apps while connected to public WiFi (especially without a VPN) endangers your privacy and security.

“Online” Operating Systems

Google's Chromebook and other emerging light operating systems are essentially front ends for web apps. The computing is done online, allowing for cheaper, less powerful hardware to be used. A lower selling price is the goal.

Privacy Concerns

There are also privacy concerns.

Android is running on a significant portion of mobile devices. Google, the world's largest search provider, also controls the majority of the browser market, Gmail, YouTube, Google Docs and more.

Web Apps Getting Better

Web apps are getting much better, making it easier to transit from computer-based services to universal web-based services accessible anywhere.

Because of the increasing importance of mobile computing, services like Twitter began to use mobile rather than conventional wide-screen layouts as the default for all users.

This is also the reason for the current trend to move from multi-page websites to ones that continually scroll. Mobile users don't read sites so much as scan them. Big pictures, headings and minimal text have become the norm.

Progressive Web Apps

Progressive web apps are new trends that bring a native app-like experience to web applications.

Web apps are destined to be an increasingly important part of consumer and business computing experiences as we move to Software as a Service.

New Services Make Development Easier

The emergence of services like Microsoft's Azure and Apple's Swift have made it easier for small developers to provide web services and web apps.

Return to top

Cloud-based Storage

With high speed access from anywhere and the move to multiple portable devices (smart phones, tablets, laptops, etc.) combined with the need to securely access the same information everywhere, you need to have a central remote storage facility for these files.

Remote Backup & Recovery

Online backup services provide recovery in cases of computer disasters such as catastrophic damage, theft, etc.

However, bandwidth limits can make larger backups inconvenient, lengthly or costly, especially in countries like Canada.

Compared to other nations, Canadians suffer terrible upload speeds, with Canada ranking 53rd in upload speeds worldwide, according to CBC. Upload is critical to making use of public cloud solutions, especially storage.
— Tektonika

People use the cloud for both storage (or file sharing) as well as offsite backups.


There are some considerations to choosing a service such as where it is located and the encryption used to protect it, particularly in the wake of what Edward Snowden revealed about spying by the NSA and other governments. Privacy is more important than most people realize.

Even if data isn't stored in a US cloud service, if it's been emailed or transferred online in some way, it may be collected by the US government as it's estimated that 90% of Canadian internet traffic is routed via the US.
TechSoup Canada

Online backup services depend upon a reliable and speedy connection (and may become expensive if you're facing crippling data caps imposed by your ISP).

Many of the big companies offer cloud storage solutions, but these are generally accessed through a common account (e.g., Microsoft or Google account).

Storage Services

As we become more mobile, people are looking to store their documents, emails and other content so that so that it is accessible anywhere and from any device.

Microsoft built Windows 10 and Microsoft 365 (formerly Office 365) with this in mind. Using OneDrive as the default location for stored documents, a cross-platform Office cloud-based Office (providing lots of extra OneDrive space) and interconnectivity between Windows and mobile devices, users can start with one device and pick it up with another.

After March 1, 2022, you will no longer be able to sync or access synced files through Windows 7, 8 or 8.1. You will need to use the OneDrive website.

Additionally, online storage can free up space on their devices which has resulted in smaller, faster SSD drives in today's consumer laptops.

These services offer limited free storage but you can purchase storage for an additional monthly or annual fee:

  • Google Drive (15GB; this space is shared with Gmail files)
  • Box (10GB)
  • IDrive (10GB)
  • Microsoft OneDrive (5GB)
  • Dropbox (2GB)
  • PCMag

Recommended Cloud Storage Services

The following are my recommended cloud storage services:

Other Cloud Storage Services

Although some of these cloud services are integrated with a specific operating system, they have opened up access to remain competitive:

Be aware of potential privacy issues when storing sensitive data online without very strong encryption.


Return to top

Cloud-based Backup Services

Online backup services provide an alternative to local storage media and protect you from circumstances where the recovery media has been damaged or lost.

Recommended Cloud Backup Services

The following are my recommended cloud backup services:

Other Cloud Backup Services

While not my recommended cloud backup solutions, these may work better for you.

Acronis Cyber Protect Home Office is recommended only if you either have no security software installed or if you disable anti-ransomware and real-time protection during a custom installation. Details…


Return to top

Software as a Service

Remote Computing

While the cloud is not an operating system yet, this is the direction we're heading.

Operating systems like Chromebooks, Windows 10 and 11 are Software as a Service (SaaS) — software running on the Internet.

If you move the processing power to powerful remote computers along with the data then the work is done remotely rather than on the portable device.

The resulting portable devices (called “thin clients”) can get smaller and more energy efficient and provide for much longer battery life. This is the basis for Chromebooks.

There are several terms used to describe the various aspects of cloud-based services. Of course there are a series of abbreviations for these:

These collectively are all part of the cloud. Each service can be subscribed to in different ways to custom design your experience.

Online Services

Business has moved from self-hosted software to cloud-based software like Microsoft 365, IBM, Oracle and Salesforce.

While this is convenient, allowing for a “per-seat” corporate or educational pricing and anywhere 24/7 access, there have been some glitches including the rapid increase of ransomware and hacking of services like SolarWinds.

The underlying enabling factors for this cybercrime explosion are rooted in the digital dumpster fire of our seemingly pathological need to connect everything to the Internet combined with how hard it is to actually secure what we have connected.
Washington Post

From CD to SaaS

The concept of SaaS is that you don't pay a large up-front cost for a software product. Instead you pay monthly for the software for as long as you continue to use it, sort of like how you pay your ISP for Internet access.

Part of the arrangement of most SaaS is that you get continuous updates. Rather than paying another one-time fee for upgrades, these are part of the agreement with the software provider.

Because the software is hosted on a remote server, you don't have to worry about installing patches and upgrades — it is all done for you automatically.

Subscription Services

Traditionally, companies sold you a perpetual licence for a piece of software for an up-front cost. While support for a product or its ability to run on newer equipment was not guaranteed, you paid for the product once and could continue to use it without paying any additional fees.

With subscription services you either have to continue to pay the subscription fee or lose access to your ability to work with your documents.

Unlike magazine subscriptions, innovation is not guaranteed because the company no longer has to justify the cost of upgrades.

Increasingly, mature software vendors who have run out of innovation runway turn to rent seeking, increasingly we are told that the subscriptions will soon be everywhere and there is a real problem with that.
Guise Bule

Rental Licensing Not SaaS

Not every cloud service is truly SaaS. Many vendors are simply turning their customers into subscribers. One example is Adobe's Creative Cloud.

Adobe Creative Cloud is largely software rental licensing. True, you can share images across it with its built-in Infrastructure-as-a-Service (IaaS) storage, but that's about it when it comes to its “cloud.” There is no Photoshop in the cloud that you can run on any of your devices. Instead you still need to download and use a fat client to use it. This is not a Software-as-a-Service (SaaS) play although you might think so from its name.
— Cloudy Weather

Is It Worth It?

Traditionally, you would purchase an Adobe product like Photoshop for about US$900 or a Creative Suite for about US$1600. Upgrade optionally could be purchased at a discounted, but still significant fee. Such upgrades are seldom consistently purchased by most users.

Adobe Creative Cloud now charges subscribers a monthly fee of approximately $50 per month ($600/year). You now pay for a Creative Suite licence every 2.66 years even if you, like many, didn't previously upgrade with every new version.

What's frustrating about this is how shifting to these new forms of payment are great for the developer and fine for new users, but suck, a lot, for old users.
Alex Cranz

An occasional one-time upgrade fee when it is justified by increased productivity or the relaxation of budget constraints is easier to swallow than being forever locked into a monthly fee.


You don't have to make major purchases at regular intervals yet have the latest product offerings (assuming the company continues to innovate). Your paid subscription also provides access to documents that are stored on Adobe's cloud servers from anywhere.

Creative Cloud is very cost-effective for companies that want to licence the product for a short-term project. A six-month subscription for 50 users ($15,000) is more cost-effective than purchasing 50 Creative Suite licences outright ($80,000).


Adobe Creative Cloud is an attractive option only if you tended to regularly upgrade with every new version and use the majority of the products you're paying for on a continuous basis or are interested only in a short-term subscription.

The subscription model is bad for customers when its clear that the reasons for adopting the model are mainly of benefit to the vendor, because renting software forever quite clearly costs you more money than buying it.
The Infosec Scribe

There is a monthly financial commitment forever regardless of how much or how little you use the products. Updates may or may not address your requirements or fix issues you're experiencing.

Rent seeking in the tech space diminishes the incentive to improve features because cutting down to a skeleton team of maintenance developers and moving to a subscription revenue means that the revenue you make is almost pure profit and there will always be investors pushing for that.
Guise Bule

Unlike with a one-time purchase, a subscription's terms of service (or pricing) can change at any time.

Adobe Alternatives

These practices have caused users to look elsewhere to meet their design software requirements, particularly if they don't want to pay a monthly subscription forever.

Related Reading

Return to top

Security Concerns

Like other services that are accessed online there are significant security concerns. Over time these can be minimized by taking care to use adequate security precautions and in selecting security-conscious vendors.

[In spite of potential] alternatives that might address Canadian concerns, including encrypting all data and retaining the encryption key in Canada (thereby making it difficult to access the actual data outside the country), the [Canadian] government insisted on Canadian-based storage. The reason? According to internal U.S. documents discussing the issue, Canadian officials pointed to privacy concerns stemming from the USA Patriot Act.


The privacy concerns raise a bigger question for millions of Canadians that use U.S. cloud services as well as organizations such as Canadian universities that are contemplating switching their email or document management services to U.S.-based alternatives. Simply put, if U.S. cloud services are not good enough for the Canadian government, why should they be good enough for individual Canadians?
Michael Geist
We also need to trust who has access to our data, and under what circumstances.


One commenter wrote: After Snowden, the idea of doing your computing in the cloud is preposterous.


He isn't making a technical argument: a typical corporate data centre isn't any better defended than a cloud-computing one. He is making a legal argument.


Under American law — and similar laws in other countries — the government can force your cloud provider to give up your data without your knowledge and consent. If your data is in your own data centre, you at least get to see a copy of the court order.
Bruce Schneier

Log-in Required

You need to use a user name and password to log into these services. In most cases your user name is your email so only your password is truly private.

If your data is being stored “in the cloud” — where anyone can access it — they only need to break your password. Make your passwords long and strong.

You Don't Control the Software

More significantly, you no longer completely control what happens to your personal information and data or how it is used.

Running a piece of software on your computer means that you can see what it does using various utilities and via your firewall program. Parts may be hidden, but you can see what is happening if you have the right technology. Many folks that have such capabilities write about their experience.

Once you move that control to a remote server you no longer see the process. The result of that product is delivered to you, but you don't know what is shared or retained for advertising or other profiling.

How Real Are Security Concerns?

So far many of those experiencing security failures have been reluctant to release the details of those security breaches. The loss of customer data by major retail chains is seldom reported.

You have the right to know if the vendor is incompetent because it affects your privacy.

Until we are told exactly what caused the failures that resulted in unauthorized access to customer credit card and password data we cannot state categorically that the cloud is safe.

Roadblocks to Security

Too many sites insist on password restrictions, usually because they are saving the data unencrypted on their servers. Many are lax in monitoring their network for suspect activity or lack the expertise to notice irregularities.

Equifax is Corrupt

Equifax was hacked sometime between May and July 2017. Executives sold off $3 million dollars worth of Equifax shares before the news was released in September.

Equifax's response? An insecure site asking consumers to provide even more sensitive data. The company lacks credibility and was permitted to get away with insider trading.

Successful data breaches make us all less safe.

Vigilance is required to avoid increasingly sophisticated attacks and the economics are seldom favourable.

Class Action Lawsuits Ineffective

It is less expensive to risk lawsuits than to pay for improved security.

Even if a class-action lawsuit is brought against the company, the settlements seldom provide significant compensation for anyone but the lawyers.

Corporations are too busy gathering everything they can about you to worry about securing the content they collect (except to keep it away from competitors).

Misplaced Priorities

All software contains vulnerabilities.

Rather than patching known zero-day vulnerabilities, the NSA and other agencies collect these to spy on other nations and their own citizens.

The Cost is High

When vulnerabilities aren't fixed, hackers use them for phishing attacks, ransomware and data breaches.

Now the U.S. and other nations are being attacked by well-funded nation-states and organized crime (often referred to as “malicious actors”) using those vulnerabilities.

We Need to Demand Accountability

Until we educate ourselves about security and demand better security and privacy, we are unlikely to see any action taken.

Return to top

The Internet of Things

The “cloud” is only the beginning. The Internet of Things (IoT) is creating an environment where everything is connected.

When many objects act in unison, they are known as having “ambient intelligence.” — Techopedia

Privacy Concerns

These small devices are not only communicating information but have access to information independent of what their owners and operators can see.

Smart phones can be tracked in real-time. Smart meters tell a great deal about your energy use (even when you're out). Imagine if everything about you is known in realtime.

Internet-connected appliances tempt people with science fictionlike conveniences, but beneath the sparkling surface lurk potential privacy violations.

The regulatory and legal system can't keep up with the changes in technology.

Even our kids' toys store information on an unsecured cloud server. Listen to the Mozilla IRL podcast or read the transcript to learn how little privacy we have left.

Car manufacturers will be able to monitor your every move with emotion-detecting AI and sell that data to insurers, advertisers and anyone else.

IoT is going to steal all your stuff. Well, not steal your stuff exactly, but quietly and invisibly shift ownership of some of your prized possessions to somebody else.

A study of 314 IoT devices found that:

The only thing we can do is lobby to ensure that those that are in control of this information are held accountable in a public forum.

Who's Watching the Watchers?

If we've learned anything from the NSA spying scandal, it is that we cannot trust secret courts with secret rulings for oversight.

Security Concerns

Security is a concern with IoT devices. Manufacturers often have NO experience with connected devices or the need to secure them.

“Smart” homes are dependent upon WiFi for their connections to the Internet. Too often the WiFi connection is hardwired for obsolete or marginal security protocols.

This environment includes fridges, remote control devices, baby monitors, thermostats and more. Imagine coming home to a frozen house because someone remotely turned off the heat.

LG has updated its software after security researchers spotted a flaw that allowed them to gain control of devices like refrigerators, ovens, dishwashers, and even access the live feed from a robot vacuum cleaner.

Many organizations such as hospitals are ill-prepared to deal with obsolete connected devices still in operation such as hard-wired yet Internet-connected Windows XP devices.

53% of internet-connected medical devices analyzed were found to have a known vulnerability, while one-third of bedside devices were identified to have a critical risk.

DDoS by Compromised IoT Devices

An October 2016 a botnet made up of 100,000 compromised gadgets took down Netflix, Twitter and many others.

Level3 Outage Map (US) - 21 October 2016

IoT Could Threaten Our Survival

We're building a world-size robot, and we don't even realize it.


This world-size robot is actually more than the Internet of Things.


It'll also get much more dangerous.


The world-size robot we're building can only be managed responsibly if we start making real choices about the interconnected world we live in.
Bruce Schneier

IoT's Potential Evolutionary Leap

If we can resolve the privacy, security and trust issues that both AI and the IoT present, we might make an evolutionary leap of historic proportions.
Stephen Balkam

Technical Discussions

Intel's “A Guide to the Internet of Things” Infographic shows where we've come and where we're going with IoT.

Intel's “Guide to IoT” infographic

The following are technical resources aimed at big businesses but will give you a clearer picture of who the players in the IoT game are.

Related Resources

On this site:

Found this resource useful?
Buy Me A Coffee


Return to top
Updated: July 13, 2024