What is the “Cloud”?
The “cloud” is the generic term given to any software service that provides interconnectivity to multiple devices wanting to access the same information everywhere.
It is a series of computers and storage services accessible anywhere by anyone with the required passwords.
The cloud offers the ability for several users to simultaneously work on the same document. This is a powerful advantage for teams working remotely from each other rather than in the same office.
The way people talk about this “cloud” like it's a cloud. It isn't a cloud! It's a load of hardware on an island somewhere, where anyone can access it, which is clear from the endless hacks that happen. Let's call it “the hard drive island” because then, immediately, it tells people “Oh, it's not in the sky, it's not untouchable by people.” Someone is monitoring it every day. — James Corden
It's almost impossible to avoid the cloud now, because of the movement of commercial and government services to the web, the multiplication of computing devices and the rapid growth in smartphones. These different trends reinforce one another. — The Guardian
Most website visitors aren't human. They're bots. Today, bots make up 52% of all web traffic. And these automated accounts have had serious, real world impact — from the 2016 [US] election, to the FCC's recent, controversial net neutrality vote. — Mozilla Blog
While convenient, the main issues facing this technology is security and speed of access.
[C]loud computing services offer the promise of convenience and cost savings, but at a price of reduced control over your own content, reliance on third-party providers, and potential privacy risks should the data “hosted in the cloud” be disclosed to law enforcement agencies without appropriate disclosure or oversight. — Michael Geist
- Cloud access means that your information can be retrieved anywhere rather than sitting on a specific computer. The same information can be available at work, at home or on the go.
- We expect to access our files quickly based upon the relative ease experienced on our computers. If the delay is too great, the benefits of cloud computing diminish.
- While many free services are vying for your business, expect to pay for premium security and performance as well as for more storage space.
iCloud Not Secure
The level of encryption and what it means to your data is different on cloud-based storage than on your privately-secured phone.
You may remember that many celebrity women had their private nude photos stolen from their iCloud account. You can thank the insistence of U.S. law enforcement agencies demanding access to iCloud accounts if a warrant is issued.
Remember, the terrorist iPhone and the FBI's difficulty breaking the encryption? iCloud is different. Unlike your phone's encryption, Apple had to have access to the encryption on iCloud to service warrants.
So what's the difference between iCloud and the iPhone? The iPhone, as DOJ puts it, is “warrant proof”, whereas the data stored in iCloud is warrant friendly, and was designed with this in mind. Data in the iCloud is encrypted and heavily protected by Apple, but the encryption is escrowed in a way that Apple has complete access to the content so that they can service law enforcement requests for data. — Jonathan Zdziarski
That weakness was exploited by a hacker to gain access to those women's iCloud accounts (and endangered them in many other ways by providing Exif location data available via the photos).
Things Can Go Very Wrong
Many things can go wrong, even with a larger cloud service:
Yesterday, February 8th, at 12:30PM PT Instapaper suffered from an outage that has extended through this morning.
After spending multiple hours on the phone with our cloud service provider, it appears we hit a system limit for our hosted database that's preventing new articles from being saved. At this time, our only option is to export all data from our old database and import it into a new one. —Instapaper
US banks ATMs are suddenly seeing a cyber attack that forces ATMs to spit out money for hackers. These ATMs were exposed by a nearby USB port. Seriously?
The affected ATMs are standalone internet-connected units, which should serve as yet another reminder of the security risk of IoT hardware. —TechRepublic
Accessible to Anyone Anywhere
Because the security is Web-based, it becomes more vulnerable to being hacked precisely because it can be accessed from anywhere.
[C]loud hacks are tomorrow's greatest threat.There's so much data stored in the cloud. If you breach the cloud, you're basically breaching a basket full of eggs. I can tell you firsthand cloud is really where hackers are focusing right now.— Tektonika
We haven't seen the worst of it yet. Because even a single cloud service provides so much more potential information to steal than the largest private networks, hackers are going to exploit cloud services. These services are more vulnerable than the owners would have you believe.
The Cost of Security Failures
Unfortunately, like with computer security, the user bears the cost of failure.
Companies seldom provide the same level of security for your data as they do for their own data. Notice that company documents aren't procured along with your passwords and credit information during the hacks perpetrated on these services. Companies seldom report these incidents until much later, if at all.
This will not change until the cost is too high for the cloud service to bear. For example, the revelations of the 2014 Yahoo! hack resulted in a $1 billion plus drop in the price offered by Verizon for this company.
Online Storage & Backup
Universal Storage in the Cloud
With high speed access from anywhere and the move to multiple portable devices (smart phones, tablets, laptops, etc.) with the need to securely access the same information everywhere, you need to have a central remote storage facility for these files.
Remote Backup & Recovery
Online backup services provide recovery in cases of computer disasters such as catastrophic damage, theft, etc.
However, bandwidth limits can make larger backups inconvenient, lengthly or costly, especially in countries like Canada.
Compared to other nations, Canadians suffer terrible upload speeds, with Canada ranking 53rd in upload speeds worldwide, according to CBC. Upload is critical to making use of public cloud solutions, especially storage. — Tektonika
People use the cloud for both storage (or file sharing) as well as offsite backups.
There are some considerations to choosing a service such as where it is located and the encryption used to protect it, particularly in the wake of what Edward Snowden revealed about spying by the NSA and other governments. Privacy is more important than most people realize.
Even if data isn't stored in a US cloud service, if it's been emailed or transferred online in some way, it may be collected by the US government as it's estimated that 90% of Canadian internet traffic is routed via the US. — TechSoup Canada
Online backup services depend upon a reliable and speedy connection (and may become expensive if you're facing crippling data caps imposed by your ISP).
Many of the big companies offer cloud storage solutions, but these are generally accessed through a common account (e.g. Microsoft or Google account).
As we become more mobile, people are looking to store their documents so that so that it is accessible anywhere and from any device. This allows you to begin work on one device and finish it on another.
Additionally, online storage can free up space on their devices.
These services usually offer limited free storage but you can purchase storage for an additional monthly or annual fee.
Recommended Cloud Storage Services
The following are my recommended cloud storage services:
- SecureSafe is the most secure (here's why).
- Dropbox is an excellent, cross-platform solution providing support for Linux and Blackberry as well as Windows, Mac OS X, Android, iOS and Windows Phone. PC Mag review.
Other Cloud Storage Services
Many of these services are tied to an operating system. There may be issues with privacy.
- Best cloud storage of 2019 online: free, paid and business options.
- Best cloud storage reviews 2019.
- The best cloud storage and file-sharing services — PC Mag.
- The best cloud storage services for Apple users.
- The best cloud storage for your buck in 2019.
- What's the best cloud storage for you?
- Best cloud storage — Tech Advisor.
- Cloud storage comparison.
Online backup services provide an alternative to local storage media and protect you from circumstances where the recovery media has been damaged or lost.
Recommended Cloud Backup Services
The following are my recommended cloud backup services:
- iDrive is strongly recommended by reviewers like PC Magazine, Wired and TechCrunch.
- CrashPlan offers subscription plans for individuals and businesses.
Other Cloud Backup Services
While not my recommended cloud backup solutions, these may work better for you.
- Best cloud backup services 2019.
- 23 online backup services reviewed.
- The best online backup services by PC Mag.
- The Best Online Backup Services.
- Best cloud backup services.
Software as a Service
While the cloud is not an operating system YET, this is the direction we're heading.
For example, Windows 10 is Software as a Service (SaaS) — software running on the Internet.
If you move the processing power to powerful remote computers along with the data then the work is done remotely rather than on the portable device. The resulting portable devices (called “thin clients”) can get smaller and more energy efficient and provide for much longer battery life.
There are several terms used to describe the various aspects of cloud-based services. Of course there are a series of abbreviations for these:
- SaaS refers to software that is run on remote servers. This includes online-based email, gaming and office suites as well as operating systems like Windows 10.
- PaaS can include a virtual operating system or web server environment.
- IaaS can refer to virtual environments including virtual server models showing a web designer how their site will look on various operating systems and browsers.
These collectively are all part of the cloud. Each service can be subscribed to in different ways to custom design your experience.
From CD to SaaS
The concept of SaaS is that you don't pay a large up-front cost for a software product. Instead you pay monthly for the software for as long as you continue to use it, sort of like how you pay your ISP for Internet access.
Part of the arrangement of most SaaS is that you get continuous updates. Rather than paying another one-time fee for upgrades, these are part of the agreement with the software provider.
Because the software is hosted on a remote server, you don't have to worry about installing patches and upgrades — it is all done for you automatically.
Traditionally, companies sold you a perpetual license for a piece of software for an up-front cost. While support for a product or its ability to run on newer equipment was not guaranteed, you paid for the product once and could continue to use it without paying any additional fees.
With subscription services you either have to continue to pay the subscription fee or lose access to your ability to work with your documents. Innovation is not guaranteed because the company no longer has to justify the cost of upgrades.
Increasingly, mature software vendors who have run out of innovation runway turn to rent seeking, increasingly we are told that the subscriptions will soon be everywhere and there is a real problem with that. — Rise Of The Rent Seeker: A Critical Analysis Of The Subscription Economy
Rental Licensing NOT SaaS
Not every cloud service is truly SaaS. Many vendors are simply turning their customers into subscribers. One example is Adobe's Creative Cloud.
Adobe Creative Cloud is largely software rental licensing. True, you can share images across it with its built-in Infrastructure-as-a-Service (IaaS) storage, but that's about it when it comes to its “cloud.” There is no Photoshop in the cloud that you can run on any of your devices. Instead you still need to download and use a fat client to use it. This is not a Software-as-a-Service (SaaS) play although you might think so from its name. — Cloudy Weather
Is It Worth It?
Traditionally, you would purchase an Adobe product like Photoshop for about US$900 or a Creative Suite for about US$1600. Upgrade optionally could be purchased at a discounted, but still significant fee. Such upgrades are seldom consistently purchased by most users.
Adobe Creative Cloud now charges subscribers a monthly fee of approximately $50 per month ($600/year).
What's frustrating about this is how shifting to these new forms of payment are great for the developer and fine for new users, but suck, a lot, for old users. — Alex Cranz
An occasional one-time upgrade fee when it is justified by increased productivity or the relaxation of budget constraints is easier to swallow than being FOREVER locked into a monthly fee.
You don't have to make major purchases at regular intervals yet have the latest product offerings(assuming the company continues to innovate). Your paid subscription also provides access to documents from anywhere that are stored on Adobe's cloud servers.
Creative Cloud is very cost-effective for companies that want to license the product for a new short-term project. For example, a six-month subscription for 50 users is more cost-effective than purchasing 50 full licences outright.
Adobe Creative Cloud is an attractive option ONLY if you tended to regularly upgrade with every new version and use the majority of the products you're paying for on a continuous basis or are interested only in a short-term subscription.
The subscription model is bad for customers when its clear that the reasons for adopting the model are mainly of benefit to the vendor, because renting software for ever quite clearly costs you more money than buying it. — The Infosec Scribe
There is a monthly financial commitment forever regardless of how much or how little you use the products. Updates may or may not address your requirements or fix issues you're experiencing.
Unlike with a one-time purchase, a subscription's terms of service (or pricing) can change at any time.
These practices have caused users to look elsewhere to meet their design software requirements, particularly if they don't want to pay a monthly subscription forever.
- Mac Photoshop and Illustrator users may find the award-winning Affinity Photo and Affinity Designer (both also available for iPad) more affordable at CA$69.99 (no subscription) each.
- Sketch is another Mac product for designing user interfaces, websites, and icons that comes with a fixed price rather than a monthly subscription.
- Windows Acrobat users will find that Nitro Pro is an excellent alternative for creating professional quality PDF documents that anyone can view, with any PDF reader, on virtually any device. Vulnerabilities are rare and Nitro Pro costs much less than Adobe products.
- Great problems: An epidemic of rent-seeking.
- How the subscription economy is disrupting the traditional business model.
- Subscription psycho: analysis of the subscription economy and its bad actors.
- Rise of the rent seeker: a critical analysis of the subscription economy.
Like other services that are accessed online there are significant security concerns. Over time these can be minimized by taking care to use adequate security precautions and in selecting security-conscious vendors.
[In spite of potential] alternatives that might address Canadian concerns, including encrypting all data and retaining the encryption key in Canada (thereby making it difficult to access the actual data outside the country), the [Canadian] government insisted on Canadian-based storage. The reason? According to internal U.S. documents discussing the issue, Canadian officials pointed to privacy concerns stemming from the USA Patriot Act.
The privacy concerns raise a bigger question for millions of Canadians that use U.S. cloud services as well as organizations such as Canadian universities that are contemplating switching their email or document management services to U.S.-based alternatives. Simply put, if U.S. cloud services are not good enough for the Canadian government, why should they be good enough for individual Canadians? —Michael Geist
We also need to trust who has access to our data, and under what circumstances.
One commenter wrote:After Snowden, the idea of doing your computing in the cloud is preposterous.
He isn't making a technical argument: a typical corporate data centre isn't any better defended than a cloud-computing one. He is making a legal argument.Under American law — and similar laws in other countries — the government can force your cloud provider to give up your data without your knowledge and consent. If your data is in your own data centre, you at least get to see a copy of the court order. — Bruce Schneier
You need to use a user name and password to log into these services. In most cases your user name is your email so only your password is truly private.
If your data is being stored “in the cloud” — where anyone can access it — they only need to break your password. Make your passwords long and strong.
You Don't Control the Software
More significantly, you no longer completely control what happens to your personal information and data or how it is used.
Running a piece of software on your computer means that you can see what it does using various utilities and via your firewall program. Parts may be hidden, but you can see what is happening if you have the right technology. Many folks on the Web that have such capabilities write about their experience.
Once you move that control to a remote server you no longer see the process. The result of that product is delivered to you, but you don't know what is shared or retained for advertising or other profiling.
- 5 mistakes to avoid in moving to the cloud.
- Should companies do most of their computing in the cloud?
- How safe is cloud storage?
- Who does that server really serve?
- Network services aren't free or nonfree; they raise other issues.
Security Concerns May Be Overblown
DZone's 2014 Cloud Platform Research Report investigated 40 cloud-based solutions:
While 75% expected security challenges, only 30% actually experienced them. This is the biggest gap in challenge expectations using a cloud platform.
But Perhaps Not
So far many of those experiencing security failures have been reluctant to release the details of those security breaches. The loss of customer data by major retail chains is seldom reported.
Until we are told exactly what caused the failures that resulted in unauthorized access to customer credit card and password data we cannot state categorically that the cloud is safe.
You have the right to know if the vendor is incompetent because it affects your privacy.
Roadblocks to Security
- A massive Equifax data breach was reported in September 2017 that has affected as many as 143 million consumers in the U.S., U.K. and Canada between May and July.
- Sony was hacked after warnings that their security was too lax.
- In a June 2015 security notice LastPass reported an attempted breach but indicated that no encrypted user vault data was taken.
- A 2015 attempt to hack Kaspersky's site using nation-state malware was detected and stopped.
Successful attempts make us all less safe. Vigilance is required to avoid increasingly sophisticated attacks and the economics are seldom favourable. It is less expensive to risk lawsuits from users than to pay up front security costs.
The tools needed to strengthen security are often withheld in the service of government spying.
Rather than patching known zero-day vulnerabilities, the NSA and other agencies used these to spy on other nations and their own citizens.
- They have infiltrated U.S. technology firms without outside oversight.
- The back-door access they demand from encryption software has been used by criminals to hack celebrity private photos and more.
- They insist that encryption protects criminals, yet our e-commerce system cannot work without the security of encryption.
Corporations are too busy gathering everything they can about you to worry about securing that content (except perhaps to keep it away from competitors).
Equifax was hacked sometime between May and July 2017 but not reported to consumers until September 2017. In the meantime, some executives have taken advantage of this gap to sell off their Equifax holdings ($3 million dollars worth of shares and insider trading by any definition I've ever seen). Their response was to set up a relatively-insecure site where consumers are asked to provide sensitive data about themselves. Those actions doesn't do much for the credibility of the company.
Until we educate ourselves about security and demand better security and privacy, we are unlikely to see any action taken.