It surprises me how many people have questions for me regarding the cloud. There seem to be many misconceptions regarding what it is, where it is, and how or why to use it. The reason this surprises me is that you literally cannot open a google search box without tripping over dozens of article about the cloud. YouTube is filled with videos explaining it, and everyone who is anyone in the tech community has already addressed it. For this reason, I will not go into a lengthy explanation or try to diagram for you how it all works, what cloud computing is, or anything like that, instead, at the end of this, I will simply link some of the articles I found most informative, accurate and maybe entertaining that already have done a wonderful job of explaining all you need to know about the mysterious cloud. Instead, what I want to talk about today is a few practical application tips regarding your data and the cloud.
First off, what is the cloud? I don’t want to answer this, so many already have, but for those reading this that don’t yet know, the “cloud” is just of a collection of other peoples’ computers. Seriously, that is it. Most of the time, if you are using the cloud, it is a server, or more likely a large group of servers and bulk storage hard drives all put together into a data center, but it doesn’t have to be. If I set it up right, and you sign into it, the cloud could be my pc here in my office. We will talk more about that later when we talk about security, but to move forward with this conversation, “The Cloud” is just other peoples’ machines (OPM).
Why do we have a cloud in the first place? Do we really need it? Well, without going into exactly how it started, suffice it to say, we us the cloud to increase or augment our local storage, that in a nutshell is why we have it. You keep your songs on iTunes, that is the cloud, the machines belong to Apple, and you use it so you can store more music than your computer has room for and in such a way that if something happens to your PC, you can get that music back, from the cloud, i.e., from Apple’s data centers. I realize this is a highly simplified view of it, but if you can grasp this, you can easily learn all you may need or want about the cloud. So that is the Why part, but do we need it. This is where the conversation goes from definitive to subjective. Every person is different and so are their computing needs. My recommendation would be to ask yourself a few simple questions.
First: What do I gain? Many apps and devices prompt you to automatically connect to cloud services or storage, but what do you get if you do? How badly do you need the app or device?
Second, what does it actually cost you, what are you paying or giving up to have this? Do you trust this company or network with your private data after they have it? What surety do you have that they will use this private information in a reasonable, responsible way?
Third, Is this safe? Security should be a concern for everyone, so what kind of security does that company have? Are they large enough to have an InfoSec budget, and if so, are they socially responsible enough to use it properly? Also, if the company is responsible and secure now, what are their obligations to you and your private data after a sale, merger or policy change?
Now that we have these three sets of questions lets examine in more detail why they are important.
First off, what do I gain? Do I really need it? Please understand, I am not implying that you don’t need that thing or that service and therefore you shouldn’t connect, I am simply asking you to consider what you really get and why you may want it before you connect. Simply clicking yes without thinking it thru before you agree to let a company or network glean private data from you in the background over a long period is no different than giving up a raise because you never thought to ask for one, or paying MSRP for a car because you didn’t think to talk to the dealer. The data you give up will likely be a valuable piece of your privacy; companies don’t waste cash on data centers just for fun, they have a reason to go after every piece of your data they are asking you for, even if you don’t understand why. Is this invisible privacy price that you are spending to get this feature worth it to you? What do you gain? You will never know if you don’t ask.
Next, What am I really giving up? What does it cost me? As we just said, your privacy is valuable and shouldn’t be given up without weighing the costs. Running a data center is not cheap, so what do these companies get in return for providing you the convenience of cloud storage? Most of the time what they get is huge sets of data points that allow them to predict your likes, beliefs, wants or actions. The more data they have, the more they can make educated guesses based on your past behavior, and this is very valuable to advertisers. Recovering costs from gathering and selling your data is the reason nearly every company with a cloud, pushes you continually to sign in to it. Granted, there are some who genuinely want to use cloud services to enhance a product or service. There are also companies who by offering cloud storage or backup relieve themselves of the liability of restoring your data in the event of loss or failure, and those companies gain a direct financial benefit from making a cloud solution available to you. Similarly, some companies offer cloud storage as a value-add to promote their product or service, but those cases are not typical. An over simplified example of these could be Microsoft with OneDrive and Google with Google Drive. Microsoft is using a terabyte of online storage as a value-add to convince companies to buy into Office 365. They are spending some of their advertising or promotional budget to fund that cloud to grow the client base for a larger, more important product. Google, however, is openly offering you cloud storage in Google Drive then scanning your data stored there to find data points that they can then use and sell mostly for Google Ads which are their primary source of revenue. Neither of these companies are doing anything shady or wrong, but depending on what you are gaining, you may decide to use one, both or neither of these cloud services based on this knowledge of their intention and behavior.
The next question raised in this section was can you trust these companies once they have your data and what are they offering to do or are required to do with it? This has become a hot topic lately after the Facebook/Cambridge Analytica debacle, but this has been a problem for a long time. If a company gives you a TOS that says they will never use your data in a certain way, then you accept it and start using their service, what happens when they go under? What happens to their data, formerly your data, when they are sold, or acquired? Does the new company or even the new board of the same company owe you the same rights and privacy? Often the case is no, they don’t, and at most will simply send you a small email stating that the terms of service have changed. These often go straight to the spam folder to are just deleted as junk, which often is what the company is hoping for. This has been such an issue for so long that recently, new international rules have been enacted that do take steps keep this from happening. Companies are now required to ensure your privacy and provide you the ability to remove yourself after the fact, and that helps a lot, but many feel it is too little too late.
Lastly, is it safe? The only accurate answer to this blanket question is no. The cloud is not 100% safe. Nothing is. The more important aspect of this questions should be instead, is it safe enough for you to trust in the capacity you are using it. While this is the more accurate question, it is also much more difficult to answer, and far more nuanced. To make an intelligent judgment on the matter, look at a few different parts of this security/safety concern. First, does this company you are using for your new cloud service impress you as a company large enough to have a department for data security? If so, do they indeed have one. Many companies are large enough and profitable enough to have InfoSec, but never bother spending the money because they don’t feel the data they store is worth protecting. If they are large enough or do have quality InfoSec, what is their track record? Some small companies have excellent past performance as data security or privacy advocates, while some really large companies (Yahoo or FaceBook come to mind) have a terrible history for not giving a damn at all about their user’s privacy. Also, if they are big enough to afford InfoSec, if they care enough to have it, how well is it implemented? If the company storing your data is sloppy in some part of their execution, all the money they spend on it is wasted, and likewise so it all your effort to protect yourself. You may go thru the trouble of setting and maintaining strong passwords, but if the company stores those passwords in an open, unencrypted file on a server connected to the internet and no admin password, then all your diligence is for nothing. I know that sounds impossible, but this is the case with the Equifax breach last year, and the Sony hack the year before, and the target hacks the year before that.
These questions should be considered before logging in and putting your private info up on some companies server. They may seem paranoid, but these are the questions that many more people are asking, and much more loudly after finding out that Facebook had our data, promised us safe use, then changed their mind and gave it away to someone else who misused it. I have people tell me often that I am too cautious and protective of my privacy, but in truth, the world around me proves again every year that it really cannot be trusted with my private information. If you use only what you need, approach it with caution, ask intelligent questions when you can, and always keep your privacy first in mind during the use, the cloud can be a strong asset for you in your digital life. If you are mindful of the data you put out there and the way it is being stored and used, you will likely not be badly affected when the next Facebook, Yahoo, or Equifax debacles happen.
As I stated above, many competent people at a variety of sites have written excellent pieces on this very topic. The links to the ones I think are the best are here:
And to finish it up, here is a very quick but exceptionally accurate video explanation, from Linus Tech Tips, which FYI is a great source of simple answers to questions about computers you may have. This isn’t an ad, and I gain nothing from this, but Linus does a great job explaining things, is funny, and I have followed his channels for a while:
If you found these links helpful and would like me to add more to future articles, let me know with a comment or an email and I will do this more often.
Categories: Kids and Tech