Just because its free does not mean it is good for you. I remember the saying, “You get what you pay for.”
What is the Cloud?
Cloud is the term that describes a server somewhere out on the internet that you do not own that hosts something of yours. Examples: Microsoft One Drive, Google Drop Box, Facebook, and YouTube. Media Com, AOL, Ubiquity, Apple, Cellular service companies host your SMS and text messages. Did you know SMS and Text messages are unencrypted and not secure unless you establish an encryption (such as GPG) between you and your recipient?
What is a Hybrid Cloud?
A Hybrid Cloud is similar except some of that cloud is self hosted. The self hosted portion is your private cloud. For a well established business they may host their email in a Microsoft Exchange Server on the property. For a private individual think about the western digital “redundant” hard drive. They have more than one drive so if one fails you do not lose your data. These also have a cloud option where you can access your home storage device from abroad. Your private cloud.
The BIG difference between Private and Public Cloud?
The difference between them is who has control of your data and if it is actually secure.
EULA: End User License Agreement or terms of service
There are many cloud services out there that have no fee. Each cloud service carries its own End User License Agreement (EULA) and in most of these they lay claim to any and all information that you post to that cloud service. We will look more in detail about this phenominon using youtube as an example. The EULA’s for cloud services are now most commonly presented to perform as release of liability documents for the provider. It is one sided, not in your favor, and when you accept to freely give ownership over your information to that corporation they hold all the power over your data and security.
What is Information Security?
There are 7 main areas to evaluate information security.
All of these points apply to any of the following roles:
What role do you fit in?
What is PII?
PII is an acronym for the term, Personally Identifiable Information. According to DHS, PII is defined as
“any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department”.
What is Sensitive PII?
Sensitive PII is defined by DHS as:
“Social Security Numbers, driver’s license numbers, Alien Registration numbers, financial or medical records, bio-metrics, or peoples criminal history. This data requires stricter handling guidelines because of the increased risk to an individual if the data is compromised.”
How do we measure security?
1. Confidentiality: Is the information stored in such a way that the Data Owners information is kept Confidential. This is not just their contact information. It includes every byte of data they place in data storage.
2. Authentication. Data owners authorize whoever they wish. The authorization is commonly given through credentials and a 2nd form of authentication. It further proves the identity of the party who is being authorized. Example: When you log into google on the computer you enter your gmail account address and password. The if you go to the google play store and choose software to install on your phone google is going to send a security code to the phone to verify that you have the phone and are who you say you are. You must enter that code on the computer to prove you possess the phone. A secondary form of authentication. Try that.
3. Integrity. Example: Your computer has a documents folder and you stored files in there. You installed google drop box and it copies the files up to google whenever something changes. You step away to answer the phone and when you come back there is a problem. A crypto / ransomware virus has taken over your computer and encrypted all of your documents. In this situation the integrity of your files was not secure. Hopefully, the copy of data on google drop box was not also affected. Commonly, that happens too. Perhaps next time you will use a great antivirus product such as Webroot. Also, I feel it is better to put on a managed version installed that you do not control. It can’t be removed and it’s settings can’t be modified. Even if your the administrator. So the security cannot be “turned off” by you or any one, or anything pretending to be you.
4. Non Repudiation. Example: If someone were to log in to your computer and delete all your files, this form of security provides proof regading who did this. It makes it impossible for them to deny their actions.
5. Access Control. Example: You logged in to your work computer. Then you decided you were going to go look at a coworkers email. Too bad! You are not that person. Therefore, only they have access to their email. You have only been given access to the things you need.
6. Availability. Is your data always available and accessible? In an earlier example I mentioned the integrity of your data. That example had your computer being compromised by a crypto / ransomware virus. If that happened your documents may not be available either. The Security of your documents availabiliy is also compromised.
7. Ethical and Legal Security. There are multiple levels of governing bodies that are concerned with information security. INTERNATIONAL, FEDERAL, STATE, LOCAL and Organizational. For example: you went on vacation to Paris. While there a street vendor sold you a nice shirt. When you got back to your hotel you ordered food but the card was denied. You found out that your shirt was a ploy to steal your credit card data. The PCI compliance laws and regulations which are international were broken by that street vendor. Second example: you decided to get gas at a small road side gas station. It had 2 bays. Very simple and kind of old. There was a credit card reader. You were in a hurry. You filled up and left. While using your card you did not see the security seal was broken on the pump. Later, you go to get dinner and your card is denied. The PCI compliance regulations were broken by the gas station who by law cannot sell gas unless the security seal is valid and in tact. They actually have to pay their pump provider a fee to inspect, test, and seal their pump. Next time you get gas look for that seal.
Now you have a very good idea of what security is and who it involves. Back to the question.
Is the cloud secure?
Knowing what I have shown you, that is a very hard question. To answer it you have to ask which cloud? Because you must evaluate each one separately. How many cloud providers do you deal with? So lets do an exercise. A hypothetical situation. Let us establish that we are the end user and that our cloud provider is YouTube. OOOH boy. Will my site get taken down?? !!#!. NO. I have a private cloud and self host. GOOGLE, enjoy the TRUTH. I am unhappy with your ways! You need to be disbanded.
YouTube is free and they require you accept a EULA that no one looks at for long. Have you read it? It links out to other policies and the way it is worded seems very harmless. Also consider that you registered your phone with google and or apple when you used it for the first time. Everyone told you thats just what you do. Right? And because its new just for you, and so convenient. Dont worry about anything. It will be perfect! Right?? NO. Not really. Is this a red pill moment for you? You can turn back now if you like. I promise to be fair and kind.
Do you understand that any application on a cell phone may have the ability to track your location, your data (texts, call history, contacts, web browsing history, pictures, videos) and it might even look at you and listen to you without your knowledge? Have you ever heard of Edward Snowden? He spoke about this very thing. It is true.
As far as youtube is concerned what did their EULA say?
Dr. John Cambell is a fellow that has tracked the COVID virus, the vaccines, and the effects each had on the populations around the world. I placed a portion of his video below. It is from September 18th 2022. Dr. John Campbell looks at the numbers of excess death that are published by the World Health Organization and other global agencies. In this video he also mentions that YouTube warned him with a strike that his content was in opposition to their “Community Standards”. He establishes that cannot be true because he has used only WHO’s and other National Agencies “published” positions on various topics.
For our security discussion this has more to do with the security of Johns content he is posting at his cloud provider, YouTube. It also touches a bit on his freedom of speech.
Again, The EULA allows Youtube to govern his content and claim ownership over it. By signing and accepting it he has been rendered powerless to speak truth if it does not conform with “Community Standards” which is debatable because he whatever was published by WHO and nothing of his own opinion. Just the numbers they put out.
Here is Johns Video. This example of the “EULA phenomena” which gives John very little control over his data. The provider can just delete it at will if they choose. Keep in mind that John only uses data provided by the Authoritative Organizations and maintains speech that is harmless. Just so you really understand, he has agreed along with all youtube users to have no security for the integrity of their data. The ethical guidelines and governance are made of no effect by the EULA also.
Lets move forward now and look at YouTube from our perspective as an end user using the 7 points to measure security from this perspective.
By this review from the perspective of the YouTube user – I would say No. YouTube does not meet many security standards.
Are CLOUD Services Secure?
I feel that youtube is not very secure.
There is little control over the information that is stored on this platform. It can be deleted and it may be shared and used to create new services. You tube is an advertiser and they are paid not by you but by the advertisers. This makes a commodity that they sell to advertisers.
Youtube controls its content and if it does not agree with their “Community Standards” it is deleted. Therefore, your freedom of speech has been taken by them through the EULA. They are now feeding you only the information they approve of. They control your perspective by telling you what to believe, and what to think, by only providing what they want you to see.
The YouTube service is a Technocracy to all that use it. Youtube behaves through its own Governance as a COMMUNIST form of Government.
Take control over your data
Determine what services you depend on and how to move away from a Cloud Provider that does not honor Security to one that does. If you are not sure give us a call for a free consult.
Youtube Truth
As Americans, it is simple to look towards Washington DC and understand who your president is. May I discuss this situation? The White House Visitors Center has a big board with every president that was elected and how long they served.
Here is a link to their website:
https://www.nps.gov/whho/planyourvisit/white-house-visitor-center.htm
1450 Pennsylvania Ave., NW
Washington, DC 20230
Penguin 6 is a you tube content provider who has been providing live situation reports in Washington DC for several years. On August 26th 2022 at around 11 AM he visited and filmed the white house visitors center and confirmed the last president listed on the Presidential Wall is President Trump.
Security+ Certified
I design, build, and administer websites, email, identity, and cloud storage solutions. I started this work in 2003. I have certified this knowledge through Comp TIA so this is confirmed by a verifiable third party.
Security Service Offering
Please send your comments and questions to sales@midnighttech.com.