Just because its free does not mean it is good for you. I remember the saying, “You get what you pay for.”
What is the Cloud?
Cloud is the term that describes a server somewhere out on the internet that you do not own. Microsoft One Drive, Google Drop Box, Facebook, and YouTube. Media Com offers email and apps in their client packages with their internet, VOIP, and Cable TV. AOL provides a bunch of services to their customers and they are not limited to only email. Ubiquity hosts security camera streaming services using their cloud. Apple and Google have put your phone services in their cloud. Most website and email providers are cloud providers. Even text and sms messaging is stored in a type of cloud at the service provider. Did you know SMS and Text messages are unencrypted and not secure?
A Hybrid Cloud is similar except some of that cloud is self hosted. The self hosted portion is your PRIVATE CLOUD. Consider Microsoft Exchange. It is the mail service application from Microsoft that installs on microsoft server platforms. Office 365 is the office productivity package and Active Directory is the Directory Controller which houses everyone’s account identity. It is common to host these services on servers located at the business. Microsoft also provides a solution to synchronize everything to their CLOUD. They do charge a small fee per user which is rent for infrastructure or Infrastructure as a service.
There are many cloud services out there that have no fee. Each cloud service carries its own End User License Agreement (EULA) and in most of these they lay claim to any and all information that you post to that cloud service. The EULA’s for cloud services are actually release of liability documents (for the provider) combined with an agreement you accept to freely give ownership over your information to that corporation. If you disagree, you just will not be using the service.
Is the CLOUD secure?
Cloud services are controlled by the owner of the platform and in many cases this is a corporate entity and not an individual. Before answering the question or even considering it we should define what security is.
What is PII?
PII is an acronym for the term, Personally Identifiable Information. According to DHS, PII is defined as
“any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department”.
What is Sensitive PII?
Sensitive PII is defined by DHS as:
“Social Security Numbers, driver’s license numbers, Alien Registration numbers, financial or medical records, bio-metrics, or peoples criminal history. This data requires stricter handling guidelines because of the increased risk to an individual if the data is compromised.”
How do we measure security?
Security can be measured 7 different ways.
1. Confidentiality: is the data stored securely? Is the information safe from prying eyes? No one should be given your information without consent, it must be kept Confidential.
2. Authentication. At log in this establishes proof of identity before there is any access to data. Now there has been in addition to a username and password, a second form of authorization called two factor authentication which secures this even further. It ties a third credential to your authentication process. It might be Authy on your cell phone, or a math question, or a secret code you set up in advance.
3. Integrity. Is the data stored safely and is it kept in tact? Are there protections in place for viruses? Are there backups?
4. Non Repudiation. Is it possible for someone to deny they logged in? Non repudiation prevents a person from denying they logged in. This is commonly done using log files. It can also be used to prove the users actions while on the system.
5. Access Control. Who has permission to access your account and data? Is the data Physically Secure?
6. Availability. Is your data always available and accessible? How often does it go down for maintenance. Does that prevent your work process if it goes down?
7. Ethical and Legal Security. Ethical Responsibility and Legal Governance are the focus for this. There are multiple levels governing bodies that govern service providers. INTERNATIONAL, FEDERAL, STATE, LOCAL and Organizational. Another example is HIPPA which governs the treatment of patient information in the medical world.
Is the cloud secure?
That is a very hard question. How many cloud providers do you deal with? The question has to be answered for each of them, individually. I have only touched on a few. Also, it is a matter of perspective. You may be the client, the cloud provider, an employee of the client, or an employee of the cloud provider. Each perspective changes the answer to each point of security we mentioned above.
For the purpose of this security discussion let us establish that we are the end user and that our cloud provider is YouTube.
YouTube is free and they require you accept a EULA that no one looks at for long. Have you read it? It links out to other policies and the way it is worded seems very harmless. Also consider that you registered your phone with google and or apple when you used it for the first time. Do you understand that it tracks your location data and performs backups of your files, texts, and applications to the cloud? What did that EULA say?
Now when sign up for YouTube, in addition to all of this, you will also accept a EULA regarding the content you are going to post and your rights. Once you have accepted the EULA they have you on record giving your consent to them to use your data and you are releasing them from all liability. You hold YouTube blameless.
Dr. John Cambell is a fellow that has tracked the COVID virus, the vaccines, and the effects each had on the populations around the world. I placed a portion of his video below. It is from September 18th 2022. Dr. John Campbell looks at the numbers of excess death that are published by the World Health Organization and other global agencies. In this video he also mentions that YouTube warned him with a strike that his content was in opposition to their “Community Standards”. He establishes that it really was not because he used their “published” positions on various topics.
For our security discussion this has more to do with the security of Johns content he is posting at his cloud provider, YouTube. It also touches a bit on his freedom of speech.
Again, The EULA allows YOUTUBE to govern your content and claim ownership over it. By signing and accepting you are rendered powerless to speak truth if it does not conform with Community Standards.
Here is Johns Video. This example of the “EULA phenomena” gives John very little control over his data. The provider can just delete it at will if they choose. Keep in mind that John only uses data provided by the Authoritative Organizations and maintains speech that is harmless.
Lets move forward now and look at YouTube from our perspective as an end user using the 7 points to measure security from this perspective.
By this review from the perspective of the YouTube user – I would say No. YouTube does not meet many security standards.
Are CLOUD Services Secure?
I feel that youtube is not very secure.
There is little control over the information that is stored on this platform. It can be deleted and it may be shared and used to create new services. You tube is an advertiser and they are paid not by you but by the advertisers. This makes you are their commodity.
Youtube controls its content and if it does not agree with their “Comunity Standards” it is deleted. Therefore, your freedom of speech has been taken by them through the EULA. They are now feeding you only the information they approve of. They control your perspective by telling you what to believe, and what to think, by only providing what they want you to see.
The YouTube service is a Technocracy to all that use it. Youtube behaves through its own Governance as a COMMUNIST form of Government.
Take control over your data
Determine what services you depend on and how to move away from a Cloud Provider that does not honor Security to one that does. If you are not sure give us a call for a free consult.
Youtube Truth
As Americans, it is simple to look towards Washington DC and understand who your president is. May I discuss this situation? The White House Visitors Center has a big board with every president that was elected and how long they served.
Here is a link to their website:
https://www.nps.gov/whho/planyourvisit/white-house-visitor-center.htm
1450 Pennsylvania Ave., NW
Washington, DC 20230
Penguin 6 is a you tube content provider who has been providing live situation reports in Washington DC for several years. On August 26th 2022 at around 11 AM he visited and filmed the white house visitors center and confirmed the last president listed on the Presidential Wall is President Trump.
Security+ Certified
I design, build, and administer websites, email, identity, and cloud storage solutions. I started this work in 2003. I have certified this knowledge through Comp TIA so this is confirmed by a verifiable third party.
Security Service Offering
Please send your comments and questions to sales@midnighttech.com.