‘Where Does Cloud Storage Really Reside? And Is It Secure?’

Is this serious??? The author writes this article and the next day joins for a position at Google Cloud! Of-course the cloud is safe... I think it was supposed to be a satire!!!

Thank you for this article! And there is a cloud storage you might want to check out: https://cryptocomes.com/has-storj-really-changed-the-principles-of-cloud...

One of the most fascinating comment strings I have ever read on NYT. The physical location of servers, along with their security (both physical and cyber-security) is often overlooked and an important consideration. If your cloud provider stores your data in a foreign country you are exposing your business and your clients data to extra-territorial law. The Patriot Act is perhaps the best example of this phenomenon. Thinking (perhaps deluding yourself) that you have cost-free data storage is false. You are necessarily giving up privacy by using the cloud.
Amazon is currently building a significant data farm in Canada. This will expose Amazon's users to Canadian privacy laws and potentially Canadian criminal laws if you are using your data for nefarious purposes.
Reading and understanding your service agreement is important. In most agreements the provider is allowed to use third-party services or providers. So while you might have confidence in the brand of your cloud provider, their service is only as robust as the weakest of their providers. If that provider is housing their servers in say Moldavia well then you may be exposed to Moldavian law and having that government scrutinize your data.

Rubbish. The author fails to point out that Google, for example, scans ever word of every transactions, and sells your profile. You identity is the product, and they sell you.

is the information you put on the cloud still safe after many years, especially if the "cloud" company you are using goes out of business?

I was initially skeptical of the cloud, but when my Kindle died a few years ago, and I was able to retrieve all the books I'd purchased quite easily from Amazon's cloud, I recognized its relevance immediately.

Yes, but are the clouds nimbus, stratus, cumulus? Or?

Understand that the "cloud" originally referred to all of the backbones and associated networks. It meant that data could take essentially an infinite number of paths to its destination, where the packets of data are reassembled into the correct order and missing ones are requested from origin. The current term cloud is an extension of the original, now encompassing all data centers in each provider's inventory.

Eclectic Pragmatist — http://eclectic-pragmatist.tumblr.com/
Eclectic Pragmatist — https://medium.com/eclectic-pragmatism

I would like to suggest that the real reason for the cloud is that ultimately we will be unable to buy software programs on CDs or download them. We will have to use the cloud, where the programs will be based. In this way, they can prevent prirating of software, a problem since the very beginning costing the software companies a lot of money. They also do all the updating. It will totally out of your control.

In addition, you will have to pay a fee at least annually to use that software. Some of us have stayed with certain favorite programs declining the updates for years. Now we will have no choice.

These companies may not care whether we store or data there or keep it on our computers. They want to control access to their programs - their lie blood.

In the meantime, I use 2 external hard drives as my "clouds." But given what I said above, I still will lose the ownership of my software.

When experts talk about "data security", they also talk about "data integrity", and "disaster recovery". The general public would probably consider data integrity (protection from loss, deletion, or unwanted changes to data) as part of "security".

As comments here have pointed out, the legal framework surrounding cloud stored data is as primitive, as the technology is advanced. Only the EU and it's member countries have started to address the legal rights of data stored outside of the "owners" physical control. Our Federal government is currently pursuing Microsoft to force it to retrieve data stored in foreign countries, for access by the FBI and other US agencies.

As for traditional "security", (access control) Cloud storage access can be restricted to a known list of device ID's; that are hard (but not impossible) to spoof. When data is encrypted with a key that embeds the device identifier, then even large scale data breaches are "acceptable" because the data can't effectively be decrypted.

Corporate data security has a poor history because of low investment in cyber security staff, security software, system/intrusion monitoring, etc. At the scale of Cloud data storage, these are fully funded, because contracts for corporate data storage in the Cloud come with damages clauses, and some severe financial penalties; hence, in the Cloud, you have to secure the haystack, not the needles.

I did appreciate the article because this is a question I have had. My personal view is that cloud computing is great for business as it is scalable. However, as far as personal info is concerned, regrettably, I am deeply skeptical about the willingness of major cloud providers and the big entities referred to in this article to put an individuals interests first. Yahoo grossly mislead its new owners and effectively all its user base. How many companies willingly collaborated with the NSA and other government agencies? Do we really want to trust corporate America with our personal data, pictures and such?

I have my cloud data stored across multiple resources, the better to protect myself from hacking or computer failure. It works for me and there's enough of it that I pay nothing for the convenience.

Why was the cloud developed in the first place? So these companies could develop big data that they can mine for whatever (usually commercial, profit-motivated) purposes they wish. The "service" they provide is really self-serving. Whatever you put into the cloud no longer belongs to you alone.

With all the wireless and blue-tooth connectivity
is not the data during transfer
actually floating in the cloudy air at times.
Certainly all those machines are not
securely joined by tough cables ?
To hack that one would need alligator clips;
the other just a receiver correct.

Yes, a properly designed cloud service can be more secure that conventionally storing data on your hard drives. Cloud platforms have multiple layers of redundancy and backups built in.

However not all clouds are the same,
The key consideration is privacy.

The big public cloud services have full access to all your files. It's 2017 and there are now secure solutions to this problem.

Take for example cloud storage services like Sync.com. They take a different approach. Your data is encrypted before it reaches the cloud and only you have the encryption keys.

It's important not to trade in security for convenience.

Nationwide censorship and attacks of Freedom of Speech may be in our future.

Call me paranoid, but heck, we really are under attack. With the Alt-right having seized power, anything from individual and group Facebook pages to the NYT website (and its apps) to individuals' ability to use search engines freely are at risk.

I hope Silicon Valley is hard at work figuring ways to circumvent these potential dangers, so Americans will be able to communicate freely.

A cloud computer = someone else's computer. If you want to keep something really private, keep it on an offline computer at home, suitably backed up. And not a laptop with a non-removable battery and wifi !

"The Cloud". Marketed to make it sound like your files reside somewhere in heaven, being shepherded by the angels.

They're not.

Saying "your Facebook photos...don’t have a permanent home on a specific chip, but may move among computers" risks confounding storage with processing. The data that constitutes a photo is ultimately stored on a hard drive on a server, and probably backed up to another. But it doesn't move, Brownian motion-like, amongst servers. When you asked to view a photo, however, the service that looks up that picture and renders it on a web page, could be executed on any number of machines. In that regard there is no "facebook web server" but rather a "facebook web application" that takes advantage of available capacity across many servers.

Most hacking happens after users accidentally infect their computer, usually due to clicking on a link in an email. The malware then logs their keystrokes. Eventually User ID's and passwords are gleaned. If the hackee happens to be, say an employee of Target, with remote logon access, that's how the hacker gets into a big database. Often, the hack is not detected until the data shows up for sale on an underground website. Cloud servers may be well protected against brute force attacks, but the data of individual users remains vulnerable to the stolen-password hack. that is why, it is wise to 1) never use the same password for all online accounts, and 2) change passwords frequently.

It is my sense that, with the contents of your wallet, you can bribe someone to give you access to any data that you want stored in some data center in, say, Bangalore. I wonder why I am wrong.

The article states that data "may" be safer in the cloud as it may be chunked up to reside on multiple servers. It also states there have been no hacks of the big public clouds. Your article misstates the state of the art in a cheery fashion.

There's an old maxim in the IT security business. Any entity that says they have never been hacked is either misinformed and/or overconfident. We hear about hacks, the majority of the time, because consumers see the end result of them and not because the companies ever knew about being hacked.

Worse, consumers have no leverage as the laws about corporate disclosure of hacks are so very weak and carry no real teeth. Over a billion people hacked at Yahoo and it's a story for a week or two - and Yahoo didn't disclose it in a timely fashion because they did not have to.

Now, there is your real story - why are consumers so poorly protected by current laws?? Yet, nothing about it in the NYT.

The cloud servers and drives may be more secure in some strictly technical sense, but the odds of someone breaking into one specific person's house to steal his or her specific data is incredibly small.

In contrast, the odds of someone, somewhere breaking into a major organization's servers is much, much greater.

People have had their data compromised by hacks of major health insurance companies, major banks, major credit card companies, and leading colleges -- even all four -- yet never had their personal laptops or homes broken into.

So, which is, in reality, safer? Where would you trust your digital data more?! The answer is pretty clear!

With cloud storage (and web based software) all of us owners become renters.

You don't own the data you store in the cloud. You are at the mercy of unknown corporate servers somewhere. You have to trust them to maintain the data you give them, and to support their web software indefinitely. And speaking of trust, just think about the bank analogy for ten seconds. It's a pretty specious argument.

It's OK for backup, but for anything important I would rather use my aging workstation with its vintage software than trust the cloud. At least I know that my work tools and my data will always be available when I need it.

"Most of those attacks hit traditional servers, though. None of the most catastrophic hacks have been on the big public clouds."....uuh a billion Yahoo accounts is not a "big public cloud"?

Bravo for attempting to explain Cloud computing in a short article for non-techies. But you have embedded some new stereotypes/myths to confound the reader in future readings on the subject. An egregious example about cloud computing is the statement “It’s much more efficient than stand-alone computers running one job at a time”.
Computers have been running more than one job at a time since 1964 when IBM introduced the S360 operating system. Even a small scale local area network (LAN), in use since the seventies, can run related jobs simultaneously. The cloud came along much, later, and embodies much more than systems multitasking. Any young developer or old programmer knows this.
“For the people running the computers, it doesn’t really matter where the data or the programs are at any one moment”
For the people running the computers, it really DOES matter. Cloud control system software has been designed to allow data to be in Nairobi and code in Boise, and for both to change locations in microseconds.
As for security, ask about ‘open source’ code in operating systems or apps. Open source gives the hacker a strong leg up in that it reveals the ‘style’ and many conventions used in its own development; and, since the beginning, the guy on the master console, that employee or contractor, has been considered the weakest link in systems security. National Security Agency and Stanford are both strong brands but the best anti-hacker talent may come out of VoTech.

If I am accessing my own data stored on a cloud server from my own laptop or a public computer, what would prevent a highly skilled hacker from accessing that same cloud data through the device I was using, while pretending to be me, using my hacked user I. D. and password? It would seem hacking the mass data of many or all users stored in a cloud would be incredibly difficult due to what I assume are multiple firewalls and fail safes but the stored data for individuals would appear to be far less secure. Am I missing something? Requiring retinal scans and/or fingerprints from users to access cloud data would seem to be a more secure approach than typed I.D.'s and passwords.

I think the next question is: who owns the data in the cloud? Securing data simply guarantees (or not) that it can't be stolen. But can it be sold? Or subpoenaed? Can it be used by the owners of the cloud for their own purposes? Can it be processed or studied? In other words, what am I agreeing to when I upload my files to a cloud?

The photo at left shows an array of drives which would carry thousands of times the entire literary output of humanity. The data center which the NSA has built in Utah (The Intelligence Community Comprehensive National Cybersecurity Initiative Data Center), contains thousands of times that amount of computer servers.

As William Binney said: "All the e-mails, texts, and photos in the world could fit in an average kitchen. Obviously, they have other things in mind"

What things, or is that too much to ask of the government of the people, by the people and for the people?

The "Cloud" is, potentially, anything "they" want it to be.

As a friend said years ago: If the CIA, NSA, Stasi, the KGB had designed Facebook, they wouldn't have to change a thing.

The weakest link in the security of data stored in the cloud is most likely to be the individual user's password, I'd imagine.

I dispute the idea the cloud data is only stored remotely. Run a program that looks at your file tree and file sizes. You will find the cloud on your own hard drive. The cloud in my view makes your computer an unwitting server. I believe that the large file the FBI found on Anthony Weiner's computer was an artifact of a Huma Abedin's user account deletion that left the deleted bloated Cloud file as an un-allocated sector. Cloud may be the future. But the facts are not as they are portrayed by the industry.

I'm sorry, call me a Luddite, but I can't help remembering Mr. Weasley's riposte to his daughter Ginny: "Never trust anything that can think for itself if you can't see where it keeps its brain." (JK Rowling, "Harry Potter and the Chamber of Secrets')

We can quibble about the ability of the various clouds to "think for itself," but the principle remains. The clouds are networked computers; therefore they can be hacked. And they will be. There are too many past examples for any of us to believe differently.

So if you work in a data center, outside the cloud, you should be worried?

The 'cloud' may indeed be a safer place to store information, photos,, anything digitized. But where is the 'cloud'?

The cloud actually resides in some machine or machines,,, and where that machine is physically located will depend upon the level of legal or illegal access by the government at that location.

Storage devices owned by a company may have a subpoena issued in Germany for files,,, but the server is in Ireland. Who's laws prevail?

The US government wants access to all Apple iPhones,,,, but 'only' for a select few thousand criminal investigations. Where is the data stored? Backup data? Are there intermediate servers that have copies,,, and where are they?

The cloud may be more secure when confronting scammers,, or maybe hackers,, but secure against lawful and unlawful intrusion by the government of the server's location? No. I'd think more liky a 'one stop shopping' for ,,,,,,

Locate the hard drives and servers carefully.

You should also point out that there are physical cables connecting your computer and the computer storing your data in "the cloud". This book goes into fascinating detail on the infrastructure of the internet, including "the cloud":

"Tubes : a journey to the center of the Internet" by Andrew Blum.

Times: "... don’t have a permanent home on a specific chip ..."

That should be "hard drive", not "chip".

Frankly, I don't like "cloud" computing, primarily for reasons of safety and reliability. I generally prefer to have my own files on my own devices only, and "back them up" periodically. Why? Because there is not guarantee that those "cloud" servers won't lose all your data, or your access won't be blocked, one day.

The suggestion here is that an individual's data is more secure when stored with other people's data. But doesn't that make it a more likely target for a hacker? If the hacker's intent is a "big score", like a bank robber's, why would they waste time trying to hack my machine when by hacking Amazon, or Microsoft, or Google, the possible reward is much greater?

Also, the author speaks of clouds sharing workloads, but cooperative computing has been around for a long time. The concept of a "time sharing option" has been around since the early mainframe days. Rebranding it as a "cloud" is just marketing.

The real (only?) advantage of cloud computing is sharing of the cost of running large computer capacity among many users.

Any and everything that is transmitted via or stored on the internet will be accessed and read by the NSC, the GSHQ, the RCMP, the Russian FSA, the Chinese security services, hackers of multiple nationalities and just about every 14 year old kid on the planet.

On the internet there is no such thing as secure. If you want it safe, keep it on a computer, which is not connected to the internet.

Nothing exposed to the Internet is secure. If you must store potentially sensitive information in the cloud, then the best way to ensure its security is to encrypt it prior to storing it. That way, if you data is stolen, the thieves will have to try to figure out how to decrypt it.

This is a disappointing article. There is no reason to believe that information stored in the cloud s safe.

The logi here reminds me of the argument that Apple computers were safer We all know that turned out to be untrue. The criminals have their own timeline.

One other thing I like a lot about dropbox (and it may be true of others) is that it is constantly (as in every few minutes) making a backup of my files. So if the current one gets corrupted, I have access to a very current, working version. If I had to restore it from my own backup, I would have a version from last night

Cloud computing just means that you are using someone else's computer. Nevertheless, it is on a computer.