Cyclical Storage Logic (Personal Data)
-
@scottalanmiller said:
- Flexibility. This makes people work like it was a decade ago and cripples them as far as functionality compared to their peers.
I'll give you that. It is certainly nice to be able to access the same file on my PC, my XBOX, my iPhone ... whatever.
- Risk. You are moving to relying on your backups (basically assuming that they will be used) rather than using them as a last resort. You are making one half of your data protection strategy have basically no protection. So your backups go from "nice to have" to "absolutely critical all of the time."
How so? Because the probability of loss with a MS cloud solution is much smaller than the risk on my own personal PC? (Hard drive loss, theft, etc.?)
- Ease of Use. Dealing with physical file storage is a thing of the past for consumers, why make their computing environment so unnecessarily complicated?
I think this is a push. Hitting save and having it go to the Document folder is pretty easy. Having to download a program, make sure it works (I've had to re-install ODfP a few times, myself) and knowing to navigate to that location seems to have more steps.
- Sharing. People are used to easy file sharing today. This takes that away.
Agreed, this is easier.
- Security. End user devices are insecure both technically and physically. They are the highest risk data leakage points. Put nothing on them and there is nothing to steal beyond the physical box. Store stuff there and they become worth more to thieves and more painful to the user to lose.
How does having it in thee cloud make it more secure? Take OneDrive for example. It downloads all the files to my local machine. Does it allow you to wipe the data in the event of a theft? (This is a real question ... I have no idea. Does changing the passowrd prevent access to the locally synced files on your PC?)
- Restoreability. ALL of your discussions around recovering end user desktops exists solely because of the storage of data there. Fix that and you get cascade of fixes in other area.
Agreed, but not sure how it is any better (restorabilty wise) than to just send all the data to CrashPlan, and restore that way.
-
@BRRABill said:
@scottalanmiller said:
What do you mean, I don't follow?
The nude picture hacking. Of course, that was a hacking job, but it was made possible by a loophole in their system.
Was there more to this than the system showing the password reminder on screen? or people/celebs having easy to guess passwords?
Granted, it is probably magnitudes higher security in general than a home user's PC, but just gives an example of what I mean.
Though I would agree it's probably safe to say there is less of a risk of exposure (no pun intended) with MS or Apple or Google than on my uncle's home PC.
Actually I won't agree with this. Why? Because identity theft/virus infection/data leakage isn't high enough to make people in general change their behavior.
Now that said, Apple, MS and Google, you're data is probably safer in general because of things like damage or theft of your equipment. -
@Dashrender said:
Actually I won't agree with this. Why? Because identity theft/virus infection/data leakage isn't high enough to make people in general change their behavior.
Now that said, Apple, MS and Google, you're data is probably safer in general because of things like damage or theft of your equipment.Right, I mean more on the system level.
Easy passwords are easy passwords.
Though it seems every reputable service now has 2FA, so that's also something not found at the home level.
-
@Dashrender said:
Was there more to this than the system showing the password reminder on screen? or people/celebs having easy to guess passwords?
I think it was a combination of weak passwords and Apple security flaw.
-
For my personal data, I have my desktop data backed up to a second drive via CrashPlan (this is free, by the way!), and my laptop backs up to a folder on my desktop. I then have Crashplan Unlmited plan to back up all of my data to their data center. I am covered no matter what device is stolen / explodes / releases the magic smoke. I am also covered if my house suffers from pretty much any disaster.
@scottalanmiller does have a good point about targets being more valuable if they actually store data.
-
@BRRABill said:
@scottalanmiller said:
What do you mean, I don't follow?
The nude picture hacking. Of course, that was a hacking job, but it was made possible by a loophole in their system.
What loophole? Last I heard Apple was not a factor at all and it was purely people leaving their passwords too easy. That case was actually pointed to as "why the cloud was not a risk" because it remained so secure and the weak point was the weak point regardless.
-
@BRRABill said:
@Dashrender said:
Was there more to this than the system showing the password reminder on screen? or people/celebs having easy to guess passwords?
I think it was a combination of weak passwords and Apple security flaw.
People kept claiming that, but it was found to be nothing but people trying to discredit Apple. There was no vulnerability found nor any reason to believe that there was one once they tracked down what had happened.
-
@BRRABill said:
Granted, it is probably magnitudes higher security in general than a home user's PC, but just gives an example of what I mean.
Though I would agree it's probably safe to say there is less of a risk of exposure (no pun intended) with MS or Apple or Google than on my uncle's home PC.
Actually it is a GREAT example of.... why cloud is secure. Because to discredit it people actually have to use examples where the platform wasn't at fault in any way. You are correct, it is far more secure than the alternatives. Far more. Not just more secure, but with a flawless track record (in this area.) People work hard to make up reasons why it is insecure but they are, thus far, all misdirection.
-
@BRRABill said:
- Risk. You are moving to relying on your backups (basically assuming that they will be used) rather than using them as a last resort. You are making one half of your data protection strategy have basically no protection. So your backups go from "nice to have" to "absolutely critical all of the time."
How so? Because the probability of loss with a MS cloud solution is much smaller than the risk on my own personal PC? (Hard drive loss, theft, etc.?)
Correct. In one case you know that your local store WILL fail and will fail soon. Your uncle's PC doesn't even have RAID nor is stored in a carefully controlled datacenter. It is more likely to fail by system design, by use cases, by security, etc. Orders of magnitude more risky in each way.
Basically the risk looks like this:
Chances that your uncle's totally fragile home system will fail in the next 20 years: 99.9999%
Chances that Microsoft's backup system will NOT fail in the next 20 years: 99.999%Notice those are INVERSE numbers. Basically, you can be certain that your uncle's system will fail and require going to backup. And basically you can assume that Microsoft's system will not fail and not need to go to backup. Both are nearly certain. That doesn't mean that you don't take backups, it just means in one case you are designed to rely on them and in the other they are truly a disaster scenario thing.
-
@BRRABill said:
- Ease of Use. Dealing with physical file storage is a thing of the past for consumers, why make their computing environment so unnecessarily complicated?
I think this is a push. Hitting save and having it go to the Document folder is pretty easy. Having to download a program, make sure it works (I've had to re-install ODfP a few times, myself) and knowing to navigate to that location seems to have more steps.
Not with end user apps. Nearly any modern app for end users, like MS Office is cloud native and local storage is far harder to use than just "saving in the app" which goes directly to the cloud. ODfB doesn't even need to be installed to store to it. Word, for example, goes there automatically.
-
@BRRABill said:
- Security. End user devices are insecure both technically and physically. They are the highest risk data leakage points. Put nothing on them and there is nothing to steal beyond the physical box. Store stuff there and they become worth more to thieves and more painful to the user to lose.
How does having it in thee cloud make it more secure? Take OneDrive for example. It downloads all the files to my local machine. Does it allow you to wipe the data in the event of a theft? (This is a real question ... I have no idea. Does changing the passowrd prevent access to the locally synced files on your PC?)
So your example of how hosted services are less secure is when you copy them locally? I think that alone explains just how secure it is, that your concern is that sometimes people might not stick to it.
Don't mix concepts like "storing with a host" with "syncing hosted files locally." Two different things. Just because you are choosing a product that syncs rather than stores it is making this confusing. Use S3 or Amazon Cloud Drive and there is no local sync and you are much more secure.
-
@BRRABill said:
- Restoreability. ALL of your discussions around recovering end user desktops exists solely because of the storage of data there. Fix that and you get cascade of fixes in other area.
Agreed, but not sure how it is any better (restorabilty wise) than to just send all the data to CrashPlan, and restore that way.
Do you need to restore at all? Yes, then it is more work because most of us can move from machine to machine without needing to restore. The very fact that you need to restore, ever, means it is dramatically more work. So much more work.
-
@scottalanmiller said:
So your example of how hosted services are less secure is when you copy them locally? I think that alone explains just how secure it is, that your concern is that sometimes people might not stick to it.
Don't mix concepts like "storing with a host" with "syncing hosted files locally." Two different things. Just because you are choosing a product that syncs rather than stores it is making this confusing. Use S3 or Amazon Cloud Drive and there is no local sync and you are much more secure.
No, I just think having the files stored locally is something user want, especially for the times you are out of Wifi range. I want this. (Though there are times when I don't want it, especially in low storage scenarios.)
Are you saying you store NO local data on your endpoints? None?
-
@BRRABill said:
Are you saying you store NO local data on your endpoints? None?
It you want to be secure, of course not. Even the most non-technical end users cannot just hope for a panacea and make no decisions and take no responsibility for decisions. They HAVE to choose what matters to them. Security, recoverability, cost, ease of use.... no one gets everything. No one. There is no single answer. There never will be.
For the average end user, you don't work out of network range. That's a business need or special case.
Don't let special cases drive the needs of the masses.
-
BTW: do you know what does happen to locaally synced OD or ODfB data if you change the password?
I know with, say, Exchange you can remotely wipe the data or device.
My answer for my own system (and which I'll get to later today in yet another thread) is a SSD with encryption. If my laptop gets stolen, it's 0 worry to me.
-
@BRRABill said:
My answer for my own system (and which I'll get to later today in yet another thread) is a SSD with encryption. If my laptop gets stolen, it's 0 worry to me.
Not really end user viable there. End users cannot handle extra layers of security like that.
-
@BRRABill said:
BTW: do you know what does happen to locaally synced OD or ODfB data if you change the password?
It's just local on the drive. It's part of NTFS. Acts like any other file. It is SYNCED.
-
@scottalanmiller said:
Not really end user viable there. End users cannot handle extra layers of security like that.
It is no extra work when set up.
The program I use (Embassy Security Center) uses the same password they log into Windows with. (Assuming they use a password, which of course everyone should be educated to do.)
The computers boots to a password screen, they enter their password, and it automatically logs them into Windows. If you change your Windows password, it syncs with the encryption password.
No extra work.
-
@scottalanmiller said:
It is SYNCED.
So is my Exchnage Online data but I can wipe that if my iPhone gets stolen.
-
@BRRABill said:
@scottalanmiller said:
Not really end user viable there. End users cannot handle extra layers of security like that.
It is no extra work when set up.
The program I use (Embassy Security Center) uses the same password they log into Windows with. (Assuming they use a password, which of course everyone should be educated to do.)
The computers boots to a password screen, they enter their password, and it automatically logs them into Windows. If you change your Windows password, it syncs with the encryption password.
No extra work.
So if they are logged in.... their data is gone. How much does that protect? Would help protect if my stuff is in my luggage and that gets stolen. But not going to protect if it gets swiped from a table at the cafe.