Vulnerable by Design
I’ll be blunt, the cloud is both a dangerous place and a bad decision. Your data, and that of your customers, is never more at risk than when it’s in the cloud.
Be warned, this is a bit of a rant.
The Simple Facts
Recent government leaks have shown that software vulnerabilities have been sponsored by the “intelligence” services pretty much since day one…
If the government can get at your data, ANYONE CAN!
Last year the worlds least favourite uncle leaked roughly 5,500 documents on the subject going back 30 years…
It’s not just security that’s the issue however, it’s also productivity and cost.
With todays technology it has never been easier and more secure for a business or individual to build their own safe and secure IT infrastructure, internally.
For example, I’m working on a MacBook Pro running MacOS. I have Microsoft SQL Server set up and running even though MS don’t do SQL Server for MacOS.
What does that mean…?
I download a file from the internet, opened it in a piece of software called Docker, filled in a very basic form, clicked play and I have it running…
On any operating system.
The whole process is easier than installing SQL Server out of the box on a Windows machine.
Cost
As I said, it’s never been cheeper and easier to do your own thing than it is now.
The huge server farms operated by big cloud providers virtualise networks, servers and functionality using the very same tools available to us all.
Without getting too technical, the functionality out there to “do it ourselves” delivers brilliantly on the same promises of simplicity, security and performance that the cloud promises but never delivers.
It’s not a criticism… a cloud based solution is always going to be slower due to basic physics. It will always be less secure due to being accessible to the world.
And of course the fact it’s designed to be vulnerable.
On to the Scam then
What were the primary drivers behind the migration to the cloud?
- Cost: IT departments were too expensive, smaller businesses would be lucky to have one good techie.
- Security: Security is both difficult and expensive, having it centralised in large corporations is a good idea because they have the necessary skills and resources.
- Availability: It’s easier to guarantee availability due to availability of functionality most companies couldn’t afford, such as mirrored server farms etc.
But did they deliver? Apparently not…
- Cost: Cloud products have been broken down into the smallest billable units going.
It’s incredible. Services like AWS and Microsoft Azure are now much more expensive than than what we paid before the cloud.
And somehow it’s become much massively more complicated to do the simplest things.
We are now being billed by the processor cycle. A cost far greater than you might think. Many people have received bills from providers running into tens of thousands where previously they paid less than a hundred.
A simple bug, like an infinite loop or even a heavily used but badly written SQL query, can result in bill large enough to break most.
If that bug was on your own server the cost of the extra electricity would be tiny in comparison to the unexpected compute cost in the cloud. - ListItem
- ListItem
- ListItem
- ListItem
Productivity
Security and Data Protection
The cloud is for encrypted backups and not the place for core business functionality, data storage or file storage.
The fact is the cloud is inherently unsafe, it’s designed to be that way.
If you ignore that fact, you could find yourself on the end of a law suit if your customers could demonstrate that, you were actually negligent simply by using a particular piece of software, or perhaps even by putting customer data in the cloud at all.
Controversial perhaps, but hear me out.
All politics and opinions aside, that “uncle” I mentioned earlier has been caught red handed sponsoring vulnerabilities in almost every software category going.
Roughly 5,500 documents were leaked on the subject in 2024.
For thirty years he’s been paying “white collar” hackers to not report vulnerabilities to the world, but to keep them quiet so they can be used for “intelligence” purposes.
The same guy who illegally donate billions of tax dollars to Israel every month or so for the purpose of maintaining its genocide against Palestine, in particular Palestinian children.
You might think “So what…? I’ve got nothing to hide.”… but actually you do.
You have a legal obligation to hide and protect your customers data from anyone who doesn’t have a legal right to access it.
If it was your data, wouldn’t you sue? Particularly given the facts…
Worst of all from a pragmatic perspective, the sheer number of sponsored vulnerabilities and the systemic practice of allowing them to remain in the wild over the last 30 years, provides a rock solid argument that placing any customer data or related functionality in the cloud is entirely negligent and a breach under GDPR by default.
Even simply connecting a computer to the internet could be considered negligent.
Disclaimer: Please don’t read this bit if you haven’t read or watched the United Nations reports on Israels ongoing genocide against Palestine
You may be offended if you don’t already have the facts, you may also need some time to digest…
The Legal System
Arguably, the legal system here in the UK stopped being “legal” a long time ago.
The “Law”, when and to whom it applies, is now being redefined in real time by politicians for various reasons, including the illegal funding of, and participation in, Israels genocide against Palestine.
Something our original legal system was designed to prevent.
If it’s in the cloud, it may as well be on social media.
Legally your customers don’t have to prove much at all given, the cloud is simply not a viable option when it comes to data security and privacy.
Why? Because the cloud and much of the software we use is vulnerable by design.
The most frustrating twist to this tale is our own government has also been caught red handed violating data privacy laws against the entire population.
But hey… that’s not a problem either because they simply changed the law.
For example… illegally dumping sewage into our waterways and failing to meet the minimum standards for safe drinking water was once a problem… a swift drop in standards and a couple of blind eyes later and hey presto, the problem has gone away (what an achievement for Welsh Water).
Or what about the Post Office?
Despite the fact any one who can fill in an expense claim could have proven those people innocent, not to mention the huge conflicts of interest (the bailiffs were being paid a percentage of funds recovered)… Not one of the people responsible has come even close to being investigated or prosecuted for a crime.
Ask yourself this (but forget for a moment what you think you know about history)…
“Should the people and institutions responsible for aiding and abetting a wanted war criminal in the illegal murder of over 20,000 Palestinian children and their families over the last year or so, be allowed to define the rules relating to data protection, let alone run our country?”.
Would you even be comfortable living next door to one of them?
In case you hadn’t heard, Israels behaviour has been declare a genocide by the United Nations.
Britain and America have been named as the enablers of the genocide and even the BBC has been accused of deliberately lying to suit our governments political agenda.
And if you think we’re innocent because we don’t “control” Israel, despite helping arm it to the teeth, protecting it from prosecution and floating its economy for the last 75 years… think again.
Lord Balfour published his intent to commit genocide as far back as 1938 publicly!
In relation to the creation of Israel he wrote:
We appreciate we’re giving them a tiny piece of land, but we fully expect them to expand and take over the region, “mopping up” any local resistance along the way.
Balfour, 1938
I.e. Britain is guilty by way of the fact it publicly planned, implemented and has defended Israels genocide against Palestine for over 75 years.
Rant over…
One Last thing (funny)
Not even Microsoft will confirm its safe to use Windows while connected to the internet.
I had problems renewing a subscription years ago, called them up and it turned out I could only renew on Internet Explorer, not Safari…
So I laughed, I told him “I don’t use Windows for the internet as it’s not safe”.
He wasn’t having any of it.
I asked if he could put something in writing, or point me to an official statement saying that it actually was “perfectly safe”, as he claimed, to browse the internet from Windows.
He flat out refused… I could tell he was struggling hard to stop from laughing out loud. Funny, maybe a little.
If you want a proper fright though, something that might keep you awake at night, try reading (properly!) a Microsoft Licence agreement.
Despite all the 99.9999999’s in their promises, there’s even more zero point zero’s in their liability to you if something goes “wrong”.
And hey… guess what?
We couldn’t have it anyway because Microsoft has full knowledge of exactly how “vulnerable by design” our applications, operating systems and cloud environments are because it helped make them that way for the very governments that have been allowing Israel to bomb innocent civilians for the last 75 years.