Topics

You aren't kidding.   A minor rear bumper tap turned into a $42K repair bill.    This is a great read:    

One tip to help avoid these issues is to set up email, text, and/or push alerts. Most larger banks like WF and Chase allow you set these up. Example:

I'm sorry to hear that you feel that I'm arguing.  It is not my intention.  I have nothing to gain in this discussion.  My only goal is to provide some comfort to others that they can safely use cloud solutions.   Clearly, I recognize that cloud is not your cup-o-tea.   Only because you asked "how do you "ask", is the rest of this response below presented.  It's a very deep topic. TLDR:   Request-Response messaging design limits what can be done.   You want access to the filesystem to create the real carnage.   SMS cloud designs don't expose their filesystems.   Most shops don't store data worth stealing (e.g. CC). There are numerous types of software applications that utilize cloud resources of varying types.   You can't lump them all in the same bucket.  Some software architectures will have more exposure to hacks than others.   Regardless, all network-connected systems are vulnerable to an attack.   Disconnect from the network to reduce your attack profile.    This is even true for on-prem software solutions.   If it is connected to the internet, it can be attacked.   So, we agree on this point. Security is not a singular item, but rather a layered set of protection strategies.   One of which is a rock-solid data backup strategy which includes off-site and offline storage of backups.   When you are attacked, assuming a worst case scenario, how quickly can you erase everything, then restore backups and lose as little data as possible.   On a redundant system, service restoration can be measured in milliseconds, a few hours on run-of-the-mill systems and on terribly managed system, this can take weeks or even be unrecoverable (data loss).   There's a billion combinations of system designs.   However, we can take any given architecture and analyze it for security weaknesses and then build a plan around it's vulnerabilities in order to reduce our risk.  Risk is never eliminated, only mitigated.  I can tell you that my background in Software Development was with redundant systems.   Our downtime was measured in seconds per year.   I do have a rudimentary knowledge of security and protocol design. SMS Cloud Applications generally will have these properties Request-Response Protocol It exposes limited operations.  You don't have free reign to do what you will. This is the ask the server to do something.  For instance, Store this text blob which contains my labor ops description for WO #112233. Give me the data I need to prepare a report of my daily sales (client retrieves raw data and presents it to the user in various formats) Requests and Commands to the server are primitives (raw data) that are processed locally by the client And every other operation that a SMS does You must understand the protocol and build well formed messages, or it will not process the operation API Access Keys are required You will not access the system without using an encrypted API key that allows you to send messages API Access Key only allows you to communicate.  It does not mean that you are authenticated.  Passwords are also required. So, I can either attack the protocol to wreck the system or steal data, or instead, I attack the operating systems to get at the filesystem.   It would be easier to hack my shop than a cloud based system that inherently has many more layers of protection.  If I were to give you my API key and my password, you could read, modify and delete all of my data.   You won't get the next guys data without another API key and password.   The best attack of my system would be to attack my network and get access to my computers to grab my data.   If you were to attack my system, you'd get names, addresses, invoices, sales data - pretty boring stuff.  I don't store any credit card data or customer passwords.   The value of my data is nil and IMO, not worth pursuing.  This is where we likely disagree... on the value of the data being protected.   I simply desire to be a good steward of my customers' data / information.  Personally, my biggest financial risks are having online access to my bank accounts.   I reduce my risk by having unique passwords for every online account and 2 factor security... my passwords are 20+ characters of gibberish each.   My next biggest risk are my credit cards on file at all of the local dealers and Amazon, etc.  This bit me once by an independent dealer 300 miles away.  How did he get my CC info????  We resolved it though.    

And just how do you "ask" the server to perform those tasks or get data from it or store data to it?  You seem awfully argumentative and too eager to try and prove your point when you are only make specious claims.  But, you do you and I will protect my data as I see fit.  Since you are endeavoring to ignore reality, logic and only argue.  Because there were numerous articles citing specific examples and they were so easy to find regarding hacked cloud servers, this discussion with you is moot because you continue to refuse to admit to reality.  For just one example, Reuters reported,   "August 27, 20216:06 PM EDTUpdated 2 years ago   SAN FRANCISCO, Aug 26 (Reuters) - Microsoft (MSFT.O) on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher." Then there was another article from CyberTalk - dot - org that cited 5 major could server security breaches in 2021 as well.    What is even scarier, according to a search for "are cloud servers hacked 2023" and a resulting article from tech - dot - co, there have been 37 data breaches of varying significance or severity (cyber attacks) on cloud servers in 2023 so far and another 72 in 2022.  These ranged from fast food companies to healthcare to big pharma all the way up to the government (a smallish department as well as the House of Representatives).  And, if a tech company like Farcebook or even Western Digital can be hacked, so to can Tekmetric, Shop Ware, Protractor, Micthell1, Auto Leap, and Shop Boss, google docs, Microshaft and many others. At the risk of being overly brusque, since you are desperate to prove yourself right when you aren't, refuse to admit that you are wrong and are unwilling to admit to the facts and reality and claim things that simply are not true,at least not to the extent that you are pretending, this discussion is pointless.  I have provided facts to back up my position and after this, I am done with this discussion.  I refuse to engage in an endeavor where the other party is seeking to beat me with experience. I hope you have a blessed day.