Shop Management tools

[cooterdavenport1]

Looking to get off of pen and paper for ROs and estimates but unsure what tools to take a look at. Can some people tell me what they use, what they like about it, and what they don't like?

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[Transmission Repair]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[bantar]

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

[cooterdavenport1]

On 1/14/2023 at 9:53 AM, Joe Marconi said:

There are many programs out there, and some are better than others, depending on the size of your business and the type of work you do. From what I hear around the industry, a few of the top names are Tekmetric, Shop Ware, Protractor, Micthell1 (only to be used with Bolt On Technology), Auto Leap, and Shop Boss. There are others, but I would say these what I hear are the most popular. 

I used Mitchell, but there are a lot of drawbacks. Now that I coach, from my perspective, many clients are happy with Tekmetric, Protractor, Auto Leap, and for smaller shops, Shop Boss.

Let's see what other ASO members say about this. By the way, any company you are interested in will do a demo. 

I will definitely be taking demos but want to cut the list down a bit. This information is helpful, so thank you. I have 4 bays and really want things to be more accurate and time/cost sensitive. 

Do you know what the people you are coaching like about Tekmetric vs protractor or autoleap?

[cooterdavenport1]

On 1/15/2023 at 11:36 AM, bantar said:

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

Thanks for your help. My understanding was that I would need to run servers for Mitchell and that it isn't cloud-based. 

Do you have by chance know the reasons someone would favor say a TekMetric over a Mitchell or vice versa?

[cooterdavenport1]

On 1/15/2023 at 11:36 AM, bantar said:

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

Thanks for responding. A couple of questions if that's ok.

What is it about QB that you like so much better than the SMS you ran before?

What are some of the reasons you know to avoid cheap systems?

Thanks for your help!

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[bantar]

1 hour ago, cooterdavenport1 said:

Thanks for responding. A couple of questions if that's ok.

What is it about QB that you like so much better than the SMS you ran before?

What are some of the reasons you know to avoid cheap systems?

Thanks for your help!

I'll make this easier for you....  No for Mitchell - Most Mitchell folks are happy after switching and wonder why they waited so long.    Protractor is very complex and can be overwhelming if you are not used to a SMS.   Protractor has a builtin accounting system too (that I don't use).  When you need complexity it is your friend.  At the beginning, it can be a foe.  When they finally release an integrated DVI, they would be worth considering.  ShopWare and TekMetric are liked by many, but I've seen people try it and leave it too.  For you, I'd start with these 2.  No one is 100% happy with any SMS.  

Remember this:  Once you start using an SMS, switching to a new system can be a disruptive effort for the shop.   Unless required, don't be wishy-washy.  Pick a long-term winner.  

QB's is an accounting program.  It works well.  Use it for accounting.    Some people integrate with back office to pull data into QB's.  We don't do this.  We make a daily sales entry into QB's manually.   I balance my parts accounts using Protractor and when it's balanced, I transfer over the total owed for each vendor.  This approach reduces the noise in QB's.   I let the SMS be the expert Parts Handling System and Sales Management System.  I let QB's do the books.   Good luck.

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[Transmission Repair]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[cooterdavenport1]

20 hours ago, Transmission Repair said:

First, let me clarify something, I was using QuickBooks Desktop Pro which is not cloud based. Cloud based QuickBooks, in my opinion, is lame and very limited. QuickBooks Desktop has many more features that are helpful to the business.  I was able to configure QuickBooks to the way I ran the business, not conforming how our business is run to some SMS system.  Estimates and invoicing were 2 templates I designed.  (shown below)Neil Gause.pdf I was also able to create various fields in our vendor list and customer lists.  The front counter ran seamlessly with our accounting.  I could print out a P&L or balance sheet with only a few mouse clicks.  I have to confess that the way I configured QB bordered on programing because it included knowing QB code.  I can't honestly recommend QB Desktop to the average shop, but it is one hellava better app than the cloud-based QB.

I don't know any tips to avoid a cheap SMS other than to ask other shops.  Whatever they recommend will likely involve configuring the way your shop is ran to the software.

2011P&L.pdf 10.47 kB · 1 download

Thank you for all the help so far. Asking other shops is precisely why we're doing this. Like you said, I don't have time to make a mistake and have to replace a solution. I think I have a good start here so far, and will definitely be factoring QB into my decision, but I am hopeful I can find an system where I don't need it. 

What has been a huge drag on my time is the labor guide. I don't have time to look all of this up and call around for parts, etc. I need to be in a bay, especially until I can afford another tech. 

I've heard this is an additional cost with a lot of systems. Can anyone provide insight into what systems this would be an additional cost for or one's that don't work as well as a shop would need it to? @Joe Marconi @bantar

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[cooterdavenport1]

2 minutes ago, Joe Marconi said:

All business systems have access to labor and parts guides. I can't speak to the cost for each system, sorry. But, it is not significant when you think about its value. Please bear in mind that a labor guide is just a guide.  And sometimes they are way off.  Also, the parts guide gives OE prices.  With this said, it will be important to understand YOUR DESIRED labor and part margins.  One step at a time; don't get overwhelmed. Put first things first, shop around, get demos and make a decision. 

And don't worry about a wrong or right decision. No business system is perfect and will do all you want it to do.  

OK that is helpful. My understanding is that not all of them had access to these guides which would mean a lot of lost time for my investment if other options have them. I have been approached for demos by RO writer and Napa Tracks already, but am concerned about using an on-premise system for reasons like these. 

Are there other reasons I should not be considering an on-premise system? this will help me figure out who to spend my time shopping. Thank you so much for your help.

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[cooterdavenport1]

27 minutes ago, Joe Marconi said:

When you say "on-premise system" are you referring to a non-cloud based system? 

Yes. I've been told I'll have to house servers for Mitchell or other on-premise systems, which sounds like a bigger headache than I can imagine from anything where I don't have to. I'm not a computer whiz but I'm good enough to get by on something with no maintenance I'd bet.

[Joe Marconi]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[willydmax]

I was using QB until about 2 years ago I looked around and finally settled on Shop-Ware. It's absolutely the best thing I could've done. I love it. Greatly simplifies my life, easy to use, helps me keep track of profit margins, easy to order parts...the list goes on and on. I use QuickBooks online as my accounting software and Shop-Ware automatically sends the data across on each ticket as soon as it's paid and customer picked up the vehicle. Works awesome. Has a great built in vehicle inspection system as well. Customers love pictures. Another thing that my customers really like is getting their invoice texted to them when I'm done and it also has a pay button so they can pay via card if they want. 

[Transmission Repair]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[TheTrustedMechanic]

On 1/18/2023 at 9:52 AM, cooterdavenport1 said:

Yes. I've been told I'll have to house servers for Mitchell or other on-premise systems, which sounds like a bigger headache than I can imagine from anything where I don't have to. I'm not a computer whiz but I'm good enough to get by on something with no maintenance I'd bet.

I am not sure what or who has told you that you will have to house servers, but I think they are trying to scare you into buying their program.

Depending on your setup and business size/# of locations, your "Server" could be nothing more than your desktop computer.  Properly configured a simple desktop computer with moderate hardware (CPU speed, # of processors, memory, etc.) can be your "Server" and you could connect as many "clients" or satellite computers to it as you have in your shop. 

One thing to consider when "going on the cloud" is you do NOT own your data, period, full stop. Why is this important? Because if you were to stop paying that company for access to YOUR DATA that THEY OWN, you will lose all of it.  Meanwhile, most local installation (on your shop computer's hard drive) programs will have some kind of legacy access.  Meaning, if you change programs and no longer pay them the subscription fee, you can still access the data, just with very limited rights, such as view and print customer information/invoices only.  Other local programs, like the old desktop QuickBooks, once you buy the program, you own it and it will work forever (at least until you have a catastrophic hardware failure) and will always have access to your data.  On the cloud, once you as the cash cow stop paying the cloud company, you lose access.  Although I guess some will allow you limited access for a short period of time afterward, it's not in perpetuity like a local installation. 

And one last consideration of you do not own your data, no matter what their "Privacy Policy" says, they have every legal right to access any of your data, mine it, sell it, use it, delete it, modify it, do anything they want to with it.  Most won't do anything with your data that is evident to you but they will certainly be able to mine it, use it, sell it anyway, anytime and to anyone they want and you won't be the wiser.  This is not conspiracy theory, this is actual fact and legal, because "They who own the server, own the data."

 

I am currently reviewing new SMS systems so that is how I found this thread.  Although it's not very informative, as most queries like these aren't either.

[bantar]

58 minutes ago, TheTrustedMechanic said:

One thing to consider when "going on the cloud" is you do NOT own your data, period, full stop.

Me thinks TheTrustedMechanic doesn't trust these guys!  😬😁    However, it's critical to be certain of where you stand, so I'm with you on that. 

Ownership of your data is a contractual issue.  If it's not stated as yours, it's not yours.   But, think about the reputation of the software companies that block you from transferring your data to the next guy...   They would get a bad rap and not live much longer.   Therefore, most will allow your data to be exported.  Ask the SMS about this before signing up.    Most SMSs can import data from other SMSs.  Once the data export is completed, there is no need to access your data from the old SMS (with the caveat that not all items can be imported).   See Import Example below.  

Personally, I don't have an issue with either on-prem(ise) SMSs or cloud-based SMSs.   If you have on-prem, you must have a disaster plan in place for everything from hardware failures to virus recovery to ransomware attacks.  And you must establish a solid backup process that ensures that you lose very little data in the worst case scenario.   You are not impacted much by an internet outage.   If you have a hardware or data failure, you are the IT guy that must bring it back up.  You will likely get phone support from your SMS on the steps to recover.    With redundancy and a stellar backup strategy and practice, this can be 30-60 minutes.   It can be way longer depending on what the failure mode is.   You are the IT guy!    You will perform software updates when you approve them.

With Cloud based SMSs, your data is stored in a professional data center.  Backups and hardware failures are managed by the SMS.  You are VERY dependent on the internet working as no internet means no SMS.   There are mitigations that might help if your main internet goes down, such as using a Mobile Hotspot for temporary internet access.  You are beholden to the SMS technical team to correct any software bugs / outages that might occur in the cloud.  You can only complain and wait on resolution.  Software updates on Cloud-based SMSs usually occur more often as these are easier deployments for the developer of the SMS.

Pick whichever is better for you.

Import Example:   I use Protractor that allows me to have all customer family members, with separate emails and phone numbers per person under a single record.   The software does not allow this on a number of other SMSs.  There structure is a single person and phone number.  By definition, if I were to import the data to another one, the import would discard the extra names and only select one to be primary contact, email and phone number.   This is not horrible, but it is an example where data import is NOT Perfect.  

Personally, as a computer guy, I distrust computers.   I know that they can fail on a moments notice.   I have my own backup strategy and backup my data monthly on top of what the SMS is doing for me in the cloud.   This includes my contacts, vehicles, invoice summaries, financials, etc.  What I don't backup are the actual invoices.   Now, this happens monthly.  I also backup this data to an offline storage drive, but because I'm lazy or forgetful, this happens maybe quarterly.  Ransomware cannot get a hold of a storage drive that is not connected to the network!

Access to your data:   I'm also using AutoFlow for DVIs.  I asked them about their access policy should I desire to switch to the next new thing.   They said that I would have access to MY data with no additional fees for as long as I need.  It's read only data.  I can't modify anything.  I can't run reports, but I can access the completed DVIs.   What a great policy by them!!!   This is what stand-up companies do.   Ask your potential SMS about this, and ask them to show you this in writing to be sure.   They are likely going to have a solution.

Ask the right questions and pick a good partner companies to work with that you trust! 

58 minutes ago, TheTrustedMechanic said:

And one last consideration of you do not own your data, no matter what their "Privacy Policy" says, they have every legal right to access any of your data, mine it, sell it, use it, delete it, modify it, do anything they want to with it.  Most won't do anything with your data that is evident to you but they will certainly be able to mine it, use it, sell it anyway, anytime and to anyone they want and you won't be the wiser.  This is not conspiracy theory, this is actual fact and legal, because "They who own the server, own the data."

This should be considered on a case-by-case basis.   Hunt with Paar Melis and Associates, an auto shop accounting firm, is mining his clients data with permission and presenting to all of us a set of baselines that may help us manage our businesses.  This is a good use of data mining.   Now, when I talked to RepairPal, they wanted access to my SMS and I had no desire to allow them into my system.   I don't see any good reason why I should allow my customer data and sales to escape.  Given that this was a contractual requirement, I opted not to work with them.   Now, if Protractor wanted to mine my data for some statistical data exercise, I can't see how I could be hurt.  Leave my customers alone and we're good.   And lastly, I allow my marketing companies to access my customer data for marketing purposes.  This benefits me and my customers and I'm trusting that they will not STEAL my customers.

Edited May 31, 2023 by bantar

[TheTrustedMechanic]

11 minutes ago, bantar said:

Me thinks TheTrustedMechanic doesn't trust these guys!  😬😁    However, it's critical to be certain of where you stand, so I'm with you on that. 
I don't trust what I know to be a potential breach of trust and privacy.

Ownership of your data is a contractual issue.  If it's not stated as yours, it's not yours.   But, think about the reputation of the software companies that block you from transferring your data to the next guy...   They would get a bad rap and not live much longer.   Therefore, most will allow your data to be exported.  Ask the SMS about this before signing up.    Most SMSs can import data from other SMSs.  Once the data export is completed, there is no need to access your data from the old SMS (with the caveat that not all items can be imported).   See Import Example below.  
This is NOT the point, sure, you might be able to transfer your data to a new service, but as was admitted, "not all items can be imported."  The point is, you only have a license to access your data, nothing more.

Personally, I don't have an issue with either on-prem(ise) SMSs or cloud-based SMSs.   If you have on-prem, you must have a disaster plan in place for everything from hardware failures to virus recovery to ransomware attacks.  And you must establish a solid backup process that ensures that you lose very little data in the worst case scenario.   You are not impacted much by an internet outage.   If you have a hardware or data failure, you are the IT guy that must bring it back up.  You will likely get phone support from your SMS on the steps to recover.    With redundancy and a stellar backup strategy and practice, this can be 30-60 minutes.   It can be way longer depending on what the failure mode is.   You are the IT guy!    You will perform software updates when you approve them.

With Cloud based SMSs, your data is stored in a professional data center.  Backups and hardware failures are managed by the SMS.  You are VERY dependent on the internet working as no internet means no SMS.   There are mitigations that might help if your main internet goes down, such as using a Mobile Hotspot for temporary internet access.  You are beholden to the SMS technical team to correct any software bugs / outages that might occur in the cloud.  You can only complain and wait on resolution.  Software updates on Cloud-based SMSs usually occur more often as these are easier deployments for the developer of the SMS.

This is irrelevant, because in the event that your local system goes down, you won't have access to the online services anyway.  You will still have to be, "...the IT guy." Not to mention that hackers and malcontents will target which, your local system or a large data server?  And don't pretend that large data servers are impervious to hacker, malware and ransomware attacks.

Pick whichever is better for you.

Import Example:   I use Protractor that allows me to have all customer family members, with separate emails and phone numbers per person under a single record.   The software does not allow this on a number of other SMSs.  There structure is a single person and phone number.  By definition, if I were to import the data to another one, the import would discard the extra names and only select one to be primary contact, email and phone number.   This is not horrible, but it is an example where data import is NOT Perfect.  

Personally, as a computer guy, I distrust computers.   I know that they can fail on a moments notice.   I have my own backup strategy and backup my data monthly on top of what the SMS is doing for me in the cloud.   This includes my contacts, vehicles, invoice summaries, financials, etc.  What I don't backup are the actual invoices.   Now, this happens monthly.  I also backup this data to an offline storage drive, but because I'm lazy or forgetful, this happens maybe quarterly.  Ransomware cannot get a hold of a storage drive that is not connected to the network!

Access to your data:   I'm also using AutoFlow for DVIs.  I asked them about their access policy should I desire to switch to the next new thing.   They said that I would have access to MY data with no additional fees for as long as I need.  It's read only data.  I can't modify anything.  I can't run reports, but I can access the completed DVIs.   What a great policy by them!!!   This is what stand-up companies do.   Ask your potential SMS about this, and ask them to show you this in writing to be sure.   They are likely going to have a solution.

Ask the right questions and pick a good partner companies to work with that you trust! 

This should be considered on a case-by-case basis.   Hunt with Paar Melis and Associates, an auto shop accounting firm, is mining his clients data with permission and presenting to all of us a set of baselines that may help us manage our businesses.  This is a good use of data mining.  
The key here is that this professional service provider has sought PERMISSION.  The cloud based data storage (your SMS provider) does not, will not and is not required to seek your permission before accessing, mining, selling or using your data because, despite all the flowery, "Your privacy is very important to us," male bovine excrement in the Privacy Policy, YOU HAVE NO PRIVACY.  Read it, every line and then try to think of how it can be twisted to allow them the access they are trying so hard to deny they will take.  And this access, mining, sale and use, as I said will NOT be in ways that are readily apparent to you or your customer.

Now, when I talked to RepairPal, they wanted access to my SMS and I had no desire to allow them into my system.   I don't see any good reason why I should allow my customer data and sales to escape.  Given that this was a contractual requirement, I opted not to work with them.   Now, if Protractor wanted to mine my data for some statistical data exercise, I can't see how I could be hurt.  Leave my customers alone and we're good.   And lastly, I allow my marketing companies to access my customer data for marketing purposes.  This benefits me and my customers and I'm trusting that they will not STEAL my customers.

Again, RepairPal asked for access, they asked for permission and you denied it.  Your marketing company has access to your customer data because YOU GAVE PERMISSION.  Cloud based storage services do not ask for permission because it is in the EULA and (you have NO) "Privacy Policy" that people do not read.  Just like a used car salesman says, "Trust me, we inspect every car we sell." What they don't tell you but you are led to believe is that they may inspect the car, find problems but they do NOT fix them.  "Look, over there! So you don't see the scam I'm running over here."  Same thing.  It's a very simple situation, you do you, do what you feel serves your business, but please don't try to downplay, dismiss or deny what happens every single day and what is common knowledge to those with any level of research into the "privacy policies" and actions of these companies.  There is a reason why lawsuits have been brought and the decision was, "Those who own the server, own the data."

 

[TTP]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[bantar]

The good news is that there are SMSs with on-prem solutions that meet your data privacy requirements.   You'd want to ask them if they are planning to switch to cloud, so that you don't get one that wants to force you to upgrade later.   It's an expensive transition to rewrite their software for cloud, so some companies may choose to never go cloud.

I see value in both models and only tried to lay out a pros/cons list.

1 hour ago, TheTrustedMechanic said:

Not to mention that hackers and malcontents will target which, your local system or a large data server?  And don't pretend that large data servers are impervious to hacker, malware and ransomware attacks.

I've previously written a large detailed description of why targeting a production data server is not as easy as it seems.   A modern cloud compute engine and it's database are isolated.  The malware and ransomware attacks generally hit those systems that must be "open by design".   For example, I must access this shared filesystem to be able to share my spreadsheet / document with other employees.  These open systems are where the attacks occur.   I'll just say that the cloud systems have a much lower risk of attack.   The cloud computers in our shops don't ACCESS the cloud server, but rather ask it to perform tasks.  The cloud server is a closed/isolated system.  It's safe to consider.   I contend that it is much safer than my local and secured network.

[Transmission Repair]

Premium Member Content 

This content is hidden to guests, one of the benefits of a paid membership. Please login or register to view this content.

[TheTrustedMechanic]

17 hours ago, bantar said:

The good news is that there are SMSs with on-prem solutions that meet your data privacy requirements.   You'd want to ask them if they are planning to switch to cloud, so that you don't get one that wants to force you to upgrade later.   It's an expensive transition to rewrite their software for cloud, so some companies may choose to never go cloud.

I see value in both models and only tried to lay out a pros/cons list.

I've previously written a large detailed description of why targeting a production data server is not as easy as it seems.   A modern cloud compute engine and it's database are isolated.  The malware and ransomware attacks generally hit those systems that must be "open by design".   For example, I must access this shared filesystem to be able to share my spreadsheet / document with other employees.  These open systems are where the attacks occur.   I'll just say that the cloud systems have a much lower risk of attack.   The cloud computers in our shops don't ACCESS the cloud server, but rather ask it to perform tasks.  The cloud server is a closed/isolated system.  It's safe to consider.   I contend that it is much safer than my local and secured network.

And just how do you "ask" the server to perform those tasks or get data from it or store data to it?  You seem awfully argumentative and too eager to try and prove your point when you are only make specious claims.  But, you do you and I will protect my data as I see fit.  Since you are endeavoring to ignore reality, logic and only argue. 

Because there were numerous articles citing specific examples and they were so easy to find regarding hacked cloud servers, this discussion with you is moot because you continue to refuse to admit to reality.  For just one example, Reuters reported,
 

"August 27, 20216:06 PM EDTUpdated 2 years ago

 

SAN FRANCISCO, Aug 26 (Reuters) - Microsoft (MSFT.O) on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher."
Then there was another article from CyberTalk - dot - org that cited 5 major could server security breaches in 2021 as well. 
 

What is even scarier, according to a search for "are cloud servers hacked 2023" and a resulting article from tech - dot - co, there have been 37 data breaches of varying significance or severity (cyber attacks) on cloud servers in 2023 so far and another 72 in 2022.  These ranged from fast food companies to healthcare to big pharma all the way up to the government (a smallish department as well as the House of Representatives).  And, if a tech company like Farcebook or even Western Digital can be hacked, so to can Tekmetric, Shop Ware, Protractor, Micthell1, Auto Leap, and Shop Boss, google docs, Microshaft and many others.

At the risk of being overly brusque, since you are desperate to prove yourself right when you aren't, refuse to admit that you are wrong and are unwilling to admit to the facts and reality and claim things that simply are not true,at least not to the extent that you are pretending, this discussion is pointless.  I have provided facts to back up my position and after this, I am done with this discussion.  I refuse to engage in an endeavor where the other party is seeking to beat me with experience. I hope you have a blessed day.

 

[bantar]

8 hours ago, TheTrustedMechanic said:

And just how do you "ask" the server to perform those tasks or get data from it or store data to it?  You seem awfully argumentative and too eager to try and prove your point when you are only make specious claims.  But, you do you and I will protect my data as I see fit.  Since you are endeavoring to ignore reality, logic and only argue. 

I'm sorry to hear that you feel that I'm arguing.  It is not my intention.  I have nothing to gain in this discussion.  My only goal is to provide some comfort to others that they can safely use cloud solutions.   Clearly, I recognize that cloud is not your cup-o-tea.   Only because you asked "how do you "ask", is the rest of this response below presented.  It's a very deep topic.

TLDR:   Request-Response messaging design limits what can be done.   You want access to the filesystem to create the real carnage.   SMS cloud designs don't expose their filesystems.   Most shops don't store data worth stealing (e.g. CC).

There are numerous types of software applications that utilize cloud resources of varying types.   You can't lump them all in the same bucket.  Some software architectures will have more exposure to hacks than others.   Regardless, all network-connected systems are vulnerable to an attack.   Disconnect from the network to reduce your attack profile.    This is even true for on-prem software solutions.   If it is connected to the internet, it can be attacked.   So, we agree on this point.

Security is not a singular item, but rather a layered set of protection strategies.   One of which is a rock-solid data backup strategy which includes off-site and offline storage of backups.   When you are attacked, assuming a worst case scenario, how quickly can you erase everything, then restore backups and lose as little data as possible.   On a redundant system, service restoration can be measured in milliseconds, a few hours on run-of-the-mill systems and on terribly managed system, this can take weeks or even be unrecoverable (data loss).   There's a billion combinations of system designs.   However, we can take any given architecture and analyze it for security weaknesses and then build a plan around it's vulnerabilities in order to reduce our risk.  Risk is never eliminated, only mitigated.  I can tell you that my background in Software Development was with redundant systems.   Our downtime was measured in seconds per year.   I do have a rudimentary knowledge of security and protocol design.

SMS Cloud Applications generally will have these properties

• Request-Response Protocol
  • It exposes limited operations.  You don't have free reign to do what you will.
  • This is the ask the server to do something.  For instance,
    • Store this text blob which contains my labor ops description for WO #112233.
    • Give me the data I need to prepare a report of my daily sales (client retrieves raw data and presents it to the user in various formats)
    • Requests and Commands to the server are primitives (raw data) that are processed locally by the client
    • And every other operation that a SMS does
  • You must understand the protocol and build well formed messages, or it will not process the operation
• API Access Keys are required
  • You will not access the system without using an encrypted API key that allows you to send messages
  • API Access Key only allows you to communicate.  It does not mean that you are authenticated.  Passwords are also required.

So, I can either attack the protocol to wreck the system or steal data, or instead, I attack the operating systems to get at the filesystem.   It would be easier to hack my shop than a cloud based system that inherently has many more layers of protection. 

If I were to give you my API key and my password, you could read, modify and delete all of my data.   You won't get the next guys data without another API key and password.   The best attack of my system would be to attack my network and get access to my computers to grab my data.   If you were to attack my system, you'd get names, addresses, invoices, sales data - pretty boring stuff.  I don't store any credit card data or customer passwords.   The value of my data is nil and IMO, not worth pursuing.  This is where we likely disagree... on the value of the data being protected.   I simply desire to be a good steward of my customers' data / information. 

Personally, my biggest financial risks are having online access to my bank accounts.   I reduce my risk by having unique passwords for every online account and 2 factor security... my passwords are 20+ characters of gibberish each.   My next biggest risk are my credit cards on file at all of the local dealers and Amazon, etc.  This bit me once by an independent dealer 300 miles away.  How did he get my CC info????  We resolved it though.