 Tom here from Orange Systems. In early December of 2023, some of the users of ubiquities, NVR, and security camera devices reported seeing other people's devices and notifications through the company's Unify Cloud Dash services. Unify addresses quickly and I think adequately. But obviously this has a lot of people concerned and actually a lot more people aware of what these cloud companies have control over and that comes down to your security keys. Now this is not saying that you shouldn't use the cloud but I think everyone should be an informed consumer and understand the risk of attaching things to the cloud. So that's what this video is about, is to talk about how Unify handles it, how it's handled in general with a lot of these cloud companies and better ways you can think about this and then ultimately lead you to the decision of whether or not you wanna use these cloud services. So let's get started. Now I wanna start here at unify.ui.com to talk about the convenience of their cloud service. I've logged into this, I have a few different devices, some other family members I manage and I do think this is nice for conveniently tying these to their cloud system. It allows the notifications from different NVRs or different Unify controllers to be managed right through here. I do have my Unify Express and we'll use that as an example. Now I've only logged in once and all these are different systems and when I click on Unify Express it brings me right into the Unify Express. Now Unify Express as I noted in my review of it does not require you to tie it to the cloud but I chose to tie it to the cloud. Well partly for this demo and partly for the convenience of being able to manage this in my lab without making any firewall changes for my firewall or on the Unify Express. It's actually behind my firewall so I'd have to make a couple different changes to make this all work and well I do like the convenience of the cloud but obviously let's talk about how that convenience comes to be and how this works with ubiquity but let's start with some of the basics. The least convenient but most secure way to do this you have Unify devices on your network then you have your firewall and maybe you set up a VPN on your firewall. You can also use a VPN that's not on your firewall but for simplicity's sake we're gonna talk about it being on the firewall and then you want all that data to be able to get to your phone because you wanna view your devices, your cameras remotely so you'll have to also set that VPN up on your phone. Now the credentials that you created for your Unify devices you can just log in once you've established this secure tunnel connection and there's not anybody on the internet that we have to worry about trusting at all because we're encrypting it from your firewall all the way to wherever your offsite location is that you'd like to view or manage your devices. Now for convenience we have the way Unify does this. First you create your credentials for your Unify device and I talked about in the Unify Express it's not required that you tie it to their cloud but you can and I do have a Ubiquity cloud account. The difference is though when you tie it to the cloud Unify creates their own set of keys that they manage on here. This allows the Unify devices to talk to the Ubiquity servers in the cloud. Then you take your cloud credentials and log into your device and now Unify is handling the encryption between your device and their servers and they're brokering that connection for you essentially relaying it. This is very convenient but of course as we've noted in the beginning of the video this comes with risks. We have to trust that Unify will manage these keys properly and this applies actually to most cloud companies they do much the same thing they're going to handle the keys but this brings us to a third solution that a lot of people may ask about and that's a reverse proxy. I've done a video already on cloud player tunnels that's why I brought it up as an example you'll find that video in the description but they handle the security certificates which gives them visibility into the data that traverses that system. If the Unify credentials are passed and someone is actually actively sniffing those packets and this is in no way an accusation that cloud player would do that it's just understanding that the ability to do that is there because they're doing the certificate termination and isn't applied to any of the reverse proxy systems that you may use and Synology offers their quick connect service and this works much the same way because they actually spin up the certificates for you they would have the potential to see that data that traverses that system. As I said, not an accusation that they are looking for that data they probably don't want that data that's why they set these systems up but if someone were to in a threat actor as an example get inside these networks they would then be able to unravel certificates and see that data that traverses those proxies. Now which one of these three options you choose comes down to your risk tolerance. I'm not telling you which one to use I just present the data so you can understand that if you have zero tolerance for a third party having it a VPN with your firewall is certainly the way to go if you go well I like the convenient notifications that the cloud system provides and I don't have to do any setup well then the Unify cloud works well the proxy solutions not bad but please note as I said in the cloud player tunnel video and I brought up Synology because I've talked about them a lot on this channel if they terminate the certificates and in both of those scenarios they do they potentially could have visibility into those certificates so there's just something to consider let me know which works for you leave your thoughts and comments down below like and subscribe if you wanna see more content from this channel if you want a copy of those graphs I did you'll find those over on my Github and if you wanna have a more in-depth discussion about this and other topics head over to my forums forums.lortonsystems.com thanks.