Archives

Data Protection in the Cloud: Why it Matters and How it Affects You and Your Data

Cloud computing has revolutionized the way that individuals and institutions interact, perform business activities, and spend leisure time. What many may not realize is that it has also put their personal data at risk.

With cloud computing, individuals with average or even basic computing skills have been able to make use of high tech applications, software and other technologies. In turn, this has increased productivity and encouraged interaction between different users and platforms. However, it has also created a nebulous area within data protection laws concerning data ownership, access and privacy rights. Far more of an individual’s information and data may be available to third parties and the public than they may realize.

 

What is Cloud Computing?

Cloud computing is a broad concept which contains many types of technologies, applications and systems.

The official definition from the National Institute of Standards and Technologies states: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

More simply, cloud computing allows users to use the Internet to make use of a an application, software or service. In this way, a user does not need to have the computer expertise or the storage or networking capabilities to utilize highly technical applications.

Cloud computing contains many layers:

Cloud Clients are hardware systems which make use of the cloud. This includes Mobile clients such as the iPhone and Windows mobile and Thin Clients which have limited processing power and use network connectivity to perform most functions.  They also include Thick clients such as the typical computer which conduct many processes without connection to a network. Thick clients use web browsers to make use of cloud computing technologies.

Cloud Applications include peer-to-peer programs such as Skype, and web applications such as Twitter and Facebook. It also includes Security as a Service and Software as a Service (SaaS) which provide small businesses with security and business management related software on-demand, through the Internet.

Platform as a Service allows developers to create and support their own applications through the Internet and does not require the personal use of their own network or storage capabilities to run or host the application.

Infrastructure as Service allows users to purchase all outsourced computer services from one vendor on a per use basis instead of paying for each service individually.  

 

Risks Involved with Cloud Computing

Privacy RisksIn current U.S. information privacy law, particularly the Electronic Communications Privacy Act, data hosted with a third party is not as strongly protected as data stored on an individual computer or network.

  • Under current data laws anything posted to Facebook or Twitter, any messages sent through Gmail or other web based email providers, any document shared with Google docs, basically any information uploaded to cloud computing services, can potentially be subpoenaed by law enforcement officials, as provided for under the Patriot Act, without ever notifying the consumer.
  • Because technology has grown faster than the government’s ability to regulate it, there are fewer legal regulations protecting data in the cloud from unauthorized use and disclosure and few systems in place to investigation and prosecute violations.

Vendor Risks– As more businesses use Software as a Service to complete business functions, they need to make careful decisions regarding the vendors they use.

  • Reliability– Placing data in the cloud means that a business relies on their vendor for business functions. Problems with a vendor, such as data outages, bankruptcy or legal issues may result in disruption of business activities.
  • Accountability– Service Level Agreements or End User License Agreements should be signed to protect both parties. These are agreements created between the provider and consumer of a software or service which outline the responsibilities, capabilities and rights of each party.
  • Transferability– While it is convenient to upload data to a cloud service so it can be accessed anywhere, such services are notorious for creating difficulties in downloading data. As of now, there are few services that allow bulk downloads, which means data may only be downloaded one or a few files at a time. Furthermore, some services may charges fees for you to download the data. This may make it extremely difficult to switch your information to another vendor.

 

Accountability RisksThough data may be placed or serviced by a third party, the consumer is still responsible for the security and integrity of the data.

  • Since the user will not have personal control over which individuals are given the authority to access and service their information, users should look into a vendor’s hiring and employee policies. Many cloud services deal with sensitive or protected and data and it is the responsibility of the user to make sure their information is adequately protected.
  • Because data is not stored locally on the user’s computer, often the user may not know the exact location of their data. It is possible that a vendor may store data in facilities located outside the jurisdiction of U.S. or E.U. data protection laws. Users should check a vendor’s policies to make sure they comply with all information privacy regulations.  A breach to these regulations and any resulting unauthorized disclosure of a consumer’s personal information, will be the responsibility of the user and not the vendor.
  • Even with the faster, more reliable, more secure systems that cloud computing offers, there may be incidents of data loss, unauthorized disclosure and misuse. Users should work with vendors that contractually allow for investigations into such incidents and have a history of looking into such incidents. Users should also be aware that investigations with cloud computing services are often extremely difficult because information is stored on various hosts and servers alongside the information of many other users as opposed to personal networks and applications which have a smaller number of storage facilities and system users.

 

 

Data Loss- While using a cloud service may prevent against the loss of data should a user’s computer or storage facilities fail, it also creates many more opportunities for the loss of data.

Summary:

Cloud computing has been a remarkable development in computing technology. It allows for high levels of specialization so that a small group of individuals, with expertise in a particular area can create a specific service and make that service widely available through the Internet. Such specialization has created giant leaps in technological capabilities. It has made information mobile, across locations and devices and revolutionized the way people share, store and consume information. However, it does not come without its risks. Until information privacy laws can catch up with the changes in technology, consumers must be personally responsible for learning about, monitoring, and protecting against the risks associated with sharing data in the cloud.

Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>