Data Protection in the Cloud: Why it Matters and How it Affects You and Your Data
Cloud computing has revolutionized the way that individuals and institutions interact, perform business activities, and spend leisure time. What many may not realize is that it has also put their data at risk.
With cloud computing, individuals with average or even basic computing skills have been able to make use of high-tech applications, software, and other technologies. In turn, this has increased productivity and encouraged interaction between different users and platforms. However, it has also created a nebulous area within data protection laws concerning data ownership, access, and privacy rights. Far more of an individual’s information and data may be available to third parties and the public than they may realize.
What is Cloud Computing?
Cloud computing is a broad concept that contains many types of technologies, applications, and systems.
More simply, cloud computing allows users to use the Internet to make use of an application, software, or service. In this way, a user does not need to have computer expertise or the storage or networking capabilities to utilize highly technical applications.
Cloud computing contains many layers:
Cloud Clients are hardware systems that make use of the cloud. This includes Mobile clients such as the iPhone and Windows mobile and Thin Clients which have limited processing power and use network connectivity to perform most functions. They also include Thick clients such as the typical computer which conducts many processes without connection to a network. Thick clients use web browsers to make use of cloud computing technologies.
Cloud Applications include peer-to-peer programs such as Skype and web applications such as Twitter and Facebook. It also includes Security as a Service and Software as a Service (SaaS) which provide small businesses with security and business management-related software on-demand, through the Internet.
Platform as a Service allows developers to create and support their applications through the Internet and does not require the personal use of their network or storage capabilities to run or host the application.
Infrastructure as Service allows users to purchase all outsourced computer services from one vendor on a per-use basis instead of paying for each service individually.
Risks Involved with Cloud Computing
Privacy Risks– In current U.S. information privacy law, particularly the Electronic Communications Privacy Act, data hosted with a third party is not as strongly protected as data stored on an individual computer or network.
Under current data laws anything posted to Facebook or Twitter, any messages sent through Gmail or other web-based email providers, any document shared with Google docs, basically any information uploaded to cloud computing services, can potentially be subpoenaed by law enforcement officials, as provided for under the Patriot Act, without ever notifying the consumer.
Because technology has grown faster than the government’s ability to regulate it, there are fewer legal regulations protecting data in the cloud from unauthorized use and disclosure and few systems in place to investigate and prosecute violations.
Vendor Risks– As more businesses use Software as a Service to complete business functions, they need to make careful decisions regarding the vendors they use.
Reliability– Placing data in the cloud means that a business relies on its vendor for business functions. Problems with a vendor, such as data outages, bankruptcy, or legal issues may result in disruption of business activities.
Accountability– Service Level Agreements or End User License Agreements should be signed to protect both parties. These are agreements created between the provider and consumer of a software or service which outline the responsibilities, capabilities, and rights of each party.
Transferability– While it is convenient to upload data to a cloud service so it can be accessed anywhere, such services are notorious for creating difficulties in downloading data. As of now, few services allow bulk downloads, which means data may only be downloaded one or a few files at a time. Furthermore, some services may charges fees for you to download the data. This may make it extremely difficult to switch your information to another vendor.
Accountability Risks– Though data may be placed or serviced by a third party, the consumer is still responsible for the security and integrity of the data.
Since the user will not have personal control over which individuals are given the authority to access and service their information, users should look into a vendor’s hiring and employee policies. Many cloud services deal with sensitive or protected and data and it is the responsibility of the user to make sure their information is adequately protected.
Because data is not stored locally on the user’s computer, often the user may not know the exact location of their data. A vendor may store data in facilities located outside the jurisdiction of U.S. or E.U. data protection laws. Users should check a vendor’s policies to make sure they comply with all information privacy regulations. A breach of these regulations and any resulting unauthorized disclosure of a consumer’s personal information will be the responsibility of the user and not the vendor.
Even with the faster, more reliable, more secure systems that cloud computing offers, there may be incidents of data loss, unauthorized disclosure, and misuse. Users should work with vendors that contractually allow for investigations into such incidents and have a history of looking into such incidents. Users should also be aware that investigations with cloud computing services are often extremely difficult because the information is stored on various hosts and servers alongside the information of many other users as opposed to personal networks and applications which have a smaller number of storage facilities and system users.
Data Loss- While using a cloud service may prevent the loss of data should a user’s computer or storage facilities fail, it also creates many more opportunities for the loss of data.
Data on web-based service networks is stored along with the information of hundreds, thousands, or even millions of users. While encryption is widely used to protect data it does not guarantee complete safety. Wrong encryption can occur creating data that is completely unreadable and/or unrecoverable. A user has little control over the technologies and methods used to protect their data when using a cloud computing service.
Data outages and natural disasters can wreak havoc on a user’s ability to utilize a service. In October 2009, several T-Mobile Side Kick subscribers lost important information such as their contacts, calendars, and other data involved with applications when Danger, a Microsoft Service, experienced outages and data loss. Users should be aware of a service provider’s policies for disaster recovery management.
Data stored by a third party can potentially be made inaccessible or destroyed by that party. Amazon recently several purchased copies of 1984 from Kindle users’ computers during a copyright dispute. While the action was not an attempt at censorship, the incident raised serious issues regarding the rights of e-book owners and the potential for censorship in the future.
Similarly, some services, like Flickr, limit the number of uploaded documents that can be accessed unless a paid account is purchased. Other services, such as Facebook and Myspace fail to delete photos and other data immediately after the delete request has been made, and may take months for the data to be completely removed. This denies users the ability to control the destruction of their data.
Cloud computing has been a remarkable development in computing technology. It allows for high levels of specialization so that a small group of individuals, with expertise in a particular area, can create a specific service and make that service widely available through the Internet. Such specialization has created giant leaps in technological capabilities. It has made information mobile, across locations and devices and revolutionized the way people share, store and consume information. However, it does not come without its risks. Until information privacy laws can catch up with the changes in technology, consumers must be personally responsible for learning about, monitoring, and protecting against the risks associated with sharing data in the cloud.
About the author: Bianca J. Ward is a professional essay writer online at EssayWriterFree where she provides people with qualitative works. Besides, she is a passionate photographer and traveler who has visited 52 countries all over the world. Bianca dreams about creating a photo exhibition to present her works to others.