Posts Tagged ‘privacy’
Cloud Alignment – Part IV(Privacy)
This post is the last of the series on Cloud Computing addressing the business application of cloud based resources, focusing on midsize companies. It will also include the conclusion for the series which was originally was going to be Part V. The previous posts in this series are:
In this post we’ll focus on a recent report from the World Privacy Forum titled “Privacy in the Clouds: Risks to Privacy and Confidentially from Cloud Computing”. You can pick up a full copy of the report at their website. Recently, I also attended a presentation on cloud computing. The speaker is a Managing VP at Gartner. It was an interesting presentation and will be the subject of a future post. His pitch was very consistent with my earlier posts on the subject and has influenced this post. Agreement with my views just proves that Gartner has some visionary people on staff.
The tone of this report is sober and cautious. It emphasizes the exposure the terms and conditions impose on the customer by their cloud provider(s). I agree with this concern. As I’ve mentioned before, cloud computing is growing faster than it’s maturing. Standards and regulations are catching up but still have far to go. Another valid concern is the physical location of the data. For example, if the data is located on a server in the US it is subject to disclosure to the Federal Government (with a subpoena) under the Patriot Act. Many foreign companies specifically exclude US servers in their cloud contracts for just that reason.
For many midsize companies, the cost benefits are hard to resist. Essentially, a company exchanges the capital costs associated with building a data center for the operating expenses associated with buying computing power as services. That can be intoxicating and result in a smaller company rushing into the arms of immature cloud service providers. Clearly, it is not advisable at this time for companies to put their proprietary intellectual property in the cloud unless it’s a private cloud behind your own firewall. The main concern is the public cloud but that is also the most accessible source of cloud services.
The health care industry has its own issues with HIPAA and is a major issue in this report. The unintended release of health records for any individual to unauthorized use is about as severe a breach of privacy as you can get. There can be some circumstances where the Patriot Act and HIPPA conflict. I’m not a lawyer or politician so I don’t want to even think about that scenario.
One issue that I had not thought about directly is the scenario when a cloud provider goes out of business. There are now thousands of small companies growing up around cloud computing services. As we have seen over and over again in the technology world, a new technology is born, large numbers of companies vie for their piece of the rock, the field gets overcrowded and a “rationalization” occurs where the strongest survive and the weak can go down hard and fast. There may be some contractual language in the service agreements of those weak companies, but trying to determine how the customer’s data was managed during the dying company’s last days may be impossible to determine with confidence.
The WPF website offers these tips for business and government:
- Beware of “ad hoc” cloud computing. Any organization should have standardized rules in place telling employees when and if they may utilize cloud computing and for what data.
- Don’t put anything in the cloud you wouldn’t want a competitor, your government, or another government to see.
- Read the Terms of Service. Then read the Terms of Service again.
- Make sure that you are not violating any law or policy, by putting data in the cloud, and think twice before putting any consumer data in the cloud.
- Consult with your technical, security or corporate governance advisors about the advisability of putting data in the cloud.
These are simple, sensible guidelines to follow in your voyage into cloud computing. Check out their website for more details.
Conclusion
As we’ve seen over this series, cloud computing is here, it’s not going away and it’s going to grow faster than it matures. The promise is compelling and worth exploring, but cautiously. There are public, private and hybrid clouds. Each of which is appropriate for different purposes. Most of us are already using some form of cloud computing (have you every booked a ticket on an airplane, rented a car online or attended a webinar?) It makes sense that we embrace this technology carefully and expend the effort to be informed consumers.
I believe that eventually, most the problems and risks will be addressed to the point where we can sleep at night. That’s going to take a while. Until then, staying on the sidelines is overly cautious. Try out cloud computing on small, low risk projects until you’re comfortable and more knowledgeable. Then use it for where it makes sense.
I hope this series has been of value. Thanks for stopping by.
