GUEST POST BY: ALEX CHADWICK
It wasn’t long after the inception of AOL when email scammers fired up their own computers and began preying on unsuspecting recipients. Back then we all thought that any piece of email which found its way into our cyber mailbox must be legitimate and meant for our eyes only. Little did we know that the scammers and hackers were engaged in a full on assault of our private accounts. Hopefully by now we’ve become a lot smarter with how we use the internet.

As someone who uses the internet for their daily business operations, you have to be even more diligent with regard to security issues. This is especially relevant as we enter into the era of cloud data storage.

The cloud is a type of off site server that allows individuals and companies to store amazing amounts of data for easy access. It’s meant to be a secure system but as we all know there is no such thing as complete security in cyberspace.

Even Dropbox, one of the most reputable and diligent cloud services, found itself the recent victim of a hacking assault. Before you ascend to the cloud you need to consider the ramifications of who really owns your data and what happens to it once you “let it go.” 

The Issue of Ownership

In the cloud, your data and your company’s data could be facing those same kinds of third party intrusions. You need to make sure that the cloud vendor you intend on using won’t be “opening up the vaults” and sharing your valuable information with outside entities.

One way to mitigate any potential intrusion would be to have it stipulated in a contract the identity of any third party outsourcing entity. It follows then that the third party should also abide by the level of security precautions put into place by the original cloud vendor. Don’t leave something like this to chance or have it get lost in the fine print.

You should also be on the lookout for mergers and acquisitions in the cloud vending community. Companies are being bought, sold and traded at a rapid pace and you need to protect your company’s interests. Computerworld, a leading source of IT information, recommends contract language to protect your data if your vendor is bought by another company. Here is an example of such language suggested by Computerworld:

ASSIGNMENT. This Agreement shall be binding on the parties and their successors (through merger, acquisition or other process) and permitted assigns. Neither party may assign, delegate or otherwise transfer its obligations or rights under this Agreement to a Third Party without the prior written consent of the other party.

The other issue of ownership in the cloud is with regard to copyright. The file-sharing service Megaupload found out about this the hard way when their service was taken offline because of copyright infringements. It turns out some of their users were uploading pirated materials. The result is that everything was shut down in that cloud and the law abiding users found access to their data was blocked. Will your cloud vendor have the ability to filter out copyrighted materials? Can they isolate accounts that might be infringing?

The Issue of Security

No matter what cloud service you are using there is no such thing as complete security. You need to embrace that concept and understand what it means. Recently, 77 million users on the Sony Playstation network found that they were the victim of security breaches when their personal information was hacked and compromised. There is no telling where this information will end up but none of those users was expecting their privacy to be violated from playing a game online and yet that’s just what happened.

Fortunately for Sony this didn’t result in 77 million customers turning in their Playstations but your business reputation is online and ultimately the buck will stop with you. Are you prepared to handle that kind of negative impact on your company’s reputation?

The Issue of Legal Jurisdiction

There is also the consideration of government accessibility. A cloud vendor based in the United States might have to comply with a Patriot Act request for data even if that data is technically stored in a server in Europe or elsewhere. Do you want to be vulnerable to such an inquiry?

At the heart of the cloud legal jurisdiction issue is location. Is your data subject to the laws of U.S. privacy or of the laws where your cloud server is located? Believe it or not this isn’t a matter which has been resolved and might be a case of technology getting out in front of the legal system. A contract with a cloud vendor should designate which body of law will govern the data. That could be a very broad category.

When you control the data in-house then you’ll be able to directly attend to any subpoena request. On the other hand, a cloud vendor could be compelled to surrender that data to a third party without your consent. This is why you should add strict notification clauses in your contract along with limiting the disclosure of your data within the bounds of the governing laws.

The Issue of Compliance

With every new advance comes a new set of regulations. In a consumer based society, it’s important that customers have protections. As someone who is maintaining an online presence for their business you need to make sure those third party hosting sites are in compliance. Although it might seem that the cloud floats over everything, in reality cloud sites are specific to region. Case in point: the Eurozone. The EU Data Protection Act was created to insure residents of the Eurozone that there would be some level of security for their private information. Translation: all that personal information has to be stored within the European Union. To be in compliance means your cloud vender might have to operate in multiple sites. Do you even know where you company servers are actually located?

Have you been scared off of cloud technology yet? Even with all those risk factors, businesses are turning towards cloud technology everyday to improve their efficiency. It’s a low cost alternative to data storage that fits in nicely with the demand of instant access from many devices. However, just because businesses are jumping on the cloud bandwagon doesn’t guarantee safeguards will be fully implemented on every vendor.

Of course, many of the same risks associated with cloud usage can be attributed to internet use in general. We use third party vendors for nearly every aspect of internet use not to mention the basics of power and water. With your company’s reputation at stake you have to be extra diligent whenever you surrender data. Bottom line: Proceed to the cloud with caution.

Alex Chadwick

Alex Chadwick is a freelance writer specializing in information technology and business topics. He is also an IT professional at Allcovered.com, providing real-world experience that allows him to cut through the hype and address topics that are relevant in the business world.

Image Source

 

2 Responses to Guest Post: Who Keeps the Data on Third-Party Cloud Services?

  1. Mike Silliman says:

    This is a great overview of the complex privacy and legal issues surrounding the cloud. The cloud is becoming more and more pervasive every day. For example, Gmail is shortly coming out with the ability to “email” files up to 10GB via Google Drive. Students, Businesses and regular users are finding more and more uses for cloud storage all the time.

    I think another area that was not addressed is online backup/storage services such as Mozy Home. While I am aware of what I upload to Dropbox and Google Drive (and choose not upload any personal or financial data) the same does not apply to these cloud backup services. Most of the them run in the background, silently creating a cloud backup of each file you create on your computer. Unless you are a particularly savvy user, any and all financial or personal data on your computer is automatically stored in some server somewhere and exposed to the same risks described in this article.

  2. Erin Frankrone says:

    I appreciated this assessment of the various risks involved with cloud storage technologies. I am an avid user of cloud storage space for personal documents, photos, etc. I began using Skydrive, Microsoft’s cloud server, as an alternative to an external hard drive. Not only does the cloud not require me to access another physical device, but also it is a seemless process to instantly save a new document to my laptop and the cloud at the same time. This is invaluable when I want to back up new documents because I don’t have to make a conscious effort to make transfers to an external hard drive at a later date. I have also found it more efficient to share certain documents, etc. with friends and colleages by granting them limited access to my space on the cloud, as opposed to overwhemling their email inboxes with attached files.

    I have yet to investigate the privacy policies of my cloud service, or other factors like those mentioned above that could be potential threats to the pricacy and safety of my information. I am also concerned what will happen when/if this cloud ceases to operate. Thank you for exposing me to these issues.