The legal implications of data and
applications being held by a third party are complex and not well understood.
There is also a potential lack of control and transparency when a third party
holds the data. Part of the hype of cloud computing is that the cloud can be
implementation independent, but in reality regulatory compliance requires
transparency into the cloud.
All this is prompting some companies to
build private clouds to avoid these issues and yet retain some of the advantages
of cloud computing. For example, Benjamin Linder, Scalent System’s CEO, says: “What I find as CEO of a software company in
this space, Scalent Systems, is that most enterprises have a hard time trusting
external clouds for their proprietary and high-availability systems. They are
instead building internal "clouds", or "utilities" to serve
their internal customers in a more controlled way.”
Third-party
data control Threat #1. Due diligence
If
served a subpoena or other legal action, can a cloud user compel the cloud
provider to respond in the required time-frame? A related question is the
provability of deletion, relevant to an enterprise’s retention policy: How can
a cloud user be guaranteed that data has been deleted by the cloud provider?
Third-party
data control Threat #2. Auditability
Audit difficulty is another side effect of the
lack of control in the cloud. Is there sufficient transparency in the
operations of the cloud provider for auditing purposes? Currently, this
transparency is provided by documentation and manual audits. Information
Security Magazine asks: “How do you
perform an on-site audit when you have a distributed and dynamic multi-tenant
computing environment spread all over the globe? It may be very difficult to
satisfy auditors that your data is properly isolated and cannot be viewed by
other customers.”
A related concern is proper governance of
cloud-related activity. It’s easy, perhaps too easy, to start using a cloud
service.
One popular auditing guideline is the SAS
70, which defines guidelines for auditors to assess internal controls, for
instance controls over the processing of sensitive information. SOX and HIPAA
are other well-known regulations. US government agencies generally need to
follow guidelines from FISMA, NIST, and
FIPS.
Certain regulations require data and
operations to remain in certain geographic locations. Cloud providers are
beginning to respond with geo-targeted offerings.
Third-party
data control Threat #3. Contractual obligations
One
problem with using another company's infrastructure besides the uncertain
alignment of interests is that there might be surprising legal implications.
For instance, here is a passage from Amazon’s terms of use:
10.4.
Non-Assertion. During and after the term of the Agreement, with respect to any
of the Services that you elect to use, you will not assert, nor will you authorize,
assist, or encourage any third party to assert, against us or any of our
customers, end users, vendors, business partners (including third party sellers
on websites operated by or on behalf of us), licensors, sublicensees or
transferees, any patent infringement or other intellectual property
infringement claim with respect to such Services.
This could be interpreted as implying that
after you use EC2, you cannot file infringement claims against Amazon or its
customers suggesting that EC2 itself violates any of your patents. It's not
clear whether this non-assert would be upheld by the courts, but any
uncertainty is bad for business.
Third-party
data control Threat #4. Cloud Provider Espionage
This
is the worry of theft of company proprietary information by the cloud provider.
For example, Google Gmail and Google Apps are examples of services supported by
a private cloud infrastructure. Corporate users of these services are concerned
about confidentiality and availability of their data. According to a CNN
article:
For
Shoukry Tiab, the vice president of IT at Jenny Craig, which uses Postini and
Google Maps, the primary concern is security and confidentiality. "Am I
nervous to host corporate information on someone else's server? Yes, even if
it's Google."
Note that for consumers, there were
initially widespread confidentiality concerns about Gmail, but now those
concerns seem to have faded. We believe this is an example of the Privacy Hump:
Early
on in the life cycle of a technology, there are many concerns about how these
technologies will be used. These concerns are lumped together forming a
“privacy hump” that represents a barrier to the acceptance of a potentially
intrusive technology…. Over time, however, the concerns fade, especially if the
value proposition is strong enough.
Consumers at least seem to have decided
that, in this case, the dangers of placing their data in the cloud were
outweighed by the value they received.
Third-party
data control Threat #5. Data Lock-in
How
does a cloud user avoid lock-in to a particular cloud-computing vendor? The
data might itself be locked in a proprietary format, and there are also issues
with training and processes. There is also the problem of the cloud user having
no control over frequent changes in cloud-based services. Coghead is one
example of a cloud platform whose shutdown left customers scrambling to
re-write their applications to run on a different platform. Of course, one
answer to lock-in is standardization, for instance GoGrid API.
Third-party
data control Threat #6. Transitive nature
Another possible concern is that the
contracted cloud provider might itself use subcontractors, over whom the cloud
user has even less control, and who also must be trusted. One example is the
online storage service called The Linkup, which in turn used an online storage
company called Nirvanix. The Linkup shutdown after losing sizeable amounts of
customer data, which some say was the fault of Nirvanix. Another example is
Carbonite, who is suing its hardware providers for faulty equipment causing
loss of customer data.
Cloud hosting is a superior evolution of the virtual computing environment, offering reliable flexibility to quickly scale as needed, no matter what size your business is or what life-stage it’s in.
ReplyDeletecloud hosting services
Security concerns will be there. However for on-premise traditional enterprise license delivery model has also same or more complicated security threats. For example if the standard IT SOPs are not in place or followed, business owner would be thinking that everything is fine. However this can be 1/2 person dependent.
ReplyDeleteAs most of the cloud based services run on subscription model, vendor will ensure 200% compliance as there is lock-in and if not satisfied with the service, customer will stop using and paying
Laws prohibit some data from being used for secondary reasons other than the purpose for which it was originally collected. You can’t collect data on the health of your employees, for example, and then use it to charge smokers with higher insurance premiums. Also, you can’t share certain data with third parties. In the world of cloud computing, this becomes much more difficult, as you now have a third party operating and managing your infrastructure. By its very nature, that provider will have access to your data.
DeleteVisit Here For Cloud Hosting : Cloud Hosting Services
Hello, Thanks and RI really love to read this post and I am glad to find your distinguished way of writing the post.
ReplyDeleteData security service
Thanks for sharing useful post to us.
ReplyDeletethank you
Data privacy and security
Excellent information on your blog, thank you for taking the time to share with us. Amazing insight you have on this, it's nice to find a website that details so much information about different artists.
ReplyDeleteadroitssd
Good job in presenting the correct content with the clear explanation. The content looks real with valid information. Good Work
ReplyDeleterunkeeper
Washing Powder Pcakaging
ReplyDeleteWashing Powder Pcakaging bags
Detergent packaging pouch
Lyrics with music
I am happy to find this post Very useful for me, as it contains lot of information. thanks putlocker
ReplyDeleteThis is very informative blog, writing skill is very creative. Thanks for sharing this kinda articles.
ReplyDeleteDubai VPS Hosting
Thanks for such a great article here. I was searching for something like this for quite a long time and at last I’ve found it on your blog. Visit Germany VPS
ReplyDeleteAmazing Data control in this blog, Thanks for sharing your information!!!!!!!!
ReplyDeleteGermany VPS Server Hosting
Thanks for sharing your awesome information!!! I'm thankful to read your article posting.
ReplyDeleteGermany VPS Server Hosting
An interesting blog to read and digest the past history on Data Storage and retrieval methods. Certainly, the problems are multi-folds when it comes to accessing data and applications using the third-party cloud provider. An alternate technique followed by many businesses is cloud computing servers that can be built internally to the company systems and achieve the level of data control and transparency. Thanks for the Blog.
ReplyDeleteVisit here for Cloud Computing Services.
This information is really awesome thanks for sharing most valuable information.
ReplyDeleteWorkday Training Online
Workday Training
I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work...
ReplyDeleteWeb App Development Services UAE
That is really nice to hear. thank you for the update and good luck.
ReplyDeleteCustom Software Development UAE
Thanks for sharing us.
ReplyDeleteSoftware Development Company UAE
Excellent information on your blog, thank you for taking
ReplyDeleteDownload Fallout Shelter Mod Apk
This comment has been removed by the author.
ReplyDeleteGreat Article. Thank you for sharing! Really an awesome post for everyone. The content looks real with valid information on "Cloud Security Threat: Third-party data control". If anyone needs of server and hosting, then visit on USA VPS Hosting .
ReplyDeleteGreat Blog!!!! They have great explanations of the "Cloud Security Threat". With a virtual server, you can host and manage as many websites and domains as you’d like all within one account at no extra charge. Webserver hosting play important role in online business. If you have interested in the best USA VPS Hosting
ReplyDeleteyou can inquire us for more features and services.
production, explainer videos. Check us out.
ReplyDeleteDigi Tech Tricks
Fantastic website! You created an outstanding website! Keep up the fantastic work
ReplyDeleteMobile app development company in chennai
Mobile Application Development companies in chennai
Android development companies in chennai
Mobile app development company chennai
Great Article… I love to read your articles because your writing style is too good, it is very helpful for all of us and I never get bored while reading your article. Cheap VPS Hosting
ReplyDeleteEverything was mentioned in your essay. Thank you for the information; it's good and valuable.Singapore VPS Server
ReplyDeleteExcellent Blog! The "Cloud Security Threat" is well-explained there. With a virtual server, you are free to host and manage as many websites and domains as you like under one account. In online commerce, webserver hosting is crucial. if the best piques your curiosity.UK Dedicated Server
ReplyDeleteExcellent Article I enjoy reading your posts because of how well you write, how valuable they are to all of us, and how I never get bored doing it. sweden Dedicated Server
ReplyDeleteThis information is very helpful! I genuinely find this blog to be a great resource for knowledge. We appreciate you bringing this to our notice.
ReplyDeleteSingapore Dedicated Server