Cloud computing has generated a great deal of interest in the last few
years, although its technology has been present in one form or another
since the end of the 1990s.
Cloud computing has generated a great deal of interest in the last few years, although its technology has been present in one form or another since the end of the 1990s. In a nutshell, cloud computing is a utility just like electricity or gas that provides usage of both hardware and software to consumers through the Internet. The term “cloud computing” is associated with the image of a cloud that is often used in network diagrams.
Individuals, companies and organizations are increasingly embracing this type of service, be it web-based e-mail, online backups or huge data centres. Basically, the concept of the cloud is bound up with the fact that the provider manages the IT service for end users who do not need to concern themselves with the ins and outs of hardware and software of processes.
Thus although cloud services have been around for some time, their recent proliferation inevitably gives rise to a number of security and privacy questions. After all, all user data is being entrusted to a third-party provider without the users’ ability to control the IT environment that houses their data.
Security and Privacy Issues
In considering the move to the cloud, potential users hope to achieve some cost savings. However, in their drive to reduce IT costs, they may not pay enough attention to security and privacy issues. These concerns should be explored before entering into a contract with a cloud provider. They include the following: data ownership, customer details, data access, data location, data separation, access to and ownership of backups, disaster recovery, regulatory compliance, and cloud viability.
These issues carry more weight with companies and organizations rather than individuals.
Although the hardware and software can be owned by the cloud provider, the end user data is not. The potential customer should ensure that any contract entered into with the provider states clearly that the data is the property of the customer, who can remove the data if and when necessary.
As with any company providing a service, cloud providers monitor their customer details for internal purposes such as invoicing and marketing. It should be made clear that this information will not be sold or shared.
When the data is stored internally on the customer’s premises, measures would normally be put into place to ensure that only authorized personnel have access to the data. With a cloud provider the customer has no such control at his/her disposal. Ideally, the cloud provider should not have access to the customer data without asking for permission from the customer first. It should also be ascertained that only authorized personnel will have access to that data on the provider’s premises.
The flexibility of the cloud’s technology makes it possible for the providers to store user data in any geographical location in the world. From a legal point of view, this means that the data is under jurisdiction of the country in which it resides and, therefore, is subject to its laws. As it is the user’s responsibility to protect the privacy of data, cloud users should be aware of these potential legal pitfalls and take steps to check on the details of both location and legal status with the provider.
By and large, user data will be physically stored on servers along with data belonging to other customers unless they rent their own dedicated servers. In such cases, end users should ensure that their data is separated from other data.
Access to and Ownership of Backups
Cloud services are not infallible. They may experience outages at some point or be on the verge of going out of business. Potential customers should consider these scenarios before entering into an agreement with the service provider. As with data ownership, it should be stated clearly that the customer will own the backups and have access to them at any time.
Cloud technology is not as transparent as in-house computing where the customer has total control of the disaster and recovery planning for possible system failures. It would be prudent to verify with the cloud provider what systems are in place to avoid disasters that may result in data loss. It should also be clarified whether the provider would cover any losses arising from interruptions to cloud services.
Because of the rapidly growing popularity of cloud services, their practices have not yet caught up with regulatory requirements. As well, due to the geographical spread of cloud computing, the legal framework is far from being clear cut. Legal issues that have yet to be clarified include responsibility for data privacy, data management and possible violation of a regulation. Who is legally responsible for regulatory compliance: the customer or the cloud provider?
Cloud users should make sure that their service agreements set out clearly the terms for regulatory compliance.
Advances in cloud technology have contributed to the increasing number of cloud services. This may be a welcome development, as a larger playing field would allow potential customers can shop around for the best trading price. On the other hand, it may be more difficult to assess these relatively new entrants into the market. It is impossible to predict whether the cloud provider will be around for a long time or go out of business, or if another company will take over at some point in the future. Any contract entered into with the provider should account for an exit strategy and set out a time frame for the customers to transfer all the data to their own premises before the closure of cloud business.
Cloud computing can be beneficial for individuals, companies and organizations. For example, they may reduce the cost of maintaining in-house systems. However, potential customers should also consider the risks that come with using this type of service. Despite the expense of an inhouse system, the convenience of having your data located in your office in many cases far outweighs the risk of working with a cloud services provider. In approaching cloud offerings, proceed with caution and assess the benefits as well as the risks.
Dr. Stephane Laverdiere is a 1995 graduate of the National University of Health Sciences in Lombard, Illinois. He is president and co-founder of Atlas Chiropractic Systems, a paperless office solution. He is also founder of the Internet video marketing company, ChiroVMail. He can be contacted at 877-602-8527 or firstname.lastname@example.org. Please visit www.atlaschirosys.com and www.chiroVMail.com for more information on digital solutions for your practice.
Print this page