With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies.
But what of security and privacy? Where do they factor into the equation, if at all?
In some cases, the answers to those questions will depend on which definition of cloud you’re using. I’m not going to get into those sectarian debates here. I’ll leave that to deep thinkers like Chris Hoff. But if you’re talking about offloading some of your data and computing to an outside provider, these are questions that need to be addressed.
A lot of ink has been spilled regarding the relative security of the cloud in the last year or so, with some advocates maintaining that cloud computing is by definition more secure, and others arguing the opposite. But the key is that it’s being addressed. Privacy, by and large, is not.
A study produced this week by the World Privacy Forum takes a hard look at the privacy implications of cloud computing and comes back with a mixed set of conclusions. It investigates the privacy issues related to businesses sharing information with cloud providers, how that plays into compliance with regulations such as HIPAA and PCI and how things change when the government gets involved.
One fairly troubling conclusion:
“The report finds that information stored by a business or an individual with a third party may have fewer or weaker privacy or other protections than information in the possession of the creator of the information. The report, in its analysis and discussion of relevant laws, finds that both government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. A cloud provider’s terms of service, privacy policy, and location may significantly affect a user’s privacy and confidentiality interests.”
That reads a lot like a short list of reasons that general counsels, CSOs and other professional paranoids might cite for not using cloud services. Valid concerns, for sure. Have no fear that these issues will be addressed in the near future, as providers seek to assuage customer concerns and customers look to reassure regulators, senior management and their own customers that all is well.
How and how well it’s addressed are the real questions.