With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies.
But what of security and privacy? Where do they factor into the equation, if at all?
In some cases, the answers to those questions will depend on which definition of cloud you’re using. I’m not going to get into those sectarian debates here. I’ll leave that to deep thinkers like Chris Hoff. But if you’re talking about offloading some of your data and computing to an outside provider, these are questions that need to be addressed.
A lot of ink has been spilled regarding the relative security of the cloud in the last year or so, with some advocates maintaining that cloud computing is by definition more secure, and others arguing the opposite. But the key is that it’s being addressed. Privacy, by and large, is not.
A study produced this week by the World Privacy Forum takes a hard look at the privacy implications of cloud computing and comes back with a mixed set of conclusions. It investigates the privacy issues related to businesses sharing information with cloud providers, how that plays into compliance with regulations such as HIPAA and PCI and how things change when the government gets involved.
One fairly troubling conclusion:
That reads a lot like a short list of reasons that general counsels, CSOs and other professional paranoids might cite for not using cloud services. Valid concerns, for sure. Have no fear that these issues will be addressed in the near future, as providers seek to assuage customer concerns and customers look to reassure regulators, senior management and their own customers that all is well.
How and how well it’s addressed are the real questions.