Cloudy Concept
Those already familiar with cloud computing know that conceptually it simply refers to users running applications or storing data on remote servers throughout the Internet. This means that the end user can access these services over the Internet without having any understanding of (or control over) the underlying infrastructure. Unfortunately, the cloud metaphor also suggests the way that these systems can cloud, or obscure, the actual architecture of the system. After all, how many people use Google Docs, Paypal, Hotmail, or Facebook every day without having any idea what is happening beyond their own computer screen? But should you be paying more attention?

What You Don't Know Might Hurt You
The truth is that there are many security and privacy risks inherent within a cloud computing infrastructure. When you use one of these services, your data is stored on someone else's server rather than on your own computer; therefore, you automatically give up much of your control over this data.

According to a recent study of Internet users in America, 69% use cloud computing services. For these, the most popular applications are also those that could potentially contain the most sensitive information: web-based email, personal photo storage, and online versions of desktop applications such as Google Docs or Photoshop Express. One less popular but growing service allows users to store all of their computer files online, for remote access.

The study also indicates that these users do have concerns about their privacy. For example, 68% are concerned about having their data analyzed for the purpose of providing targeted advertising, which is, of course, a major function of Gmail, one of the most popular webmail services. Likewise, 49% would not want cloud computing services to be able to pass on any personal information to law enforcement agencies, which actually do have the ability to seize some of this data under the Stored Communications Act.

The bottom line is that if you choose to use a cloud computing service, you automatically take on risks in regard to the security and privacy of your data that you would not be undertaking if this data were simply stored on your personal hard drive. However, the convenience of remote access, the ease of sharing information, and the possibility of capacity on demand are great reasons to deal with some risk. Therefore, the best defence may be a simple understanding of what problems you might encounter and how to mitigate them.

More Risks Hidden in the Cloud
When users store information on programs hosted on someone else's hardware, the responsibility for protecting that information from security breaches becomes that of the hosting company rather than of the individual user. This leads to the risks mentioned above (government subpoenas bypassing the data's owners, information shared with marketing firms) as well simply poor security measures that lead to unintentional breaches (whether internal or from hackers).

So what happens if there is a security breach? Unfortunately, cloud computing systems are especially hard to investigate for illegal activity since there are so many potential users across an ever-changing set of data centers and hosts. These providers are not subjected to the same audits and security certifications as traditional service providers; based on the assumption that their users are storing more trivial information than they would if they had control. In many cases, however, is a false assumption.

This lack of control also means that, unless you implement your own backup system for whatever data you put into the cloud, you are trusting someone else’s method of disaster recovery. Many users who rely on cloud computing systems as their means of backing up critical information probably do not have an alternative backup system.

Additionally, your expectations of privacy may not be warranted, at least in a legal sense. Last year, a Court of Appeals distinguished between emails stored online in a cloud system and emails stored on a hard drive, finding that user knowledge of the fact that their data may be accessed (that Gmail, for example, provides targeted ads) may negate any reasonable expectation of privacy.

Clearing the Air: Keep Yourself Informed
Like any situation in which you do not have complete control over your personal data, the important thing is to have as much information as possible. For example, who has access to that data? If your concern is with targeted ads, is an automated computer system simply searching for keywords or is there an actual person reading your email or documents? Who at the cloud computing provider has access? Can every programmer see your data or are there high levels of privileged user access?

What about other customers? Is there any way that they could stumble upon your data? What kind of encryption does the system use? Is there some other failsafe for data segregation?

Where is your data located? Is the server even in this country? The physical location of your data could make a difference in terms of legal jurisdiction and privacy laws.

What happens if something goes wrong? If there is a security breach, does the provider have means of finding the culprit? Of fixing the problem? What if your data is lost? Will they be able to restore your data completely? What sort of back-up systems are in place? What happens to your data if the company goes out of business?

These are all important pieces of information to have if you are storing critical information in a cloud computing system. However, keep in mind that most good providers will have good answers. Because of the potential vulnerabilities, there is often an increased focus on security resources, and security generally tends to be a higher priority in any system where there is a centralization of data. So you may not want to write off the cloud just yet—simply keep a clear head about it.

Call Infocrossing Now
For more information, please contact Infocrossing at 866.779.4369.