The Reality Of Government Intrusion Risks For Cloud Businesses

The Reality of Government Intrusion Risks for Cloud Businesses

The concerns around government intrusion in cloud stored data, especially to reveal user sensitive information are amongst the most discussed topics within the cloud community. Although the concerns are often exaggerated, there is some truth in these concerns and sooner or later a cloud service provider may receive request from government authorities to reveal information or processes that are considered private and sometimes regarded as secrets, both in personal and organizational capacities. A more serious issue is that of unwarranted snooping into data residing in cloud and several incidents of data breach from both government and private authorities are in fact unlawful.

After the passage of Patriot Act, security agencies have issued several thousand NSLs (National Security Letters) to companies such as Microsoft, Google and Amazon etc. to obtain information and private data of hundreds of users without their knowledge or consent. Some other laws, such the FISA (Foreign Intelligence Surveillance Act) applies directly to foreign nationals who have stored data in servers or cloud services residing in the U.S. and the law allows the Government to have unrestricted access to their data. The agencies have also deployed specialized infrastructure to eavesdrop on network traffic in order to obtain intelligence rendering most unprotected data vulnerable to leakage, even with the knowledge of service provider.

Hence data privacy breach from Government is a unique case of data protection which requires special measures to protect user privacy. After all, the adaptability of a cloud service by users will rely upon their confidence in the service provider for protecting their data to the same level as they would obtain for in-house storage. In fact, many users are reluctant to use cloud services because of the security breach concerns and the threat of losing control over the data. Additionally, some cautious administrators believe that if the government can spy on their data, so can criminals, making it crucial to add protection layers.  Hence, it is important to make any intercepted data useless for hackers and robust data monitoring and threat detection techniques are needed to be deployed as part of an effective security framework.

Primarily, all data should be encrypted before it leaves client premises and the encryption keys must be maintained in a separate server, ideally placed in-house. A similar technique is employed by Dropbox and Google Drive services which help them secure data against network intrusions. For those requiring extra security, a local service can be used on top of cloud service application that can encrypt and maintain keys locally using cryptographic algorithms such as AES and SHA. Some software already provides such functionality such as gKrypt and SafeMonk that can ensure users against intrusion from service providers or unwarranted government involvement. However new security architectures may be required that balances information security without compromising legitimate access by government to detect malicious information.

By Salam UI Haq

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…