Newsletter Subscribe

Bringing you thought leadership, news, infographics, resources and our own brand of comics each week to your inbox...

The Reality Of Government Intrusion Risks For Cloud Businesses

The Reality of Government Intrusion Risks for Cloud Businesses

The concerns around government intrusion in cloud stored data, especially to reveal user sensitive information are amongst the most discussed topics within the cloud community. Although the concerns are often exaggerated, there is some truth in these concerns and sooner or later a cloud service provider may receive request from government authorities to reveal information or processes that are considered private and sometimes regarded as secrets, both in personal and organizational capacities. A more serious issue is that of unwarranted snooping into data residing in cloud and several incidents of data breach from both government and private authorities are in fact unlawful.

After the passage of Patriot Act, security agencies have issued several thousand NSLs (National Security Letters) to companies such as Microsoft, Google and Amazon etc. to obtain information and private data of hundreds of users without their knowledge or consent. Some other laws, such the FISA (Foreign Intelligence Surveillance Act) applies directly to foreign nationals who have stored data in servers or cloud services residing in the U.S. and the law allows the Government to have unrestricted access to their data. The agencies have also deployed specialized infrastructure to eavesdrop on network traffic in order to obtain intelligence rendering most unprotected data vulnerable to leakage, even with the knowledge of service provider.

Hence data privacy breach from Government is a unique case of data protection which requires special measures to protect user privacy. After all, the adaptability of a cloud service by users will rely upon their confidence in the service provider for protecting their data to the same level as they would obtain for in-house storage. In fact, many users are reluctant to use cloud services because of the security breach concerns and the threat of losing control over the data. Additionally, some cautious administrators believe that if the government can spy on their data, so can criminals, making it crucial to add protection layers.  Hence, it is important to make any intercepted data useless for hackers and robust data monitoring and threat detection techniques are needed to be deployed as part of an effective security framework.

Primarily, all data should be encrypted before it leaves client premises and the encryption keys must be maintained in a separate server, ideally placed in-house. A similar technique is employed by Dropbox and Google Drive services which help them secure data against network intrusions. For those requiring extra security, a local service can be used on top of cloud service application that can encrypt and maintain keys locally using cryptographic algorithms such as AES and SHA. Some software already provides such functionality such as gKrypt and SafeMonk that can ensure users against intrusion from service providers or unwarranted government involvement. However new security architectures may be required that balances information security without compromising legitimate access by government to detect malicious information.

By Salam UI Haq

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

Philips spotlights connected technology, predictive analytics software, and artificial intelligence advancing population health and precision medicine at HIMSS 2017 AMSTERDAM, Feb. 17, 2017 /PRNewswire/ -- Featuring new and enhanced connected health offerings at the 2017 HIMSS Conference & Exhibition (HIMSS17), Royal Philips (NYSE: PHG,AEX: PHIA), a global leader in health technology, will showcase a broad range of population health management, ...
Read More
Cupertino, California — Apple today announced its 28th annual Worldwide Developers Conference (WWDC) — hosting the world’s most talented developer community — will be held at the McEnery Convention Center in San Jose. The conference, kicking off June 5, will inspire developers from all walks of life to turn their passions into the next great innovations and apps that customers ...
Read More
When Cisco Systems Inc. reports earnings Wednesday, the big question will be if the networking giant’s repeated gambles on software can reverse a yearlong sales slide, or at least point to a reversal of that trend in the future. Cisco CSCO, +1.06%  is scheduled to report fiscal second-quarter earnings less than a month after announcing its latest multibillion-dollar software acquisition, ...
Read More
Offering Integrated and Automated Solutions, Expansive Partner Ecosystem, Advanced Architecture with Cross-Industry Collaboration SAN FRANCISCO, Feb. 14, 2017 – Today Intel Security outlined a new, unifying approach for the cybersecurity industry that strives to eliminate fragmentation through updated integrated solutions, new cross-industry partnerships and product integrations within the Intel Security Innovation Alliance and Cyber Threat Alliance (CTA). “Transforming isolated technologies ...
Read More
IoT Enablement, Analytics Offer Strong Monetisation Opportunities HAMPSHIRE, UNITED KINGDOM--(Marketwired - February 13, 2017) - A new study from Juniper Research has calculated that mobile network operators can realise an additional $85 billion in revenues over the next five years through the deployment and enhancement of non-core services including Big Data analytics and IoT (Internet of Things) enablement. Operators "Can ...
Read More