The Reality Of Government Intrusion Risks For Cloud Businesses

The Reality of Government Intrusion Risks for Cloud Businesses

The concerns around government intrusion in cloud stored data, especially to reveal user sensitive information are amongst the most discussed topics within the cloud community. Although the concerns are often exaggerated, there is some truth in these concerns and sooner or later a cloud service provider may receive request from government authorities to reveal information or processes that are considered private and sometimes regarded as secrets, both in personal and organizational capacities. A more serious issue is that of unwarranted snooping into data residing in cloud and several incidents of data breach from both government and private authorities are in fact unlawful.

After the passage of Patriot Act, security agencies have issued several thousand NSLs (National Security Letters) to companies such as Microsoft, Google and Amazon etc. to obtain information and private data of hundreds of users without their knowledge or consent. Some other laws, such the FISA (Foreign Intelligence Surveillance Act) applies directly to foreign nationals who have stored data in servers or cloud services residing in the U.S. and the law allows the Government to have unrestricted access to their data. The agencies have also deployed specialized infrastructure to eavesdrop on network traffic in order to obtain intelligence rendering most unprotected data vulnerable to leakage, even with the knowledge of service provider.

Hence data privacy breach from Government is a unique case of data protection which requires special measures to protect user privacy. After all, the adaptability of a cloud service by users will rely upon their confidence in the service provider for protecting their data to the same level as they would obtain for in-house storage. In fact, many users are reluctant to use cloud services because of the security breach concerns and the threat of losing control over the data. Additionally, some cautious administrators believe that if the government can spy on their data, so can criminals, making it crucial to add protection layers.  Hence, it is important to make any intercepted data useless for hackers and robust data monitoring and threat detection techniques are needed to be deployed as part of an effective security framework.

Primarily, all data should be encrypted before it leaves client premises and the encryption keys must be maintained in a separate server, ideally placed in-house. A similar technique is employed by Dropbox and Google Drive services which help them secure data against network intrusions. For those requiring extra security, a local service can be used on top of cloud service application that can encrypt and maintain keys locally using cryptographic algorithms such as AES and SHA. Some software already provides such functionality such as gKrypt and SafeMonk that can ensure users against intrusion from service providers or unwarranted government involvement. However new security architectures may be required that balances information security without compromising legitimate access by government to detect malicious information.

By Salam UI Haq

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.