The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

No matter how many times a privileged straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy and they care just as much about privacy online as they do offline” (Danah Boyd)

cybersecurity_infographic

Security and Privacy are the two sticking points when it comes to moving business systems into the cloud. Out of the two, security is obviously the most important. After all, you can securely store data in a way that doesn’t ensure privacy, but you can’t maintain privacy if your supporting systems aren’t secured. Thankfully, there are a number of straightforward internationally agreed upon standards and best practices that companies can use to ensure that their servers are secured either in-house or in the cloud. Privacy however is a much newer field, and although everyone seems to have their own opinion about what constitutes adequate privacy protection, the law may have a different opinion than you and doing business in the cloud you may be dealing with conflicting privacy regulations that span multiple countries and industries.

As we’ve seen with recent controversies such as the NSA scandal, this is still a relatively new area of concern and the courts are struggling to catch up with new developments. Although we can’t offer any legal advice, we would like to present some good general tips that companies should consider when evaluating the privacy of their data in the cloud.

1. Limit the Data you Collect – It’s common sense that protecting a small amount of personally identifiable data should be easier than protecting a very large quantity, and you should also ensure that any personally identifiable information that you collect should be obtained in an open, transparent and lawful manner. As privacy regulations continue to change and evolve you should expect to see a growing trend where notification and consent will be required from consumers. And as consumers become more knowledgable about their rights you can expect to see an increase in the number of disclosure requests or lawsuits made by consumers. By minimizing the amount of the data you keep on file, you minimize both the risk and the cost associated with administrating the sensitive information.

2. Limit the Use of personally identifiable information. – This includes letting them know why you need this information and what will be done with this information once it’s been collected and once you’ve collected this information don’t share it with anyone or use it for purposes other than those agreed upon by you and the client.

3. Keep the Data Secure – Make sure that you have tight controls in place to prevent privacy breaches or data leaks. Once personally identifiable information goes into your possession, you have a responsibility to protect it against unauthorized use, theft, improper disclosure or deletion. Talk to your IT department and make sure that you have all of the proper mechanisms in place to protect yourself against hackers, viruses, data storage theft and other technology attacks. Even if this data is stolen and misused by a 3rd party without your permission, the victims and the courts will still hold your company responsible

4. Set Policies for Retention – Regarding the limit of use, many people will mistakenly assume that an alternative method will simply be to collect data, use it and then destroy it when they’re done. Although this approach is good in theory, many regulations stipulate that business documents and collected customer information must be retained on file for several years. If you store data for too long you increase your exposure, but if you deleted too soon, you can fall out of compliance and face stiff penalties. Judges are also very aware of the fact that digital data can be easily altered without leaving a trace. So your company should have controls in place to ensure the integrity of the data and demonstrate to a judge that it hasn’t been tampered with.

5. Set policies for destruction – When you delete a file and empty the Recycle Bin you only erase the label and address which points to the data, the actual data blocks that make up the file are still on your hardrive and can be retrieved using special software. In order to completely destroy a file you must 1st delete it and then write over those data block with random bits. Let’s suppose that you are hosting a virtual server with a cloud provider. If that the cloud provider moves your virtual server to another physical device, the actual moving leaves out residual data blocks at the original location. If this section will be assigned to another client, they could potentially discover your data. How can you been absolutely sure that this data has really been destroyed?

So how do you make sure that you are protected in the cloud?

Cloud Providers are frequently audited by governments, stakeholders or larger customers in order to ensure that the proper security procedures are being strictly followed. For small businesses with limited IT resources the cloud is a good option because these service providers have much stricter security measures in place. But you shouldn’t rely on this alone. There are also mechanical precautions you can take in order to make sure your cloud data is destroyed. By encrypting your data blocks using strong encryption standards, such as 256 bit AES, you can store your data on a cloud provider servers without exposing it.

By Roland Conner

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…