The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

No matter how many times a privileged straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy and they care just as much about privacy online as they do offline” (Danah Boyd)

cybersecurity_infographic

Security and Privacy are the two sticking points when it comes to moving business systems into the cloud. Out of the two, security is obviously the most important. After all, you can securely store data in a way that doesn’t ensure privacy, but you can’t maintain privacy if your supporting systems aren’t secured. Thankfully, there are a number of straightforward internationally agreed upon standards and best practices that companies can use to ensure that their servers are secured either in-house or in the cloud. Privacy however is a much newer field, and although everyone seems to have their own opinion about what constitutes adequate privacy protection, the law may have a different opinion than you and doing business in the cloud you may be dealing with conflicting privacy regulations that span multiple countries and industries.

As we’ve seen with recent controversies such as the NSA scandal, this is still a relatively new area of concern and the courts are struggling to catch up with new developments. Although we can’t offer any legal advice, we would like to present some good general tips that companies should consider when evaluating the privacy of their data in the cloud.

1. Limit the Data you Collect – It’s common sense that protecting a small amount of personally identifiable data should be easier than protecting a very large quantity, and you should also ensure that any personally identifiable information that you collect should be obtained in an open, transparent and lawful manner. As privacy regulations continue to change and evolve you should expect to see a growing trend where notification and consent will be required from consumers. And as consumers become more knowledgable about their rights you can expect to see an increase in the number of disclosure requests or lawsuits made by consumers. By minimizing the amount of the data you keep on file, you minimize both the risk and the cost associated with administrating the sensitive information.

2. Limit the Use of personally identifiable information. – This includes letting them know why you need this information and what will be done with this information once it’s been collected and once you’ve collected this information don’t share it with anyone or use it for purposes other than those agreed upon by you and the client.

3. Keep the Data Secure – Make sure that you have tight controls in place to prevent privacy breaches or data leaks. Once personally identifiable information goes into your possession, you have a responsibility to protect it against unauthorized use, theft, improper disclosure or deletion. Talk to your IT department and make sure that you have all of the proper mechanisms in place to protect yourself against hackers, viruses, data storage theft and other technology attacks. Even if this data is stolen and misused by a 3rd party without your permission, the victims and the courts will still hold your company responsible

4. Set Policies for Retention – Regarding the limit of use, many people will mistakenly assume that an alternative method will simply be to collect data, use it and then destroy it when they’re done. Although this approach is good in theory, many regulations stipulate that business documents and collected customer information must be retained on file for several years. If you store data for too long you increase your exposure, but if you deleted too soon, you can fall out of compliance and face stiff penalties. Judges are also very aware of the fact that digital data can be easily altered without leaving a trace. So your company should have controls in place to ensure the integrity of the data and demonstrate to a judge that it hasn’t been tampered with.

5. Set policies for destruction – When you delete a file and empty the Recycle Bin you only erase the label and address which points to the data, the actual data blocks that make up the file are still on your hardrive and can be retrieved using special software. In order to completely destroy a file you must 1st delete it and then write over those data block with random bits. Let’s suppose that you are hosting a virtual server with a cloud provider. If that the cloud provider moves your virtual server to another physical device, the actual moving leaves out residual data blocks at the original location. If this section will be assigned to another client, they could potentially discover your data. How can you been absolutely sure that this data has really been destroyed?

So how do you make sure that you are protected in the cloud?

Cloud Providers are frequently audited by governments, stakeholders or larger customers in order to ensure that the proper security procedures are being strictly followed. For small businesses with limited IT resources the cloud is a good option because these service providers have much stricter security measures in place. But you shouldn’t rely on this alone. There are also mechanical precautions you can take in order to make sure your cloud data is destroyed. By encrypting your data blocks using strong encryption standards, such as 256 bit AES, you can store your data on a cloud provider servers without exposing it.

By Roland Conner

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
The Lighter Side Of The Cloud – Data Merge

The Lighter Side Of The Cloud – Data Merge

By Christian Mirra Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

The Rise Of Threat Intelligence Sharing

The Rise Of Threat Intelligence Sharing

Threat Intelligence Sharing  Security has been discussed often on CloudTweaks and for good reason. It is one of the most sought after topics of information in the technology industry.  It is virtually impossible to wake up and not read a headline that involves the words “Breached, Hacked, Compromised or Extorted (Ransomware)“. Included (below) is an…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Higher Education Institutions Increasing Cloud Use In Next 5 Years

Higher Education Institutions Increasing Cloud Use In Next 5 Years

Cloud Computing Advancing Edtech In a new research study by ResearchMoz it’s predicted that the global cloud computing market in higher education will grow steadily at a CAGR of 24.57% over the period 2016 to 2020. Making use of computing resources connected by either public or private networks provides the benefits of scalable infrastructure, greater…

Big Data and AI Hold Greatest Promise For Healthcare Technologies

Big Data and AI Hold Greatest Promise For Healthcare Technologies

Digital Healthcare Executives and Investors Addressed Opportunities and Challenges Facing the Industry New York City – September 21, 2016 – According to a survey of 122 founders, executives and investors in health-tech companies released today by Silicon Valley Bank, big data and artificial intelligence will have the greatest impact on the industry in the year ahead. Healthcare…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

HOW THE CFAA RULING AFFECTS INDIVIDUALS AND PASSWORD-SHARING

HOW THE CFAA RULING AFFECTS INDIVIDUALS AND PASSWORD-SHARING

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Cloud Infographic: The Explosive Growth Of The Cloud

Cloud Infographic: The Explosive Growth Of The Cloud

The Explosive Growth Of The Cloud We’ve been covering cloud computing extensively over the past number of years on CloudTweaks and have truly enjoyed watching the adoption and growth of it. Many novices are still trying to wrap their mind around what the cloud it is and what it does, while others such as thought…

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…

The Business of Security: Avoiding Risks

The Business of Security: Avoiding Risks

The Business of Security Security is one of those IT concerns that aren’t problematic until disaster strikes. It might be tomorrow, it could be next week or next year. The fact is that poor security leaves businesses wide open for data loss and theft. News outlets just skim the surface, but hackers cost business up…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…

Who’s Who In The Booming World Of Data Science

Who’s Who In The Booming World Of Data Science

The World of Data Science The nature of work and business in today’s super-connected world means that every second of every day, the world produces an astonishing amount of data. Consider some of these statistics; every minute, Facebook users share nearly 2.5 million pieces of content, YouTube users upload over 72 hours of content, Apple…