The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

No matter how many times a privileged straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy and they care just as much about privacy online as they do offline” (Danah Boyd)

cybersecurity_infographic

Security and Privacy are the two sticking points when it comes to moving business systems into the cloud. Out of the two, security is obviously the most important. After all, you can securely store data in a way that doesn’t ensure privacy, but you can’t maintain privacy if your supporting systems aren’t secured. Thankfully, there are a number of straightforward internationally agreed upon standards and best practices that companies can use to ensure that their servers are secured either in-house or in the cloud. Privacy however is a much newer field, and although everyone seems to have their own opinion about what constitutes adequate privacy protection, the law may have a different opinion than you and doing business in the cloud you may be dealing with conflicting privacy regulations that span multiple countries and industries.

As we’ve seen with recent controversies such as the NSA scandal, this is still a relatively new area of concern and the courts are struggling to catch up with new developments. Although we can’t offer any legal advice, we would like to present some good general tips that companies should consider when evaluating the privacy of their data in the cloud.

1. Limit the Data you Collect – It’s common sense that protecting a small amount of personally identifiable data should be easier than protecting a very large quantity, and you should also ensure that any personally identifiable information that you collect should be obtained in an open, transparent and lawful manner. As privacy regulations continue to change and evolve you should expect to see a growing trend where notification and consent will be required from consumers. And as consumers become more knowledgable about their rights you can expect to see an increase in the number of disclosure requests or lawsuits made by consumers. By minimizing the amount of the data you keep on file, you minimize both the risk and the cost associated with administrating the sensitive information.

2. Limit the Use of personally identifiable information. – This includes letting them know why you need this information and what will be done with this information once it’s been collected and once you’ve collected this information don’t share it with anyone or use it for purposes other than those agreed upon by you and the client.

3. Keep the Data Secure – Make sure that you have tight controls in place to prevent privacy breaches or data leaks. Once personally identifiable information goes into your possession, you have a responsibility to protect it against unauthorized use, theft, improper disclosure or deletion. Talk to your IT department and make sure that you have all of the proper mechanisms in place to protect yourself against hackers, viruses, data storage theft and other technology attacks. Even if this data is stolen and misused by a 3rd party without your permission, the victims and the courts will still hold your company responsible

4. Set Policies for Retention – Regarding the limit of use, many people will mistakenly assume that an alternative method will simply be to collect data, use it and then destroy it when they’re done. Although this approach is good in theory, many regulations stipulate that business documents and collected customer information must be retained on file for several years. If you store data for too long you increase your exposure, but if you deleted too soon, you can fall out of compliance and face stiff penalties. Judges are also very aware of the fact that digital data can be easily altered without leaving a trace. So your company should have controls in place to ensure the integrity of the data and demonstrate to a judge that it hasn’t been tampered with.

5. Set policies for destruction – When you delete a file and empty the Recycle Bin you only erase the label and address which points to the data, the actual data blocks that make up the file are still on your hardrive and can be retrieved using special software. In order to completely destroy a file you must 1st delete it and then write over those data block with random bits. Let’s suppose that you are hosting a virtual server with a cloud provider. If that the cloud provider moves your virtual server to another physical device, the actual moving leaves out residual data blocks at the original location. If this section will be assigned to another client, they could potentially discover your data. How can you been absolutely sure that this data has really been destroyed?

So how do you make sure that you are protected in the cloud?

Cloud Providers are frequently audited by governments, stakeholders or larger customers in order to ensure that the proper security procedures are being strictly followed. For small businesses with limited IT resources the cloud is a good option because these service providers have much stricter security measures in place. But you shouldn’t rely on this alone. There are also mechanical precautions you can take in order to make sure your cloud data is destroyed. By encrypting your data blocks using strong encryption standards, such as 256 bit AES, you can store your data on a cloud provider servers without exposing it.

By Roland Conner

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Cloud Computing: On The Fringe or Mainstream?

Cloud Computing: On The Fringe or Mainstream?

Cloud Computing Revenue Numbers Imagine that your viewpoint is shared by 5% of people. You’d be in a fringe political party, perhaps, or share a fondness for some obscure sport or hobby. Or you’d be a proponent of Cloud Computing. Because the reality is that after many years of technical development, entrepreneurial freneticism, and big-company marketing,…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

The Evolution Of The Connected Cloud

The Evolution Of The Connected Cloud

The Connected Cloud Cloud computing is interesting first, but not only, because of the prevalence of cloud projects. There are many of them launched every day. Some have lofty expectations for business benefits (cost saving of 20 percent or more) and others carry even more intriguing goals. In 2005 “the cloud” was new. Shared computing…

The Open Performance Grid: Utopia Comes To Tech

The Open Performance Grid: Utopia Comes To Tech

The Open Performance Grid “For what greater wealth can there be than cheerfulness, peace of mind, and freedom from anxiety?” So wrote the English author and philosopher Sir Thomas More in his novel, Utopia, almost 500 years ago. More’s utopian dreams continue to thrive in one guise or another to the present day; in the…

Who’s Ready For The Cloud, And Can Deliver!

Who’s Ready For The Cloud, And Can Deliver!

Cloud Ready In my article last month, I discussed how the managed service provider (MSP) industry has been continuously urged to embrace the cloud, but in the end, could they? I answered the questions by describing several impediments and challenges that I believe are preventing MSPs from generating significant revenue and successfully fulfilling their client’s…

Hot Emerging Trends – The Pizza Delivery Drone

Hot Emerging Trends – The Pizza Delivery Drone

The Pizza Delivery Drone Recently, drone delivery systems have been discussed as future state plans for many vendors. I personally think the traceable IoT-based pizza delivery drone is the next big thing. If you think about it, your pizza makes it to your house much faster. Since the drone carries both a temperature and a…

Personal Space And The Internet of Things (IoT)

Personal Space And The Internet of Things (IoT)

The Internet of Things (IoT) There is a long time concept of the personal area network or PAN. For all intent and purposes this is the maximum distance a Bluetooth device can move away from the host and still be functional. As I read the many wonderful pieces on the explosion of IoT and wearable…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor