The issue of cloud computing has been getting huge coverage in recent years for a number of reasons – like the new cookie rules, the word ‘cloud’ offers journalists the opportunity to come up with easy punning headings about “storm clouds” or “cloudy outlook”.
So what is cloud computing? cloud computing is basically an outsourcing project. Instead of storing your data or your software on your network, you pay a company to store them for you. Instead of maintaining a technical infrastructure in order to manipulate, calculate or whatever else you do with your information, you log in through the Internet and do it on the cloud provider’s systems instead. There is no single cloud model, and so underneath the umbrella, you might go for a wholesale transfer of services, put one part of your organization onto the cloud, choose one cloud service (i.e. email, like the pilot being carried out by Warwickshire Council), or even just but a cloud back-up.
Earlier, our data use to protected by encryption techniques and difficult passwords but hackers still managed to find a way to get past these safety measures and access confidential business information. With the rapid development of technology over time, this challenge is now being met through cloud computing solutions.
Cloud computing has a number of other benefits too like online storage and users have the ability to increase or decrease space according to their requirements. Data security in such situations includes a number of aspects such as:
Cloud computing services like have been adopting a number of encryption techniques to ensure data is secure and hackers cannot gain access to it for personal gain and that only authorized users have access to it. Data may be encrypted from a web browser too so that it can’t be read or modified in any way along the way. Once the cloud provider receives a file, it is then decrypted and stored. If you would like for the files to be stored in encrypted form, you will need to encrypt them before they are sent for storage to the cloud.
Data security also includes storage maintenance tasks like proper data backup, replication and recovery. Reliability is a very important aspect of cloud computing and users need to be sure their data is being stored safely in the cloud. Data replication can be performed by mechanisms like RAID or file systems. Some other methods of recovery include write cloning, regular integrity checking and automatic repair, etc.
Cloud computing services evaluate resources and use them as effectively as possible. There are 3 types of cloud computing to choose from, public, private or hybrid. The underlying feature of all of these services is that they need to be available to users and should effectively optimize resources according to the model being paid for. Depending on the model chosen by the user, the company should ensure the cloud has advanced application protection, automated data lifecycle management and built in data reduction to improve data security.
Perhaps the most important concept in Data Protection is fairness. Although cloud computing is seen entirely as a matter of technology and infrastructure, its introduction nevertheless represents a massive change in how data is used and accessed. Instead of being held by your castle walls (however robust they might be), the data will instead be airborne (albeit protected by encryption wizardry). So can your cloud project go ahead without telling the public? Will your use of their data be fair? And will they go nuts if you tell them? (Yes)
It would be unfair to raise the spectra of an internet-based computer service suddenly becoming unavailable when many in-house networks already suffer ‘outages’ without any help from outside. Nevertheless, many of the major cloud providers have suffered such embarrassments and no cloud provider can guarantee their system is glitch free. It’s not inconceivable that a change to the cloud may introduce a more stable network, but this will depend on the quality of your Internet connections as much as it will on the quality of your provider.
Principle 7 says that appropriate organizational and technical measures must be taken to prevent accidental loss or damage to data, and against theft and unauthorized access. Recent history shows a parade of clodhopping security blunders, some of which are linked closely to a more flexible approach to IT. As well as the inherent loss of control involved in a cloud contract, two other issues need to be considered. Even though it is entirely possible for a cloud provider to offer state-of-the-art technical measures, that will not take care of the new security implications of a flexible, cloud-based way of working. The stories of lost pen-drives and laptops have not dried up even before the widespread adoption of cloud services. The other problem, of course, is that no matter how well funded and established your cloud provider is, your organization is entirely responsible for any problems that occur – you cannot outsource your legal responsibilities.
In fact, for all the fuss made about cloud computing, in one vital way it isn’t any different to any outsourcing contract. What matters is the contract and the demands that you make of the contractor. The crucial thing is that your organization is responsible for getting the right answers to the vital questions. The problem is that getting those answers is going to be considerably harder that it might be for a normal IT contract.
- Where is your data going to be stored, and who will get access to it?
- What are the security arrangements in terms of firewalls, virus protection, software updates and so on?
- What guarantees do you have for business continuity and back-ups?
- Will your cloud provider compensate you when things go wrong? Will they pay any fines you receive under the Data Protection Act for a breach of Principle 7?
There is no denying the fact that cloud computing is a big plus and reduces the burden of a user in terms of data storage and security. It’s great since many business owners aren’t really experts when it comes to data security and don’t have as much experience when it comes to maintaining the integrity of their data.
The cloud is clearly the future. Virtually every IT company is betting on it, and the choice to use it is probably ‘when’, rather than ‘if’. What you need to do is decide how you can ensure that you are legally compliant, especially if the storm clouds gather!