Data Security is one of the topics in migrating to a cloud model but it doesn't do you much good if you hand over the actual ownership of the data to the cloud vendor.
Check the EULA and Terms of Service agreements. They all include language that says the vendor gets to change any part of the agreement at any time with out prior notification.
I don't have to sign such an agreement if my data is handled by my own IT department.
Sure those loopholes haven't been actually tested in court but what company wants to be the legal test case for who owns data stored in the cloud.
In troubled times user data becomes an asset to vendors looking to raise cash to cover expenses and stay in business.
Another common scenario is a vendor going out of business and the data gets purged before it can be backed up (where the data would be backed up is tricky because if a company went 100% cloud, they probably would not have the hardware to back their data up, so they would lose their data unless another cloud vendor agreed to take it.)
A few companies have offered to encrypt data stored on their servers. However, the data could still be sold or destroyed, or stolen.
Cloud computing security forecast: Clear skies
Summary
Worried about putting your data in the cloud? Find a service provider that offers encryption and access control and bask in the cost savings, say experts.
Topics
To critics, cloud computing can't be trusted because you aren't in control of the data outside your network.
But if that's the case, then how secure are the data and collocation centers that corporations contract with to host their data?
"It does come down to vetting the practices of the provider and making sure they meet the standards you want for your business," Phil Hochmuth, a senior analyst at Yankee Group, said Monday, the eve of Cloud Computing Innovation Day in Santa Clara, Calif.
Companies like Salesforce.com, Amazon.com, and Google have built businesses around serving up on-demand services to enterprises that would rather pay a service provider than buy hardware and hire staff to manage their databases. However, handing over the data is still a cause for concern among many corporations.
"What are they doing to the data? Is it persistently encrypted? Are there access controls in place? Do you get to monitor who they hire and who cleans the data centers at night?" said Phil Dunkelberger, chief executive of PGP Corp. in relaying the concerns on peoples' minds about cloud computing.
How secure is the data? "It's one of the first questions we get, especially from enterprises," said Adam Selipsky, vice president of product management and developer relations for Amazon Web Services.
Securing the data is key to a cloud service provider's business, Selipsky said. "We can afford to devote resources to it that, quite frankly, most of our customers can't," he added.
"Cloud computing can be as secure, if not more secure, than the traditional environment," said Eran Feigenbaum, director of security for Google Apps. "Most organizations really struggle, whether they want to admit it or not, securing their networks."
Feigenbaum points to data breaches that hit the headlines, such as the one that exposed credit card information held by payment processor Heartland recently.
Then there are the statistics that show that one-third of breaches result from stolen or lost laptops and other devices and from employees accidentally exposing data on the Internet, with nearly 16 percent due to insider theft.
"Cloud computing can fix some of these issues," Feigenbaum said.
Not only can Google apply patches more quickly than most enterprises to plug holes in software, but the Google Apps Premier edition offers the ability to protect data in transit by encrypting it in the pipe between Google and the user's desktop, as well as offer control over who can access the data, he said.
Cloud service providers are held to high standards, must offer evidence of security certifications, and are subject to inspections by auditors, placing them under much higher scrutiny than typical in-house security teams, according to Peter Coffee, director of platform research at Salesforce.com.
Most data theft results from someone authorized to access the data doing so improperly or handling the data carelessly, he said. With cloud-based services, when a user logs out, the browser cache can be set to flush automatically, leaving nothing on the desktop to be lost or stolen, and logs can show who did what to which data, he added.
"This is inherently safer than the typical client-server model of downloading data that remains on the end-user device, and is far more secure than distributing data as e-mail attachments whose subsequent use and transmittal are largely uncontrolled," Coffee wrote in an e-mail reply to questions.
The security concern with cloud computing is a cultural issue, said Rebecca Wettemann, a vice president at Nucleus Research.
"The question is would I rather be at a huge data center where a vendor is contractually required to keep my data secure or would I rather rely on my staff to do it properly?" Wettemann said. "You need to trust that your vendor will manage your data."
So far, there haven't been any significant security breaches with an on-demand services vendor, she said. And people are getting used to the idea of being able to access their data anytime and from anywhere because it is out on the Internet, she added.
There have also been precursors to cloud computing that people are familiar with, such as the evolution of answering machines to voice mail services, said Peter Evans, director of security strategy and technology integration at IBM Security Systems.
"It is as much an emotional thing as anything," Evans said. "When my data is on my server in my building, there is a good gut feeling about that. When it's out in the ether, how do I know it's protected?"
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. Just In
...when the datacenter storing your files goes out of business? And your data is LOST FOREVER!
It has already happened numerous times to photo storing/sharing sites. Someone please tell the folks who lost their photos just how smart cloud computing is.
It is only a matter of time before some large corporation loses all of its data stored in the cloud. I, and a lot of other IT types, will be waiting say "I told you so."
Cloud computing...a disaster just waiting to happen.
It has already happened numerous times to photo storing/sharing sites. Someone please tell the folks who lost their photos just how smart cloud computing is.
It is only a matter of time before some large corporation loses all of its data stored in the cloud. I, and a lot of other IT types, will be waiting say "I told you so."
Cloud computing...a disaster just waiting to happen.
There can't be clear skies. If there are clear skies, there's nothing for security vendors to sell, there's nothing for "experts" to give pithy 7-word quotes about. Nothing for reporters to mangle the 7-words or for editors to approve because it will drive readers without regard to whether it's true or even makes sense.
Are you kidding me? I wouldnt trust my information to any of these places ESPECIALLY when you consider they WILL send your information to the lowest charging eastern European nation. The solution to cloud computing is: dont do it.
And a true hacker can parasite a system for many years if not decades without even left a trace of their hack.
So, if a hacker was able to enter to a cloud, then most likely the sysadmin can't have a clue about it, truly it is hard (almost impossible) to track every transaction in a server.
So, if a hacker was able to enter to a cloud, then most likely the sysadmin can't have a clue about it, truly it is hard (almost impossible) to track every transaction in a server.
why is it never mentioned that most (all?) major co-location/managed hosting companies charge for bandwidth? So you pay the cost of offsite storage and then go over your bandwidth limit transfering that data back and forth everytime someone needs access to it. It doesn't even make sense as a reasonable backup solution once your storage needs grow over a terrabyte+ unless you have some way to transfer that data on a backend network (not likely)
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
