There are many posts in the blogosphere and media about the security and privacy issues associated with Cloud Computing. A big chunk of them are plain fear mongering by companies whose business interests are threatened by the proliferation of cloud based computing or by those people who are in love with such companies. I have debunked many such myths in the past. However, there are some legitimate security and privacy concerns associated with Cloud Computing and we, here at Cloud Ave, talk about it from time to time.
In fact, privacy laws vary from country to country with Europe having some of the strictest laws in the world. Every Cloud provider has to worry about such laws because the Cloud era has opened the marketplace beyond the boundaries. This becomes all the more important for multinational companies with established presence in many of these countries. Kristen J. Mathews writes on Privacy Law Blog highlighting some of the important requirements on the EU front.
- The U.S. Safe Harbor Program — perhaps
the most common means of compliance with EU requirements imposed when
transferring the personal data of EU citizens to the US — may not
satisfy a multinational’s EU legal obligations, because, in cloud
computing, data could be stored on servers outside of both Europe and
the U.S, making the Safe Harbor Program ineffective.
- The use of Binding Corporate Rules — the newest method of
EU international data transfer compliance — used alone also may be
insufficient, because, in cloud computing, personal data will be
transferred outside of the corporate “group” that is bound by the
corporate rules.
- International data transfer issues aside, companies also
will need to consider other privacy concerns when computing in the
cloud, such as the possibility that data stored with another entity may
be subject to subpoena and disclosed to the government of the
jurisdiction where the cloud servers are located, perhaps without the
company’s permission or knowledge.
It is vital for Cloud Vendors to consider these issues in detail and find a way to comply with them. It is also important for the Cloud Vendors to engage in a dialog with regulatory bodies around the world. While many of the regulations are valid and important, there are some that may need reconsideration to sync up with the new technologies.
