A couple of days ago my inbox filled me with intrigue when I saw the email from InformationWeek containing a link to one of their latest articles. The title: “7 Cloud Computing Myths Busted” by Serdar Yegulalp.



Since I’ve written a few articles on cloud computing and I’ve been interviewed for a couple others, I considered this “must” reading. Indeed, it is a very good article. Here, I particularly wanted to talk about Serdar’s myth #2 – Cloud computing is the end of privacy as we know it. This is something we all should be concerned with and - from the looks of data security concerns articles and discussions going around - we are…even if we are often not doing anything more than talking about it.



Cloud Computing and Data Privacy



So, is cloud computing really the end of privacy? Storing data and running apps in the cloud – meaning the apps are being run off of someone else’s server somewhere and your data is being stored somewhere that you likely will never see – doesn’t sound very secure on the surface, does it? Does that make you feel comfortable? No? It shouldn’t. But it isn’t the end of the world and the same prudence with data security that we take when handling data and apps within our own environment should be in place to secure your data outside our environment – it just requires some extra attention and policy adjustments on our part and possibly some extra verbiage in a contract that with the cloud provider of choice.



Mr. Yegulalp states: “What makes cloud computing such a fierce target for privacy advocates is not only the newness of the technology, since every freshly minted technology is a possible privacy suspect. It's also the fact that cloud computing, on the face of it, can cause a huge degree of aggregation across multiple IT spheres. When you have many disparate things suddenly all under one roof, it translates into "single point of failure" and "all your eggs in one basket." It's not your data anymore, either; it's someone else's, and whatever happens will happen on his watch. There's a chance that provisions about your data security aren't even in the contract you signed.”



He is dead on with that insight. Afterall, most data leaks and theft happen within organizations as inside jobs, so the paranoia we’re all feeling is somewhat justified. And when you start storing your data on someone else’s system, you might not have the law on your side if expectations of privacy become a legal issue.



Our providers of cloud services must be proactive about their handling of data security, it must be built into the contracts you sign and you should be able to expect them to go above and beyond the call of data to make you feel comfortable about the safety of your data. And if you don’t have that comfort level, then move on to the next provider. But it’s up to you to see to it that the cloud services provider you are using is looking after your data. It’s not impossible to ensure this, it’s not impossible for them to maintain the safety of your data…it just takes prudent IT practices and forward-thinking policies.



One example – Mozy, the online backup service provider – addresses security/privacy concerns by allowing customers to provide their own high-grade encryption keys. The backed up data then cannot be read by anyone else – including Mozy. If you leave the service, the key goes with you rendering your left behind data useless to anyone else.



Summary