I was in London a few weeks ago, and splashed across the Metro, a paper that circulates freely on the Underground, was a story about a messaging service that had breached data privacy laws by asking subscribers for access to contact lists and storing that information on the company's servers in California. This application had about 300 million users globally, so large volumes of sensitive data were at stake.
For the majority of us, cloud applications have become both a way of work and personal life. Productivity applications are a big component of the way we work today. And applications are often comprised of or linked to multiple micro applications that further complicate data privacy. Cloud storage services represent another vector for storing data in the cloud -- and add yet another layer of complexity to the privacy conundrum.
We hope the organization collecting and storing our information has strong data-handling procedures, access controls, and proactive measures against hackers. And, for the most part, I believe that to be true of both established entities and emerging providers.
Yet even in a best-case scenario, one where the cloud service provider or developer stores only information that the customer has consented to, there are strong data-handling practices, and even if only authorized personnel access that information, people must still take precautions with their personal and corporate data.
It's not unlikely that at some time, a smaller cloud storage service provider will close or merge, at which point it's up to individual users to remove their data from the site and transfer it to another data storage site if they wish. Unfortunately, an increasingly common scenario is that authorities might seize data for various reasons. Or individuals may become involved in a variety of copyright issues. Perhaps many, or indeed, all of us, will experience the following scenario in the next few years: Our data (personal or corporate) ends up in the wrong hands and is used for nefarious purposes. Try explaining that to your significant other or boss.
So, what should you tell your organization's end users to do when they work from home or on the road, represent your company online, or interact on social media?
Ensure they know they must be careful about what they post about themselves on sites like Facebook and other social networking sites.
Tell them not to link passwords together and to use two-factor authentication.
Make certain any material on cloud storage sites is legal and does not contain highly sensitive data.
In the case of an organization’s sensitive data, be sure to encrypt and back up data.
Securing the cloud is not the responsibility of one person or department. It is, rather, a burden everyone should shoulder.
— Evelyn de Souza is a datacenter security strategy consultant and co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM). She blogs at RavenhairedMaven and is on Twitter at: e_desouza.
It puts the consumer at a huge disadvantage while the sponsoring company has the same lawyers write, interpret, and litigate the rules.
@Krafte: Well I cannot agree 100% on it. True that the retails have all the insurance and legal benefits to gain whereas the consumer has only the lost but still whose fault is it ? I still feel its more on the consume.
@hiranya – If you use the 80/20 rules, most people are responsible. I think the ultimate responsibility lies not with the consumer, but with the vendor, company, cloud site, etc. Transacting business – each of our own day-to-day business – has been relegated to a series of automated processes governed and even mediated by legal documents. It puts the consumer at a huge disadvantage while the sponsoring company has the same lawyers write, interpret, and litigate the rules.
@Krafte: Yes we as consumers should be a bit more responsible. The issue is what happens if they doesn't ? The same thing which has happened right now will rise again isn't it ?
@hiranya - Training is certainly important. However for consumers with respect to understanding the legal implications of privacy policies and statements, there isn't really any training short of everyone becoming an attorney.
@Krafte: So do you think training is not essential for others even ? How about end users ? They too do need some sort of a awareness on cloud. If not they will not use it.
@abdlah: Changing someone's mindset is the most difficult thing right now plus changing how they think about technology is not easy. When someone sticks to something which they feel is more suitable to them, its very to remove them from that.
@venks not everyone who uses the cloud works in a company so the training issue doesn't come in to play. There are lots of consumers and in fact, some like Evernote directly target the consumer.
Agree completely @abdlah. The big companies in particular are very much worried about there IT security. They invest a huge sum of money for their IT security. The competition in todays world is so tough that even the slighest negligency in the IT security may cost the company millions of dollars.
And one more important point that is being brought out here is that IT security is everyone's duty. I agree with that too.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
At the start 2012, concerns about the cloud, government regulations, loss of IT control, lack of consistent and mature standards, and data privacy eroded business confidence in both private and public computing. But over the course of 2012 and into 2013, several government and industry associations have launched initiatives to enable broader adoption of cloud computing models, all of which have several traits in common: A broader focus on the privacy of individual and company data, as well as the need for greater transparency on the part of service providers.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
