I was in London a few weeks ago, and splashed across the Metro, a paper that circulates freely on the Underground, was a story about a messaging service that had breached data privacy laws by asking subscribers for access to contact lists and storing that information on the company's servers in California. This application had about 300 million users globally, so large volumes of sensitive data were at stake.
For the majority of us, cloud applications have become both a way of work and personal life. Productivity applications are a big component of the way we work today. And applications are often comprised of or linked to multiple micro applications that further complicate data privacy. Cloud storage services represent another vector for storing data in the cloud -- and add yet another layer of complexity to the privacy conundrum.
We hope the organization collecting and storing our information has strong data-handling procedures, access controls, and proactive measures against hackers. And, for the most part, I believe that to be true of both established entities and emerging providers.
Yet even in a best-case scenario, one where the cloud service provider or developer stores only information that the customer has consented to, there are strong data-handling practices, and even if only authorized personnel access that information, people must still take precautions with their personal and corporate data.
It's not unlikely that at some time, a smaller cloud storage service provider will close or merge, at which point it's up to individual users to remove their data from the site and transfer it to another data storage site if they wish. Unfortunately, an increasingly common scenario is that authorities might seize data for various reasons. Or individuals may become involved in a variety of copyright issues. Perhaps many, or indeed, all of us, will experience the following scenario in the next few years: Our data (personal or corporate) ends up in the wrong hands and is used for nefarious purposes. Try explaining that to your significant other or boss.
So, what should you tell your organization's end users to do when they work from home or on the road, represent your company online, or interact on social media?
Ensure they know they must be careful about what they post about themselves on sites like Facebook and other social networking sites.
Tell them not to link passwords together and to use two-factor authentication.
Make certain any material on cloud storage sites is legal and does not contain highly sensitive data.
In the case of an organization’s sensitive data, be sure to encrypt and back up data.
Securing the cloud is not the responsibility of one person or department. It is, rather, a burden everyone should shoulder.
— Evelyn de Souza is a datacenter security strategy consultant and co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM). She blogs at RavenhairedMaven and is on Twitter at: e_desouza.
Even if they clear it out who is going to deal with the security, bot parties will still be involved. Either's mistake can be result in the data breach.
Michael makes an important point. I've seen reports which suggest that both vendors and clients think the other party is dealing with security. It needs to be spelled out.
"Employees are forbidden from using consumer cloud services like Dropbox and Gmail for work purposes. "
That makes real sense. If companies are not able to provide the security level requiered by those cloud services, I think it is better to take preventive actions to avoid getting into costly security management processes.
"Hope and belief have no place in the business world"
You get what pay for. But sometimes you can't get things to work the way you will like to, and then you hope that nothing will come to disrupt or challenge them.
Many companies are banning BYOC -- Bring Your Own Cloud. Employees are forbidden from using consumer cloud services like Dropbox and Gmail for work purposes.
As a devoted user of both those services, I can see obstacles to that kind of policy. And yet it makes sense from an enterprise security standpoint, particularly in regulated industries.
Securing data is easier said than done. Depending on cloud companies to protect data forever without changing terms or service regularly is a risky bet. And where 'greed' comes into the picture, which it surely will at some point, it's not going to be easy to depend on absolute security.
We can only try to guess the risk/reward when entering and storing critical information and cross our fingers!
Well that's very true and realistic. We can't expect from corporate sector to safeguard people interests when its comes to business. There is a cut throat and ruthless competetion out there. I think we can't expect users to remain very disciplined in security data for the sake of others. There are so many nasty elements on the prowl ...who are ready to exploit someone's personal information. It is primarily the responsibility of service providers to secure data and ensure secrecy of personal information. A mechanism is required to be devised to make service providers responsible for the security of data. Unless they are not accountable in this regard...none of them would take up the responsibility to serve their customers.
"We hope the organization collecting and storing our information has strong data-handling procedures, access controls, and proactive measures against hackers. And, for the most part, I believe that to be true of both established entities and emerging providers."
Hope and belief have no place in the business world. It is not that difficult to contract in what you require.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
At the start 2012, concerns about the cloud, government regulations, loss of IT control, lack of consistent and mature standards, and data privacy eroded business confidence in both private and public computing. But over the course of 2012 and into 2013, several government and industry associations have launched initiatives to enable broader adoption of cloud computing models, all of which have several traits in common: A broader focus on the privacy of individual and company data, as well as the need for greater transparency on the part of service providers.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
