22 Jul 2014
Cloud computing is no longer something reserved for high-tech companies or large corporations. If you have a smartphone or use a tablet, you are likely part of the cloud. So what is cloud computing? While there’s no single definition for it, it essentially means sharing or storing information on remote servers that can be accessed over the internet. If you use email, your emails are stored on the cloud. If you’ve ever saved a document on Google Drive, that’s all saved on the cloud. Apps are also downloaded off of the cloud. Cloud computing is certainly convenient, but it also opens the door to some pressing concerns about privacy, especially when it comes to sensitive data. It’s a concern many cloud providers will need to address, and they need to do it soon.
The issue of privacy has been in the headlines in recent weeks. Back in June, the U.S. Supreme Court ruled that law enforcement could not search people’s cell phones without first obtaining a warrant. The side supporting warrantless searches contended that police didn’t need a judge’s permission to search what’s in a suspect’s pockets, which includes that person’s phone. But the opposing side, which the Supreme Court agreed with, said the issue wasn’t the cell phone itself but rather the data contained on that cell phone. Data stored in the cloud was deemed to be private and protected, though it is likely further challenges will come in the form of future cases. The main point is that any line distinguishing physical possessions and those stored electronically is vanishing quickly if it hasn’t already happened.
Many businesses have turned to cloud computing as a way to optimize their productivity. That usually requires important and vital information be stored on the cloud by way of cloud providers. That practice leads to some interesting philosophical questions about who actually owns that data. If a cloud provider stores it on their own servers, is it theirs, or does it still belong to the company or individual that hired them? So far, there are no clear answers to the questions that have arisen from this complex issue, but it’s a major reason why some businesses have been reluctant to adopt cloud computing. Data is an essential ingredient of any business, and compromising it in any way could be disastrous.
When using a cloud provider, businesses will often have to sign some sort of confidentiality agreement. Protecting that client’s privacy then becomes part of the responsibility of the provider, but the protections offered can vary greatly depending on a number of factors. For example, even if something is stored on the cloud, it still must be stored in an actual physical server, and that server must be located somewhere. If that server is located in a different country, that data becomes subject to the laws of that country. That means the privacy protections offered can depend on the privacy laws the country has. Other adverse consequences, as described by a report presented at the World Privacy Forum, can affect legal protections as well. Data stored with a third party may lose some legal protections. By being stored with a provider, weaker protections may mean easier access by governments or private litigants. These are all concerns that need to be considered when businesses choose to go with a cloud provider for their data needs.
Privacy in the cloud is also a major concern in education. With lots of data on students to handle, many schools and districts are turning to third party cloud providers. In fact, one study puts the number of districts that rely on cloud services at 95%. But with this massive growth also comes worries over student privacy. Many times, parents aren’t even informed that their children’s information is being stored in the cloud. The same study found that only one-fourth of districts tell parents they’re using the cloud. Even more alarming is how districts often surrender control of student information when using a provider. Fewer than 7% of provider contracts actually restrict selling or marketing student data, and most contracts have no mention of parental notice of consent. The same study recommends that greater transparency is needed among districts and cloud providers, while districts need to establish new policies clearly outlining how cloud services will be used.
(Tweet This: About 95% of school districts rely on third party #cloud services but only 25% of districts tell the parents. #privacy)
All is not bleak, however, with the world of privacy and cloud computing. Cloud providers that don’t have adequate privacy protection will likely go out of business quickly, so most will look to prop up their reputations by making privacy a top priority. There are also other ways to protect a company’s data through authentication techniques and authorization programs. Concerns over privacy shouldn’t dissuade companies from taking advantage of the cloud, but they should be prepared to address the issue and proceed with caution.