Since last few years a cloud market has grown up with the challenges that enterprises face in providing cloud storage and file sharing services, while reducing IT costs and maintaining data. But it is only beneficial when it is secured. Is your online data service secured?
Data is accessed remotely through the network servers. The Internet is the only way from where the network is doing all manipulations of data where users are accessing the remote servers than the local server for managing, storing and processing relevant data.
Most of the organizations are using cloud computing, which is the most convenient way for them to maintain all the sensitive data easily. In point of fact, all internet users are using cloud computing services like Google Docs, Dropbox, Microsoft’s SkyDrive to access their personal files whenever and wherever they want.
Not only internet services, but also mobile services like smartphones and tablets, especially made for an internet apps are widely accelerated by cloud computing. People are accessing their documents, media and pictures from their smartphones when they are not at the desk.
Developed market for cloud may lead to some security issues. Is your data really safe on the cloud or online storage medium? After all the network is an open access to all, where there is no control on the layers of the stack, which means it comes to insecurity of data on the network than your personal or local server.
Recently, a survey revealed that 66 percent of the consortium’s members are concerned regarding data security, which is deferring their efforts for cloud computing. Earlier, the same survey estimated record was 80 percent of the members were doubters with cloud computing due to security issues.
Security concern over cloud computing is the most essential thing that companies are recognizing. Few companies are also concerned about regulatory issues. According to the survey, 47 percent of the participants are worried about being attached to one provider of cloud storage.
Today, Amazon web services are a conspicuous computing provider in the industry, growing speedily. However, its services failed for a while in Oct 2012, when users could not access their documents. Expert says still there is an immense exigency to address issues related security, availability and more to develop in the future.
Cloud backup provider for data protection, fits for scalability, freedom from day-to-day management and potential cost saving on bandwidth while comparing with the writing data on various sites. But what about the third party handling those data for safekeeping.
Factors to be considered by Data Controllers
Data protection has appeared as a major comeback to the development of information technology. In India data protection is involved under the Information Technology Act, 2000. The Act describes ‘data’ – “data means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form or stored internally in the memory of the computer”. Protection of such data and privacy are involved under specific provisions in the Act. Compared with the developed countries, data are not of same utility and importance; it varies from one another on the basis of utility, so there is a need to divide it into different categories of data having different utility values.
The contractual issues for data processing toted by the user, who registers the services of a cloud service provider. Here User is a data collector, who is responsible for assuring that data protection requirements are met or the fulfilling statutory requirements.
Be careful while enlisting in cloud service provider:
The type of data processing acceptance by the provider is to be simply specified, and the purpose for which the data may be processed. The circumstances under which the provider may for his part allow the data to subcontractors or those who are taking some portion of the contract from the main contractor. So it is necessary for contractor to inform the subcontractor the regulations regarding data protection in the contract between the user and the provider, which are also linked to the subcontractors.
When terminating the contract with provider, data deletion is the main thing to be considered. It may be possible because this data is no longer used in future user may delete the data, which may arise problems as there is no other copies of data to refer. If the deleted data connected to the other data items, it proves financially unreasonable or technically inappropriate in terms of utility.
The organizational and technical data security standards that are to be taken by the provider are to be specified in the contract, such as the access rights of the provider’s employees to data and the systems used to process them, or the encryption of data during transmission or storage, or both.
Data which is rendered over the network must be known to the customer that in which countries the servers are deployed on which the data is handled and stored and the provider under the contract should not to transfer the data to any other countries without consulting the user.
Agreed Service Levels
The most necessary thing to agree on contract services for availability and data recover, according to the use of data should be protected by supporting fixed retributions in the occurrence of non-compliance with the agreed service levels.
Return of data to the user after the termination of the contract has to be ensured. This needs a long time period of observation for the user to ensure the availability and constant further processing of data after termination of the contract.
Audit rights have to be provided for auditing companies and regulatory authorities depending on the sectors from where user correlates. Just by agreeing on information and audit rights, the user creates the chance to verify that the responsibilities arrived by the provider are being accomplished.
As there is no special data protection policies applied in regards to cloud computing, user has no alternative but to be cautious of their legal responsibility to protect data with the help of detailed agreements with cloud computing service providers.