Since last few years, Cloud market has grown up with the challenges that enterprises face in providing Cloud Storage and file sharing services, while reducing IT costs and maintaining data. But it is only beneficial when it is secured. Is your online data service secured?
Data is accessed remotely through the network servers. The Internet is the only way from where the network is doing all manipulations of data where users are accessing the remote servers than the local server for managing, storing and processing relevant data.
Most of the organizations are using Cloud Computing, which is the most convenient way for them to maintain all the sensitive data easily. In point of fact, all internet users are using Cloud Computing services like Google Docs, Dropbox, Microsoft’s SkyDrive to access their personal files whenever and wherever they want.
Not only internet services but also mobile services like smartphones and tablets, especially made for internet apps, are widely accelerated by Cloud Computing. People are accessing their documents, media, and pictures from their smartphones when they are not at the desk.
The developed market for Cloud may lead to some security issues. Is your data really safe in the Cloud or online storage medium? After all, the network is an open access to all, where there is no control on the layers of the stack, which means it comes to the insecurity of data on the network than your personal or local server.
Recently, a survey revealed that 66 percent of the consortium’s members are concerned regarding data security, which is deferring their efforts for Cloud Computing. Earlier, the same estimated survey record showed nearly 80 percent of members, who had doubts about cloud computing security issues.
Security concerns over Cloud Computing is the most essential thing that companies are recognizing. Few companies are also concerned about regulatory issues. According to the survey, 47 percent of the participants are worried about being attached to one provider of Cloud storage.
Today, Amazon web services are a conspicuous computing provider in the industry, growing speedily. However, its services failed for a while in Oct 2012, when users could not able to access their documents. Expert says, still there is an immense exigency to address issues related security, availability and more to develop in the future.
Cloud backup provider of data protection fits for scalability, freedom from day-to-day management and potential cost saving on bandwidth while comparing with the writing data on various sites. But what about the third party, handling those data for safekeeping.
Factors to be considered by Data Controllers
Data protection has appeared as a major comeback to the development of information technology. In India, data protection is involved under the Information Technology Act, 2000. The Act describes ‘data’, as a representation of information, knowledge, facts, concepts or instructions, which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form or stored internally in the memory of the computer”. Protection of such data and privacy are involved under specific provisions in the Act. Compared with the developed countries, data are not of the same utility and importance; it varies from one another on the basis of utility, so there is a need to divide it into different categories of data having different utility values.
The contractual issues for data processing are toted by the user who registers the services of a Cloud service provider. Here User is a data collector, who is responsible for assuring the fact that data protection requirements are met or the fulfilling statutory requirements.
Be careful while enlisting in Cloud service provider:
The type of data processing acceptance by the provider is to be simply specified, and also the purpose for which the data may be processed. The circumstances under which the provider may concern for his part allow the data to subcontractors or those who are taking some portion of the contract from the main contractor. So it is necessary for the contractor to inform the subcontractor the regulations regarding data protection in the contract between the user and the provider, which are also linked to the subcontractors.
When terminating the contract with a provider, data deletion is the main thing to be considered. It may be possible because this data is no longer used in future if the user deletes the data, which may arise problems as there is no other copies of data to refer. If the deleted data is connected to other data items, it proves financially unreasonable or technically inappropriate in terms of utility.
The organizational and technical data security standards, that are to be taken by the provider, are to be specified in the contract, such as the access rights of the provider’s employees to data and the systems used to process them, or the encryption of data during transmission or storage, or both.
Data, which is rendered over the network, must be known to the customer that- in which countries, the servers are deployed on which, the data is handled and stored. Also, the provider under the contract, should not transfer the data to other countries without consulting the user.
Agreed Service levels
The most necessary thing to agree on contract services for availability and data recovery, according to the use of data should be protected by supporting fixed retributions in the occurrence of non-compliance with the agreed service levels.
Return of data to the user after the termination of the contract has to be ensured. This needs a long time period of observation for the user to ensure the availability and constant further processing of data after termination of the contract.
Audit rights have to be provided for auditing companies and regulatory authorities depending on the sectors from where user correlates. Just by agreeing on the information and audit rights, the user creates a chance to verify that the responsibilities arrived by the provider are being accomplished.
As there is no special data protection policies applied in regards to Cloud Computing, user has no alternative but to be cautious of their legal responsibility to protect data with the help of detailed agreements with cloud computing service providers.