The Risks of Cloud Computing

How safe is your personal information?

A young woman and man working on an office computer

10'000 Hours/Getty Images

Cloud computing (another name for online data storage) has been around for about as long as the internet, but in recent years it has become increasingly popular. Some common PC software even requires it.

Cloud computing is convenient and easy and, in the business world, it makes financial sense because it means companies don’t have to spend so much money on data storage or maintaining servers. But when companies are having a hard enough time keeping your personal information safe from hackers and data breaches, how safe can it be when it's in "the cloud"?

The Basics

The basic idea of cloud computing is that your information is stored online, available for you to access it whenever you want and from any computer or internet-ready device. It’s a neat idea that really appeals to companies looking for a way to reduce their costs. Online data storage seems like a reasonable alternative to buying expensive servers for storage and keeping an IT person or staff on hand to manage them.

Security Risks

The cloud may be fine for your pictures and music, but when you start thinking about personal information, such as passwords, that a business keeps on their clients and customers, the stakes go way up. For one thing, you don’t really know where the data is being stored, so you don’t have the first idea of the level of data security. If it’s a corporate “server farm,” it may be pretty good, or it may not. The first level of data security is physically protecting the hardware the data is on.

An equally important concern, particularly for government agencies and the military, isn’t just the security of the servers themselves; it’s the people who have access to them as part of their job. One of the most famous examples of failure to protect against this personnel security risk is Edward Snowden and his exposure of the U.S. National Security Agency's surveillance program, PRISM.

It's clear that government agencies like the National Security Agency (NSA) and high-profile corporations like Target who rely on individuals with access to data may be putting their customers and the public at risk. It seems that closer scrutiny in hiring staff who manage cloud servers is the first easy answer to ensuring data security in "the Cloud."

The Accountability Challenge

A greater concern with cloud storage, though, relates to whom consumers can hold accountable for the security of their personal information. Current laws provide guidelines for companies that maintain personal information, for example the Gramm-Leach-Bliley Act and HIPAA.

The laws address how personal information must be protected, used and, ultimately, destroyed, as well as penalties for failure to protect that information. Some states have laws that may include provisions for ensuring any third-party that company gives information to should also protect it as the company would itself.

But when personal information is stored in the cloud it can become virtually impossible for a consumer to know who actually compromised their personal information. In other words, everyone involved in a data breach could potentially be able to shrug their shoulders and say, “It’s not our fault.”