The Risks of Cloud Computing
How safe is your personal information?
Cloud computing (another name for online data storage) has been around for about as long as the Internet, but in recent years it has become increasingly popular. Some common PC software even requires it.
Cloud computing is convenient and easy and, in the business world, it makes financial sense because it means companies don’t have to spend so much money on data storage or maintaining servers. But when companies are having a hard enough time keeping your personal information safe from hackers and data breaches, how safe can it be when it's in "the cloud?"
The basic idea of cloud computing is that your information is stored online, available for you to access it whenever you want and from any computer or Internet-ready device. It’s a neat idea that really appeals to companies looking for a way to reduce their costs. Online data storage seems like a reasonable alternative to buying expensive servers for storage and keeping an IT person or staff on hand to manage them.
The cloud may be fine for your pictures and music, but when you start thinking about personal information, such as passwords, that a business keeps on their clients and customers, the stakes go way up. For one thing, you don’t really know where the data is being stored, so you don’t have the first idea of the level of data security. If it’s a corporate “server farm,” it may be pretty good, or it may not. The first level of data security is physically protecting the hardware the data is on.
An equally important concern, particularly for government agencies and military, isn’t just the security of the servers themselves; it’s the people who have access to them as part of their job. One of the most famous examples of failure to protect against this personnel security risk is Edward Snowden and his exposure of the U.S. National Security Agency's surveillance program, PRISM.
It's clear that government agencies like the National Security Agency (NSA) and high-profile corporations like Target who rely on individuals with access to data may be putting their customers and the public at risk. It seems that closer scrutiny in hiring staff who manage cloud servers is the first easy answer to ensuring data security in "the Cloud."
The Accountability Challenge
A greater concern with cloud storage, though, relates to who consumers can hold accountable for the security of their personal information. Current laws provide guidelines for companies that maintain personal information. The laws address how personal information must be protected, used, and ultimately destroyed, as well as penalties for failure to protect that information. Those laws include provisions for ensuring any third party that company gives information to also protect it as the company would itself. But when personal information is stored in the cloud it can become virtually impossible for a consumer to know who actually compromised their personal information. In other words, everyone involved in a data breach could potentially be able to shrug their shoulders and say, “It’s not our fault.”