The cloud has become ubiquitous and in today’s fast paced world, many businesses use it for their IT needs. Different types of services such as Software as a Service [SaaS], Infrastructure as a Service [IaaS], Platform as a Service [PaaS] and Disaster Recovery as a Service [DRaaS] are all operating elements which are part of services offered in cloud computing. The cloud has a complex infrastructure supporting the various services. In cloud computing, clients do not actually purchase the hardware and software of the cloud infrastructure; rather, they are given access to the various services and are charged accordingly.
Since the Users of the cloud have to transfer data between their production center and the cloud, security of data is a serious issue. The business is transferring data and has the expectation assuming the data is safe with the cloud service provider. Data breaches will have serious consequences and will not be tolerated.
Cloud computing is a globalized service and there are no geographical boundaries in the cloud. The cloud infrastructure used to transfer and store data, can direct it to any of the cloud servers in any part of the world, depending on available capacity at the moment the data is transferred. Some Cloud Service Providers do offer their clients the choice of choosing the geographical location within which they want to limit their interaction with the cloud service.
It should be noted that the security offered by the Cloud Service Provider have to be the best in the business. They should use the latest encryption technology and will have insurmountable firewalls etc. to keep hackers and viruses at bay. The security they offer is usually far superior compared to traditional methods of having their own on-site and off-site data centers etc.
Authorized Users can only access the data with proper two stage authentication. The use of a onetime password, which is randomly generated, will be an added layer of data security. If a Cloud Service Provider fails in his security obligations, not only will they suffer loss of goodwill, they will be open to serious legal ramifications. A business can be sure that for a Cloud Service Provider, security is something they spend a lot of time on, to ensure their service has a very high level of security. If a service user suffers a data breach, and the data belongs to their customers, they too face liability in conjunction with the cloud service provider.
There are a lot of legal issues which have to be taken care of before using the cloud. Since a third party is involved, the legal issues must cover all parties adequately, in consonance with the provisions of the law and auditing standards. Relationships must be carefully defined by contracts. Some of the provisions as per the law are:
- User of the cloud services is fully responsible for the security of the data
- The User should be in control of the data at all times
- Delete obligation rests with the party authorized to do so by the contract
- The cloud User should guarantee all parties that are involved, transparency, integrity and compliance with all laws and auditing standards in data processing
It can be seen that in cloud computing, international ramifications of legal issues are involved. Therefore, the contracts should be carefully drawn up by experts in this field. Cloud Computing and Data Protection is possible with due diligence and the result will be a win-win-win situation – for the Cloud Service Provider, the User and the User’s clients.