Hands of a guy on laptop keyboard

Cloud computing: what goes on up there?

16 June 2011

I’m reading two unrelated articles, both on cloud computing. The first article describes Apple’s launch of iCloud during the company’s Worldwide Developers Conference (WWDC 2011), last week. Much hype surrounded Apple’s proclaimed intent, voiced by CEO Steve Jobs: ‘We are going to move the digital hub, the centre of your digital life, into the cloud.’

 

The second article is about a recent study, conducted among a number of cloud service providers, which concluded that almost two-thirds placed responsibility for the data hosted on their servers with the companies that use cloud computing. ‘If you think your service provider is going to take care of everything, then you have another thing coming,’ warns the author of the article.

So on the one hand, one of the leading providers of cloud-based consumer data services has made significant investments towards a new, soon-to-be-opened data centre in North Carolina, USA, and has also taken it upon itself ‘to demote the PC and the Mac to just be a device – just like an iPad, an iPhone or an iPod Touch’.

Competing head-to-head with Apple is Google. However, although both have different visions, in both cases, data is in the cloud and can be accessed from anywhere with a network connection. Plus, there are so many other companies competing in the same race, including Amazon, Spotify, Dropbox and others.

So in brief, the launch symbolises the beginning of the post-PC era, an era in which we rely on the cloud not only for our e-mails, photos, and music, but for every aspect of our digital lives.

On the other hand, the study conducted by the Ponemon Institute concludes that ‘the majority of cloud computing providers… do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.’ They also believe it is the responsibility of the customers (i.e. the companies that use cloud computing) to secure the cloud.

The Security of Cloud Computing Providers Study surveyed 103 cloud service providers in the USA and 24 in six European countries. The study is the second of a two-part series on security of cloud applications, infrastructure, and platforms. The first study, on Security of Cloud Computing Users, was published last year.

A comparison of the findings from both studies reveals that neither the company that provides the services nor the company that uses cloud computing seems willing to assume responsibility for security in the cloud.

Where does this leave the end-user? How can the end-user make sure that his/her data on a company’s database is protected while this company is paying a cloud service provider to manage that database in the cloud? Ultimately, who has access to such data? Is it encrypted and backed up regularly?

There is little doubt that the cloud which is currently storing our e-mails, music, photos, and videos will be getting bigger, even in the short-run. The cloud carries lots of benefits, including freedom from physical constraints. However, many doubts on security and confidentially still loom. Are we blindly conceding our data to the bigger cloud? Do we ever stop to think how many of our financial, health, or employee records are in the cloud, and how secure they are?

One thing is certain: when it comes to our data, lack of knowledge is an excuse we can no longer afford to use.

Learn more about cloud computing. Read the relevant section in An Introduction to Internet Governance, on p. 62.

3 replies
  1. Stephanie Borg Psaila
    Stephanie Borg Psaila says:

    Definitely Kranthi! Cloud computing relies completely on Internet access, and sustainable bandwidth. I read your blog post on ‘endless opportunities’ and posted a comment…

  2. Trevor Phipps
    Trevor Phipps says:

    Yet another issue facing the use of Cloud computing is one of jusrisdiction. i’m located in the Caribbean, my cloud provide is US based. Who has jurisdiction over my clients confidential data.

    • Stephanie Borg Psaila
      Stephanie Borg Psaila says:

      Thanks for the comment Trevor. Jurisdiction is a challenging concept for most Internet-related issues, due to the lack of geographical boundaries. In cases like the one you mention, jurisdiction is often pre-determined in the contract you agreed to when you signed up for the service. You might want to have a look at the fine print.

Comments are closed.

Subscribe to Diplo's Blog