I’m reading two unrelated articles, both on cloud computing. The first article describes Apple’s launch of iCloud during the company’s Worldwide Developers Conference (WWDC 2011), last week. Much hype surrounded Apple’s proclaimed intent, voiced by CEO Steve Jobs: ‘We are going to move the digital hub, the centre of your digital life, into the cloud.’
The second article is about a recent study, conducted among a number of cloud service providers, which concluded that almost two-thirds placed responsibility for the data hosted on their servers with the companies that use cloud computing. ‘If you think your service provider is going to take care of everything, then you have another thing coming,’ warns the author of the article.
So on the one hand, one of the leading providers of cloud-based consumer data services has made significant investments towards a new, soon-to-be-opened data centre in North Carolina, USA, and has also taken it upon itself ‘to demote the PC and the Mac to just be a device – just like an iPad, an iPhone or an iPod Touch’.
Competing head-to-head with Apple is Google. However, although both have different visions, in both cases, data is in the cloud and can be accessed from anywhere with a network connection. Plus, there are so many other companies competing in the same race, including Amazon, Spotify, Dropbox and others.
So in brief, the launch symbolises the beginning of the post-PC era, an era in which we rely on the cloud not only for our e-mails, photos, and music, but for every aspect of our digital lives.
On the other hand, the study conducted by the Ponemon Institute concludes that ‘the majority of cloud computing providers… do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.’ They also believe it is the responsibility of the customers (i.e. the companies that use cloud computing) to secure the cloud.
The Security of Cloud Computing Providers Study surveyed 103 cloud service providers in the USA and 24 in six European countries. The study is the second of a two-part series on security of cloud applications, infrastructure, and platforms. The first study, on Security of Cloud Computing Users, was published last year.
A comparison of the findings from both studies reveals that neither the company that provides the services nor the company that uses cloud computing seems willing to assume responsibility for security in the cloud.
Where does this leave the end-user? How can the end-user make sure that his/her data on a company’s database is protected while this company is paying a cloud service provider to manage that database in the cloud? Ultimately, who has access to such data? Is it encrypted and backed up regularly?
There is little doubt that the cloud which is currently storing our e-mails, music, photos, and videos will be getting bigger, even in the short-run. The cloud carries lots of benefits, including freedom from physical constraints. However, many doubts on security and confidentially still loom. Are we blindly conceding our data to the bigger cloud? Do we ever stop to think how many of our financial, health, or employee records are in the cloud, and how secure they are?
One thing is certain: when it comes to our data, lack of knowledge is an excuse we can no longer afford to use.
Learn more about cloud computing. Read the relevant section in An Introduction to Internet Governance, on p. 62.