Issues Related to Cloud Privacy
With the advent of cloud technology and its many benefits, a lot of users are opting to share, promote, store and manage their data online; without fully understanding its implications. If a user wants to store personal data on cloud then lack of due diligence before this migration can lead to data loss. A common misconception about cloud is that it is completely private and free from attackers. This is because users feel that they have complete control of the data that they store on cloud; whereas the cloud itself is out of their reach. Cloud servers are the properties of service providers and they can access the data stored on it anytime they want. These servers are spread across the globe and user data is not stored on a single server.
Many factors are responsible for ensuring cloud privacy:
Data ownership issues: Irrespective of what is claimed by the service provider, a layman is always unsure of the ownership of data once it is uploaded on the cloud. For example, if a user takes a picture and uploads it on the cloud, the copyright may become invalid in certain cases. A cloud provider can access this picture which may be valuable to the user, and might use it for its own benefit. Therefore, one should avoid uploading any important data of financial, emotional and legal nature on cloud.
Location of The Data: Data centres are located all around the world. It is impossible to guess in which location your personal data is stored. Every country has different cyber laws and laws governing data privacy. Therefore, your data can be stored in a place where the laws are contradictory to your rights and could conflict with the laws prevalent in your country. Google and Microsoft have admitted that some of the countries where their data is stored have summoned them more than once to get access of the information of their users. Users should be extremely cautious while uploading crucial data on cloud if the data centre of the service provider is in a foreign land.
Data migration: Data can be transferred from one data centre to another for security reasons or routine maintenance. This can also happen due to excessive information storage at any one centre. Data migration can cross geographical boundaries of nations and hence be subject to the laws of more than one country. Post migration, the current data centre may or may not subscribe to the privacy agreement that was signed with the customer at the time of setting up the cloud account. Due to this, a user suffers from a host of privacy issues which are needed to be considered before transferring data onto a cloud.
Permanency of data: Users keep on creating new data every day; because of this a lot of data is uploaded and stored on the cloud. There is no way to decipher if data that is deleted from cloud has been permanently deleted or can be restored. A lot of cases of revenge porn have arisen due to this feature of cloud.
Handling Cloud Privacy Issues
As discussed in the above section, apart from many security concerns there are also many privacy issues which need to be examined before choosing a cloud service provider. Privacy issues, if not handled carefully can expose a user’s data to wrong hands.
Following measures should be applied to keep your cloud data private:
Encryption: Users need to encrypt their private and personal data if they are uploading it to a cloud. The encryption technique used for data security can be applied for data privacy as well. This is because encrypted data will be useful only to those users who have the key to decrypt it. Therefore, it is advisable to choose a cloud service provider that offers encryption. Users can also encrypt the data on their own before uploading to cloud to create an extra layer of security.
Understanding the Terms and Conditions: Going through the terms and conditions might be a tiresome task for many users, but it is one of the most important steps that should be followed before setting up your cloud account. The standard practice of blindly agreeing to the terms and conditions without even reading them can put your data at great risk. This is because in case of any failure the service provider can easily cite these conditions and user may not have much of a legal recourse. Some service providers also have clauses related to access rights towards any data which is being stored on the cloud. This is a part of the terms and conditions. It is worth taking out time to read the terms and conditions carefully as it helps to save time, money and energy if an unexpected event happens later on.
Avoiding sharing information on cloud: Some clouds allow users to share their information with other users of that cloud. People share pictures, videos, music etc. with their friends by giving restricted cloud access. This is a practice that can be exploited. Avoid sharing information on cloud to safeguard your privacy and avoid cyber bulling.
Avoid using cloud for storing sensitive data: Personal information, sensitive images, videos and audios should not be uploaded to a cloud. Edward Snowden, the NSA whistle-blower, had intercepted intimate pictures of people that were being examined and shared by NSA agents just for some cheap fun. This may not have caused any harm but it certainly undermined the dignity and privacy of those whose pictures were monitored.
Selecting a Cloud Service Provider
Selecting the right service provider is very important. This is because data security and data privacy are of primary importance to a user. It is always safer to choose a cloud provider that encrypts the data that you store on cloud. Before signing up for a cloud account, you must carefully review all the terms and conditions to understand your rights. In some cases, there are specific clauses that talk about rights to access the Mara that is stored on cloud.
Every cloud service is created to cater to different needs of the users. Some users use cloud to store music, pictures and videos while others use it for hosting blogs. Enterprises often use cloud to satisfy multiple commercial requirements. Before selecting a cloud service the user must examine and analyse the following Issues:
Space: Users need to perform an evaluation of their needs and amount of cloud storage needed to store their data. If they end up buying extra space it might cause a strain on their finances, whereas, buying less space would mean adding chunks of space later, which can cost more. Therefore, it is important to calculate the optimum amount of space that is required.
Finances: Users need to work out their finances and decide how much they are willing to invest for a cloud service. It is advisable to check the offers from multiple service providers and compare the cost and benefits of each of them. Following this, depending on the requirement and the cost involved (keeping in mind your budget), you will be able to make an informed choice. Some service providers provide online cost calculators for their clients, such as Google, Microsoft, Rackspace and vCloud.
Access to the cloud’s customer service: Generally, users don’t have any control on the cloud. When faced with a problem there is nothing much that they can do on their own. Therefore, it is important that that the service provider that is selected has a responsive customer service.
Review of previous and existing users: Getting a neutral opinion is always helpful and reliable. There are a lot of sites which review various cloud platforms. By going through these websites, users can get a fair idea about the feedback received regarding different cloud providers. This can be helpful in choosing the right kind of cloud provider.
Security features: The service providers must have standard security features to protect the data being stored with them. Therefore, it is important to review these features beforehand which are described under different clauses in the user agreement or other terms and conditions signed with the customer.
Data loss management: Data loss management is integral as it raises many questions about what will happen if such a situation takes place. It is always helpful to know the history of data loss tackling of any service provider to get an idea about their past course of action and how they are likely to proceed in such a scenario.
Location of the data centre: A country with privacy laws that conflict with the laws prevalent in your country can adversely affect the security and privacy of your data. This can happen if the data centre holding your data happens to be located in one such country. Therefore, it is important to know in which country the data centre of your service provider is located. After knowing this, you will be able to assess the legal implications related to data security and accordingly take a decision about the service provider.
Number of failures in the past: if a cloud company is prone to failure, then that company should be avoided in order to safeguard your data. The understanding of this issue at last might take you to the correct service provider who can offer all your requirements.