There’s a lot of noise these days about “cloud computing” and it seems to be catching on with some companies. It makes sense to the “C” level executives, because it means they don’t have to spend so much money on data storage or maintaining servers and what not. Online data storage has been around for about as long as the internet, but now that there’s such a big push that direction, I started thinking about what this would mean for data security. When companies are having a hard enough time keeping your personal information safe from hackers and data breaches, what happens when they put it out on “the Cloud”?
The basic idea of cloud computing is that your information is stored out there on the internet “somewhere”, available for you to access it whenever you want, from any computer. It’s a neat idea that really appeals to companies looking for a way to reduce their costs – and face it… in this economy that’s pretty much everyone. Online data storage seems like a reasonable alternative to buying those expensive servers for storage and all that, plus keeping an IT person (or staff) on hand to manage it, plus all the extra money you’d have to put in for security policies and… well, you see where this is going.
The Cloud may be fine for your pictures and music, but when you start thinking about personal information a business keeps on their clients and customers, the stakes go way up. For one thing, you don’t really know where the data is being stored, so you don’t have the first idea what the data security will be like. If it’s a corporate “server farm”, it may be pretty good, or it may not. The first level of data security is physically protecting the hardware the data is on. It seems like a pretty important detail to nail down.
I talked this over with my brother this evening. He works for a company that handles government and military IT infrastructure. His concern was even more basic than the server farms. The biggest concern, according to him, isn’t the servers; it’s the people who have access to them as part of their job. He felt the best way to keep information secure was to have closer scrutiny on the handlers of the data. Naturally, this brought to mind all those stories I know about who commits identity theft, especially medical identity theft.
A greater concern with the Cloud, though, also relates to who consumers can hold accountable for the security of their personal information. Current laws provide guidelines for companies that maintain personal information – specifically how it must be protected, how it is used, and how it is destroyed when it is no longer required to fulfill the company’s services, as well as penalties for failure to protect that information. Those laws include provisions for ensuring any third party that company gives information to also protect it as the company would itself. By storing personal information via cloud computing, it will be virtually impossible for a consumer to know who actually compromised their personal information, since no one will know where that information was even stored. In other words, everyone involved in a data breach will be able to shrug their shoulders and say “It’s not our fault.”
The Cloud is only starting to become a factor in online data storage. The concerns I bring up here haven’t even been discussed in any information I’ve been able to put my hands on. As consumers, we can hope that all these issues will be addressed, and all fears will be laid to rest before they have opportunity to manifest.
Personally, I will continue to give my standard recommendations: know what the different types of identity theft are, how to protect yourself from identity theft, and what to do if you are a victim of identity theft.
Honestly, there’s just too much at risk to leave your life in the Cloud.