Top privacy issues for cloud computing
Cloud computing refers to the underlying infrastructure for a model of service provision that has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay-per-use business model.
These new features have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms.
The advantages of cloud computing—its ability to scale rapidly, store data remotely and share services in a dynamic environment— can become disadvantages in maintaining a level of assurance sufficient to sustain confidence in potential customers.
Some core traditional mechanisms for addressing privacy (such as model contracts) are no longer flexible or dynamic enough, so new approaches need to be developed to fit this new paradigm.
Current cloud services pose an inherent challenge to data privacy because they can result in data being exposed in an unencrypted form on a machine owned and operated by a different organization from the data owner.
The major privacy issues relate to trust (e.g. whether there is unauthorized secondary usage of personally identifiable information), uncertainty (ensuring that data has been properly destroyed, who controls retention of data, how to know that privacy breaches have occurred and how to determine fault in such cases) and compliance (in environments with data proliferation and global, dynamic flows and addressing the difficulty in complying with transborder data flow requirements).
Below are a number of aspects that illustrate best these privacy issues:
Cloud computing offers significant challenges for organizations that need to meet various global privacy regulations, including the complexity of existing global legislation necessitating legal advice.
Cloud faces the same privacy issues as other service delivery models, but it can also magnify existing issues, especially transborder data flow restrictions, liability and the difficulty in knowing the geographic location of processing and which specific servers or storage devices will be used. In addition, care must be taken to delete data and virtual storage devices, especially with regard to device reuse.