The Cloud Contract Adviser: Making sure your information is secure

When it comes to cloud-computing contracts, knowledge is key, and reading is fundamental

Cloud computing continues to make the headlines. Unfortunately, the recent news hasn't been good. I've never been one to let lemons go to waste, so let's make some lemonade by using the recent PlayStation Network hacks as a starting-off point to explore the importance of knowing what information security your cloud provider has in place. After all, what good is bad news if you can't learn something good from it?

According to the PlayStation Network blog, "... between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network." It's been reported that those breaches resulted in the compromise of personal data belonging to nearly 100 million account holders.

The PlayStation Network hack demonstrates the risk common to any cloud service adoption: The cloud provider may not handle your information as securely as you would like. When you use any cloud computing service, you are trusting it with information, whether that be personal, regulated, proprietary or otherwise sensitive information. In doing so, you lose some of the control, or at least the perceived control, that you had when you did the same things in-house.

To be fair, the PlayStation Network folks advised their customers in advance that such problems could occur. According to the PlayStation Network/Qriocity Privacy Policy:

"Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, Sony Online Services or that we store on our systems or that is stored on our service providers' systems."

Be sure to go into undertaking like this with your eyes open. Knowledge is key, and reading is fundamental. How many customers do you think took the time to read that policy before sharing their personal data with PlayStation Network? I'm guessing not many. And, be honest, how many of us do in our personal lives? But when it's your organization's and your customer's data at stake, the first step in mitigating this risk is reading and understanding the provider's standard terms and conditions.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon