Cloud services raise security, privacy concerns, experts say
IDG News Service - A move toward more and more services in the cloud is inevitable, but vendors still need to focus on security, and the U.S. government needs to rewrite privacy laws to protect cloud customers, a group of experts said Tuesday.
Cloud computing will offer many benefits, including remote access to data, remote collaboration and reduced IT costs, said Greg Nojeim, senior counsel for the Center for Democracy and Technology. But cloud vendors, customers and U.S. policy makers still have "a lot of questions to work through," he said at a forum on cloud security and privacy at The Brookings Institution in Washington, D.C.
Nojeim called on the U.S. Congress to update the 24-year-old Electronic Communications Privacy Act (ECPA), which gives data stored on personal computers greater protection from law enforcement searches than data stored with third-party services. Law enforcement officials typically need to get a court-ordered warrant to search the hard drive on a PC, but need only a prosecutor- or investigator-issued subpoena to access data stored in the cloud, he said.
"The law shouldn't discriminate between the privacy of something I store locally and something I store remotely," he said.
Law enforcement agencies weren't represented on the Brookings panel, but the U.S. Department of Justice has argued that quick access to information by law enforcement agencies can stop crime and, in some cases, save lives.
Beyond legal questions, cloud vendors have several security issues to face, other panelists said. The security goals of customers may not match the priorities of cloud providers, said Alan Friedman, research director for the Center for Technology Innovation at Brookings and co-author of a new paper on cloud security. In addition, data privacy laws differ significantly between nations, and some U.S. cities have demanded that their providers store data only in the U.S. for security reasons, even though the European Union has stronger privacy protections for cloud users, he said.
U.S. government entities are "very concerned about other nation[s] accessing data, but still we're reluctant to adopt strong regulations, as the EU currently has," he said.
Friedman and Marjory Blumenthal, associate provost for academic affairs at Georgetown University and a longtime technology policy expert, also raised concerns about ambiguity in cloud computing agreements between vendors and customers. There's little legal precedence on enforcing promises made in the agreements, Friedman said.
Many cloud providers so far have claimed they are not responsible for the data stored on their service, Blumenthal said. The use of virtualization in cloud computing environments could also lead to data leaks between customers if the virtualization isn't done correctly, she said, and cloud providers will likely become tempting targets for cybercriminals.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts