23 Feb 2009
Cloud computing may pose serious data security threats to businesses wanting to save on software licensing and support services, according to City law firm Reynolds Porter Chamberlain (RPC).
Despite the cost saving potential offered by taking data storage and applications online, the use of cloud computing may lead to breaches of the Data Protection Act (DPA) by businesses and their information security obligations to clients, the law firm warned.
"A company choosing to outsource their data storage risks claims being made against them by their customers if data held by the host server becomes unavailable during an interruption or outage, or even lost," said Alex Hamer, partner at RPC.
The likelihood of service interruptions also raises concerns over use of the cloud for business critical applications, said Hamer, who points out that the cloud computing community has received reports of 14 outages and consequent lost data and security issues in 2008, an increase from just one in 2007.
"As most cloud computing service providers will not guarantee the security of the data they store, this may put cloud computing users in breach of their requirements under the DPA to ensure an appropriate level of security," said Hamer.
"Companies regulated by the Financial Services Authority are required to have adequate risk management systems in place, and any failure to comply could result in a considerable fine."
The benefits of cloud computing are indeed compelling, creating a centralised method to access shared data, significantly lowering costs and reducing data centre space, power and cooling. However, organisations must realise that accountability for valuable business data cannot be as conveniently outsourced.
Companies could be exposing themselves to a business continuity disaster. In many ways cloud computing resembles the Application Service Provider (ASP) model that was prolific prior to the dot-com crash, and a lot of those providers are no longer around.
We must remember that management will always be responsible for protecting company and customer data. It is therefore essential when moving towards cloud computing that businesses consistently ensure the health of the cloud-provided services. This includes gaining complete confidence that the cloud provider is a viable, stable business with assurances and protections, such as comprehensive risk and security defences in place, to safeguard business data.
Alongside guarantees from the provider, businesses must also ensure that they have an alternative strategy in place in the case of any disruptions or loss of connectivity to the cloud-based service. This includes awareness of any of the provider?s fallback plans and commitments that may jeapordise valuable information. Businesses also need to bear in mind that any interruptions to cloud computing providers may have to be dealt with on both a short- and long-term basis, depending on the nature of the disturbance.
Whilst the benefits of moving to the cloud are evident businesses must be aware of what they are getting into, and be able to mitigate the risks.
Yours sincerely,
Andrew Heather
General Manager, EMEA
Tripwire
www.tripwire.com
Posted by: Andrew Heather 24 Feb 2009
Have your say on this article
Newsletters
Latest stories from Applications
Latest videos
You may also like
Applications jobs
Will Google’s new privacy policy impact how you use its services?
Garry Sidaway, director of security strategy at Integralis discusses the current threats to enterprises, and how they should protect themselves
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
