23 Feb 2009
Cloud computing may pose serious data security threats to businesses wanting to save on software licensing and support services, according to City law firm Reynolds Porter Chamberlain (RPC).
Despite the cost saving potential offered by taking data storage and applications online, the use of cloud computing may lead to breaches of the Data Protection Act (DPA) by businesses and their information security obligations to clients, the law firm warned.
"A company choosing to outsource their data storage risks claims being made against them by their customers if data held by the host server becomes unavailable during an interruption or outage, or even lost," said Alex Hamer, partner at RPC.
The likelihood of service interruptions also raises concerns over use of the cloud for business critical applications, said Hamer, who points out that the cloud computing community has received reports of 14 outages and consequent lost data and security issues in 2008, an increase from just one in 2007.
"As most cloud computing service providers will not guarantee the security of the data they store, this may put cloud computing users in breach of their requirements under the DPA to ensure an appropriate level of security," said Hamer.
"Companies regulated by the Financial Services Authority are required to have adequate risk management systems in place, and any failure to comply could result in a considerable fine."
The benefits of cloud computing are indeed compelling, creating a centralised method to access shared data, significantly lowering costs and reducing data centre space, power and cooling. However, organisations must realise that accountability for valuable business data cannot be as conveniently outsourced.
Companies could be exposing themselves to a business continuity disaster. In many ways cloud computing resembles the Application Service Provider (ASP) model that was prolific prior to the dot-com crash, and a lot of those providers are no longer around.
We must remember that management will always be responsible for protecting company and customer data. It is therefore essential when moving towards cloud computing that businesses consistently ensure the health of the cloud-provided services. This includes gaining complete confidence that the cloud provider is a viable, stable business with assurances and protections, such as comprehensive risk and security defences in place, to safeguard business data.
Alongside guarantees from the provider, businesses must also ensure that they have an alternative strategy in place in the case of any disruptions or loss of connectivity to the cloud-based service. This includes awareness of any of the provider?s fallback plans and commitments that may jeapordise valuable information. Businesses also need to bear in mind that any interruptions to cloud computing providers may have to be dealt with on both a short- and long-term basis, depending on the nature of the disturbance.
Whilst the benefits of moving to the cloud are evident businesses must be aware of what they are getting into, and be able to mitigate the risks.
Yours sincerely,
Andrew Heather
General Manager, EMEA
Tripwire
www.tripwire.com
Posted by: Andrew Heather 24 Feb 2009
Have your say on this article
Newsletters
Latest stories from Applications
Latest videos
You may also like
Applications jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?