Cloud computing could bring security threats

Serious data security implications could result from service outages, warns law firm

Cloud computing may not be suitable for business-critical applications

Cloud computing may pose serious data security threats to businesses wanting to save on software licensing and support services, according to City law firm Reynolds Porter Chamberlain (RPC).

Despite the cost saving potential offered by taking data storage and applications online, the use of cloud computing may lead to breaches of the Data Protection Act (DPA) by businesses and their information security obligations to clients, the law firm warned.

"A company choosing to outsource their data storage risks claims being made against them by their customers if data held by the host server becomes unavailable during an interruption or outage, or even lost," said Alex Hamer, partner at RPC.

The likelihood of service interruptions also raises concerns over use of the cloud for business critical applications, said Hamer, who points out that the cloud computing community has received reports of 14 outages and consequent lost data and security issues in 2008, an increase from just one in 2007.

"As most cloud computing service providers will not guarantee the security of the data they store, this may put cloud computing users in breach of their requirements under the DPA to ensure an appropriate level of security," said Hamer.

"Companies regulated by the Financial Services Authority are required to have adequate risk management systems in place, and any failure to comply could result in a considerable fine."