Who is Responsible for Data Security, and How Does the Cloud Change Things?


In terms of exerting influence over IT security, the cloud has played a more significantly disruptive role than most emerging technologies. And one of the key questions it poses is precisely who is responsible for keeping data safe when it is stored remotely?

Image Credit

Clash of Opinions

From multinational businesses to home users, cloud computing is relied upon to store petabytes of sensitive data. Its popularity comes down to its affordability and simplicity, but when it comes to working out who should take the blame if that data is compromised after a security breach, things are less clear cut.

There have been efforts to simplify regulations and legislation on this issue in recent years, updating outdated directives created decades before the cloud rose to prominence. In the UK, the Data Protection Act attempts to clarify key issues but does not solve all of the problems posed by the cloud.

In short, businesses which take private information from customers are deemed to be ‘controllers’ of the data in question and thus will need to face the consequences if it is stolen or used in an illegal manner. If it is held on servers operated by a third party cloud provider, then the responsibility for the security is further shared, although the type of cloud platform itself will play a role in determining the degree to which a provider is held to account.

Image Credit

Service Variations

Businesses which make use of SaaS (software as a service) and PaaS (platform as a service) packages can expect that cloud providers will bear the brunt of the regulatory wrath in the event of a breach. This is because the underlying hardware and software remains primarily in the control of this third party, with providers having to provide security measures which are adequate to combat threats.

If data is stored in-house on local servers or on a private cloud setup, then the business itself will be at fault if something untoward occurs. With affordable endpoint security solutions from firms like promisec.com available, there is little excuse for allowing problems to arise.

Where IaaS (infrastructure as a service) is concerned, a cloud provider and its commercial client may be liable to accept equal responsibility, since businesses will be in far greater control over the cloud environment than in any other scenario.

Both comments and pings are currently closed.

Comments are closed.

Powered by WordPress | Designed by: free Drupal themes | Thanks to hostgator coupon and cheap hosting