Cloud services and security

One of the greatest concerns around cloud computing is: where is the data stalled? At least, it should be. Should you not have put this question to yourself, then it’s time to do so. If it is not already too late of course, but even then, ask yourself this question. The reason I ask is that an IVIR report was published recently, that I’d like to draw your attention to.

One of my hobby horses while blogging is that an organisation should never proceed in ICT changes, just because it’s possible to do so and appears cheaper or better at first glance. Always think over the consequences first, before the negative side manifests itself. Having to make changes then is usually costly and troublesome, if it hasn’t hurt the organisation already in a serious way, e.g. financially, economically or through the loss of vital data or reputation.

This is not hypothetical. It’s certainly real. Data stored in the cloud could be stored anywhere in the world. Are you aware of consequences this may have? Who is able or has a right to access your data there, perhaps without you ever knowing? Does it matter to your organisation’s data if this happens or not?

In the study “Clouddiensten in hoger onderwijs en onderzoek en de USA Patriot Act” (Cloud services in higher education and research and the USA Patriot Act, translation WdN, click here.), by Amsterdam research institute IVIR, focusses on US and Dutch law. It gives a conclusive overview of choices and possible consequences, from a specific question stemming from higher education towards cloud services. What about other organisations, public and private?

To my mind the choices faced are basically the same. The foremost question should be: Does my organisation need to be in the cloud?, followed by: For what part of my organisation is it safe to transfer data to the cloud?

Not just because of the risk that a government starts an investigative process in the form of a legitimate search. This can happen in any country. Added to this specific topic should be questions on cyber security, privacy, digital espionage, physical security and the application of local laws and customs towards your data need to be looked into and answered before entering the cloud. And undoubtedly many more questions. Also you need to know who your cloud provider is (a part of) and where it intends to stall your data.

Don’t enter the cloud just because it saves money. Enter it because it adds to your ICT service in a positive way, after you made a well informed choice that is appropriate and proportionate for your organisation and above all secure. The cyber security of your organisation should be foremost in your mind before moving into the cloud. Better be safe than sorry.

Wout de Natris, De Natris Consult

Leiderdorp, 15 October 2012

Advertisements

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber awareness, Cyber crime, Cyber education, Cyber espionage, Cyber security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s