Question of Privacy in Cloud Computing arises when Users of a cloud solution, whether individual or company that go in shifting data into the cloud storage on a regular basis with the risk of this data exposed to third party. Since it can not be ruled out that the cloud provider thereby stores the data on servers that are located in countries whose data protection level corresponds, may be possibly give a legal access on the basis of common law. Especially authorities of “internal security” such as police, law enforcement, national intelligence services or even tax authorities benefit from the access to corporate and personal data. This information can be used, for example for investigation for various criminal prosecutions or conduct economic espionage for their own country. Financial authorities must obtain evidence of tax evasion or tax fraud in the situation and immigration benefit; in decisions for or against immigration application information about the person whose call would not have been possible through conventional channels of information. Also, access by third parties may be allowed in complete abstinence of legislation. A concrete example of a legal basis for access to cloud data, is the USA PATRIOT Act, that allows the FBI (Federal Bureau of Investigation) for the FISC (Foreign Intelligence Surveillance Court) to collect all the information as they might need. The FBI is not under any obligation for the affected person or the company concerned about the access to data. The only technical security measures such as encryption, anonymization or pseudonyms offer to minimize the risk of unwanted access as minimal as possible by third parties for the user the opportunity. Without the proper key the access or use of the data is much more difficult.
|Table of Contents|
Privacy in Cloud Computing : Previous Articles
In the context of Privacy and Cloud Computing, we published two articles on the same topic :
Unlike the protection against unauthorized access on to a private or a corporate network, the customer must give their full confidence in the operational control of access management and the associated safeguards to the cloud provider. As the access to cloud services, the data are transmitted over the Internet is an uncontrollable element to reach the destination, the following points briefly describe technologies used and risks, the detailed description, however, not the subject of this work.
Privacy in Cloud Computing : Need of Authentication
Methods can be used to avoid unauthorized access to the data while using the Inernets, encrypted tunnel connections (e.g. site-to-site VPN (Virtual Private Network) ). The data itself can also be encrypted in an way so that only worthless bits and bytes could be intercepted without the appropriate decryption of algorithm and the matching key. In the data center, the following technologies can prevent illegal access and data corruption:
- Virus scanner
- Identity Management
- Encryption of data storage
- Logging systems
The use of these technologies contributes to stop the hacker attacks from external, internal, man-in-the-middle attacks, cross-site request, DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks.
The measures for this purpose should be made ??known to the customer and are contractually hold. Blind faith is no longer sufficient in the provision of highly sensitive data to the outsiders. It must be ensured that the measures used are kind of state of the art.
In many areas, there are human risk factors :
- Registration is too simple (combination of user name and password)
- Criminal associates
- Error in setting up the infrastructure or the administration handling
- Theft of access
Corresponding contracts with the cloud providers ensure the confidentiality, integrity, availability, auditability of data, the transparency of the beneficiaries and provide the access control.
First of all, it is important to make sure that the access used for the processing systems can prevent unauthorized persons. The expression of the intensity of protection or control is dependent on the nature and extent of deprotection of the sensitive data. Typically, data centers are guarded around the clock. This can be realized for example in the form of a card or a token for locking systems. Of course, these requirements should apply not only for cloud providers but also for local entertainment of the data. However, the customer can save more expensive security systems the use and acquisition by provided by the existing infrastructure of the cloud provider. Ideally, the cloud provider that must realize their own security solution plus the cost savings for the customers. The customer therefore benefits through economies of scale effect in the cloud provider.
Privacy in Cloud Computing : Further Reading
Cloud Computing is associated with various as as Service offer. In this article, we will discuss on Authentication as a Service of Cloud Computing. As the regular readers must have noticed, there are several as a service, which are not standard or non-specific. Latest authentication technologies for identity and access management strategy requires a good planning. Appropriate technologies and products must be tested. Technical aspects of data security in the cloud is one of the main reason why the companies or the end users thinks to be in the cloud. Here are three more articles which cover these three important Points :
The current topic on Privacy in Cloud Computing, ends with this article.