More and more small businesses are using the cloud to access markets more quickly, scale and grow without initial up-front costs needed for tradition IT infrastructures. Organisations that are not using the cloud need to start their cloud journey as soon as possible, particularly small and medium-sized businesses.
Potential risks related to Cloud Computing
The biggest perceived barriers for both consumer and SME take-up of cloud computing are lack of privacy, data security, provider lock-in, lack of standardisation, and jurisdictional issues relating to applicable law and law enforcement access to data.
Data security and privacy
Potential general data security risks arising from cloud computing relate to: an increase in threats to data confidentiality due to the concentration of data on common cloud infrastructure; the loss of IT control and governance by organisations using cloud services; and an increased risk of data interception in authentication and transmission procedures.
Multiple approaches exist to tackle these vulnerabilities, such as differentiation of the level of security needed by sensitivity of data or use of a ‘private cloud’ managed by the organisation itself or a provider. Additional data security assurance could also be provided through a form of audit and certification systems of cloud services providers.
Data security and standards
Transparency is often lacking in providers’ provisions concerning data security, in particular a lack of data integrity guarantees combined with disclaimers of liability clauses in contracts; a lack of standards regarding data control and security; and often unclear and incomplete information concerning security and privacy on cloud providers’ websites.
Jurisdiction and standards
Law-abiding consumers or business users storing their data in the cloud may well be affected by compulsory orders for disclosure, without notification, as in a public or shared cloud authorities may seize the servers or computers containing personal information of the guilty and innocent alike; this is compounded by a lack of standards in providers’ ‘thresholds’ of disclosure.
The main challenges surrounding the legal issues regarding privacy relate to: ambiguities as to the role of the cloud service provider; uncertainty regarding applicability of EU laws; the need for more effective data protection; uncertainty regarding laws governing international data transfers, and the lack of universality in data protection legislation.
The panel of experts included Gino Thielemans, Head of IT Supervision, National Bank of Belgium; Noémie Papp, Legal Adviser, Consumer Affairs and Coordinator Digital issues, European Banking Federation; and Bruno Schroder, National Technology Officer, Microsoft. It was moderated by Florian Damas, Alcatel-Lucent, and Vice Chair, Cloud Council, DIGITALEUROPE.
Many innovative applications using cloud services and big data rely on trans-border data flows. Following the Snowden revelations and increased incidents or cyber-attacks, cloud security (including processing and storage locations) have become a very high priority for cloud providers, cloud customers and for regulators. This panel shared views on how the right balance can be struck between privacy and security considerations on the one hand, and securing the numerous benefits provided by innovative technologies on the other hand.