Cloud Computing, Part 2: Law, Privacy & Maturity

Written on 9:59:00 PM by S. Potter

At the CEO roundtable event I mentioned in my previous blog post about in Cloud Computing, Part 1 the other major business consideration that came up was how to protect your business' (and/or customers') assets properly. Ultimately anyone that wants to build a solid foundation for their business needs to tackle this well to be successful long-term. One person asked the speaker to elaborate about a recent case where a UK bank used servers in datacenters inside India where a datacenter employee stole customer information and used it to effectively steal money from these people's accounts for his own benefit. This could happen in any country, however, in this case this datacenter employee actually didn't break any laws inside of India (or broke one very minor law that had a very limited penalty). Ultimately this lack of relevant law and regulation in a foreign country is the major risk for a business using offshore datacenter resources. Unfortunately I didn't hear the name of the bank involved to be able to find a news article about this incident, however, the speaker had heard about this incident (it wasn't just a figment of the questioners imagination) and his response (I am paraphrasing here) was:

Countries with the most mature infrastructure, laws, regulations and standards regarding data and information law (as well as privacy) will probably be the places that larger firms will invest in for sensitive and mission critical systems of their organization despite the likely higher cost of building.
As you determine whether you are going to be a cloud consumer or provider in the future, make sure to keep an eye on these risk factors as some executives seem to only focus on the raw bottom line without conducting a thorough risk analysis to see if the cost savings are really worth the higher risks. Choose the best cloud computing partners for all your cost trimming AND risk mitigation needs.

If you enjoyed this post Subscribe to our feed

1 Comment

  1. samaparicio |

    Following your analysis it seems you may be equating cloud computing with "abroad", regardless of where "home" may be.

    Wouln't simply keeping your data in the jurisdiction where that data was originated and where the customers who own that data is be a better approach to dealing with privacy when it comes to hosting?

    I think there are some categories of software that should not be in a public cloud, such as those where, if a government institution like the FBI subpoenaed the cloud provider, the user of the cloud would take a divergent approach from that of the cloud provider, as to whether to hand the data over or not.

    I see a lot more inherent risks in running your own data centers. The chances of leaving yourself wide open are higher. Especially when insiders remain one of the most common causes of data theft.

     

Post a Comment