Security issues hobble cloud computing
When a company uses cloud computing — just where in fact does the company’s data reside, who controls and has access to it, and who is responsible for any legal or other problems that arise? How can companies ensure they are properly archiving and deleting e-mail in the cloud that might be needed in future legal cases? How can managers guard against risks that sensitive data will be downloaded from the cloud into mobile devices?
The forecast for regulatory compliance remains foggy in the gathering storm of cloud computing. As more data reside in distant computers connected via the Internet — or the cloud — just where in fact does the data reside, who controls and has access to it, and who is responsible for any legal or other problems that arise? Investor’s Business Daily’s J. Bonasia writes that answers are in the process of being ironed out in legal settings, corporate boardrooms, and the court of public opinion.
“This is a big challenge, and companies are wrestling with it,” said John Magee, vice president of product marketing for security software leader Symantec.
Recent case in point: Mobile carrier T-Mobile’s service for the Danger Sidekick phone was disrupted in October when systems failed in a cloud computing data center hosted by Microsoft. The outage resulted in the loss of contacts, photos, and messages for thousands of T-Mobile customers. Microsoft, which traced the problem to third-party technology providers, said it recovered most and maybe all of the lost data. T-Mobile sent $100 gift cards to affected customers.
The Danger episode raised red flags about the dangers of cloud computing. Cloud computing uses remote data centers for data processing and storage. Companies can cut their tech costs by using cloud computing. Consumers use cloud-type services all the time for things like e-mail and photo-sharing services. Users simply access data and software over the Web.
Companies, though, remain mostly in the dark about how regulatory compliance will play out in the cloud, tech observers say. Problems will start to grow as more corporate data get distributed across the cloud, predicts Symantec’s Magee. “There is an issue here and it’s having an impact on a lot of customers I talk to,” Magee said. “People are wrestling with these legal points. This is not just about technology.”
Bonasia writes that there are many questions. How can companies ensure they are properly archiving and deleting e-mail in the cloud that might be needed in future legal cases? How can managers guard against risks that sensitive data will be downloaded from the cloud into mobile devices? Social networking sites such as Facebook — which store all kinds of user data and thus are part of the cloud — present still more issues.
“Companies must grapple with what data they must maintain for legal cases. And bosses are responsible for meeting financial reporting rules under Sarbanes-Oxley and other finance laws,” Bonasia concludes.
