The final section of this article looks at how and where data is stored or handled, and the issues that arise in cloud computing through the process of creating multiple instances of data across multiple server platforms. Cloud computing relies on this mechanism for many of its key benefits, but invites by making it additional data security challenges.
Data collection and storage are usually bound by legislation or regulation that varies depending on the jurisdiction under which a service falls. The most prominent regulations (such as those in the US and Europe) share certain principles that require, for example, data collection with the subject’s permission, with their full understanding of what the data will be used for, only if the data is relevant to the stated purpose, for the stated purpose only, with transparency and with accountability. For the purpose of the data, this should mean that they consent to the service provider collecting data relating to them, knowing what data is, who has access to it and why, and how to access it themselves if they will.
Therefore, it is very important for IT service providers who have data management that they are able to identify where data is stored within the services they provide, how to access them and whether they are secure. However, abstraction of cloud services in particular can pose challenges for those who use them to store or process data because they cannot necessarily guarantee where that data is at any given time. The physical location and guardianship can be obscured with data hosting sometimes crossing different places, geographical boundaries and even jurisdictions.
In cases where private information is involved, the answer often lies with private clouds that use on-site hosting as mentioned in earlier parts of this article, but there is often a trade-off with some of the other benefits of cloud mentioned below.
Multiple data instances
Two of cloud computing’s biggest selling points are redundancy and scalability. These are often achieved by using multiple servers to provide the underlying data processing resource, and therefore the data within a cloud service is ultimately stored on these many servers. In addition, cloud structures will also create multiple instances of data across these servers to provide an additional layer of redundancy protection. The more servers this data is shared on, the greater the risk that this data may be susceptible to security vulnerabilities on one of these servers (e.g., malware, hacks); While the more instances of a piece of data, the greater the risk (by definition) that this data can be accessed and used by unauthorized users. In essence, data in one location must be protected once, data stored in 100 locations must be protected 100 times.
What’s more, since each server and platform is likely to be shared, especially in the public cloud model, each data instance may be exposed to a different security threat introduced, unintentionally or otherwise by third-party users sharing the resources. However, in a private cloud, this threat is reduced as the cloud resource is behind one organization’s firewall and fewer instances of data are initially created (fewer servers for pool). Therefore, there is always some degree of trade-off between introducing security risk and the level of redundancy and scalability built into a system (though redundancy can, of course, prevent data loss itself). Private clouds may be safer, but with a smaller pool of resources, they may not match the levels of redundancy and scalability offered by the vast capabilities of public clouds.