Security Infringement in Cloud Computing – Should Users be Informed?
3 min readLike any other sector, online world has set rules and regulations that are meant to protect the rights of users involved. One of the major concerns of any user in today’s computer/internet world is the security of their data. Things complicate a notch higher when cloud computing is involved and a security breach occurs. Users expect to be informed about any such situation, especially if their information is being compromised. However, matters aren’t always that simple. For the past one decade, it is almost unanimously being advocated by the majority of the US states that users should be notified about any security breach occurring in the system which leads to acquisition of unencrypted personal data malevolently. There is a law in place as well, handling all these matters, however, it has its set of limitations.
For instance, in some areas, the law states that the company is only liable to inform users, in case of any security breach, when their personal unencrypted data is being comprised. The first or last name of the user, along with other more important details like driver’s license number, ID card number, account and credit card details, medical data, social security number, security codes required for various sites and passwords etc., are some of the things that fall in the above category. Now, not only the main company or someone who gathered information from the user in the first place, but also the hosting provider are liable to inform the user about the security breach.
Enterprises depending largely on cloud computing also have a similar role to play. As, they process the personal data in decoded form, they are also responsible to inform users in case a security breach occurs in the system.
However, a recent survey has revealed that hardly any cloud computing service provider takes into consideration these things. They have no such clause in their ‘terms and conditions’ that makes them liable to notify their customers about any security infringement. They maintain, customers should not give away personal data and should avoid uploading such data on cloud. This has left users completely baffled what exactly to do to protect themselves and get informed about any security violation. Here is what can help you.
- Before you give away your personal data on a cloud computing system, see if there is a security infringement disclosure law in place. If it does not commit to protecting your information, think twice before uploading such a piece of info.
- In case, you still would like to make use of the abundant cloud computing features, try checking out the encryption options available. Coded data is far safer than unencrypted one. However, coding is not practical in various areas of cloud computing and even, if it is, sometimes even encryption doesn’t help in keeping your data safe.
- You should always get in touch with your cloud computing company and share your set of concerns, telling them in detail you’re interested in uploading personal data, yet want some sort of assurance that you will be notified in case of a security infringement. You might be surprised by their extra input to satisfy you. However, you might have to pay an extra amount for such a service which falls out of their regular ‘terms and conditions’ scope.