Google Drive begs the question: Who owns your data in the cloud?

By John Brandon, CIO |  Cloud Computing, cloud storage, Google

Neustral says the policy might apply for a service like Google Translate, where the data has to be analyzed and even parsed for intended meaning, but not for cloud storage. That's a good lesson for CIOs who need to understand cloud storage policies--one size does not fit all.

Enterprise Cloud Storage: Read the Contract

That's why, for enterprise cloud storage, most experts say the most critical step with storage policies is to investigate the actual contract you have with the vendor. This might require scrutiny from a corporate attorney, and further investigations into such intangibles as how to retain data archives if a cloud storage vendor goes under and how to encrypt access to the cloud storage.

Ashley Podhradsky, the Assistant Professor of Computing and Security Technology at Drexel University has studied the security issues with cloud storage, and is also a member of the Cloud Security Alliance. She says one recent strategy with cloud storage is for the cloud infrastructure to integrate directly into an on-premise data center.

"This allows the corporations network administrators to control cloud access through services such as Active Directory and LDAP (Lightweight Directory Access Protocol, an Internet protocol for accessing data). The encryption keys are starting to be managed on the corporation side opposed to the cloud provider, which aims to include the corporation into more of the security practices," she says.

Thankfully, most cloud vendors have clear policies about who owns the data. Aaron Messing, a technology and information privacy attorney with Olender Feldman *** (), says there is not much debate about the fact that the enterprise owns the data. He says there are vagaries about how quickly data should be destroyed upon request (say, within a specific timeframe), or whether the vendor is blocked from sharing any data publically (such as e-mail addresses or customer lists).

Beyond studying the agreement with the vendor, and negotiating the terms that make sense for the type of data you will be storing, Messing says only certain types of data are appropriate for the cloud.

"We strongly recommend against storing any type of personally identifiable information, such as date of birth or social security numbers in the cloud. Similarly, sensitive information such as financial records, medical records and confidential legal files should not be stored in the cloud where possible," he says.

Messing also adds that, if a company does decide to store some financial data in the cloud, you should use strong encryption and keep a second local archive in order to mitigate risk.

Originally published on CIO |  Click here to read the original story.
Join us:






Cloud ComputingWhite Papers & Webcasts

Webcast On Demand

How Moving Your Contact Center to the Cloud Eliminates Risk

Sponsor: Interactive Intelligence

Webcast On Demand

Building a Hybrid Cloud

Sponsor: Hitachi Data Systems

Webcast On Demand

Healthcare IT: Out of the Basement and into the Cloud

Sponsor: VMware

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question