Who's the Boss in Cloud Land?

Who owns the data? Who is answerable if the cloud fails? Who is responsible if a virtual machine holding data from a company under strict governance is parked next to one that is unregulated on the same physical server? Why does it seem so easy for hackers to attack data that’s online, and if a corporation’s data is in a cloud that’s hacked, who has to stand up and take the licking?
Reference: http://www.technewsworld.com/story/Whos-the-Boss-in-Cloud-Land-69591.html



10 Comments

  • Who owns the data? You do.
    Who’s answerable if the cloud fails? You are.
    Who’s responsible for mixing classified data? You are.
    Who has to take the licking? You do.
    You cannot avoid responsibility for your technology or data. You have to design and plan and contract resources whether you out-source or in-source.

  • The indemnification will be written in the “I Accept” EULA. Without an explicit language, it is up for grab for anyone to claim anything.
    IMHO.

  • 1. Each Cloud-Using Entity that is seeking processing power (CPU cycles).
    2. Only part of the cloud fails, and it re-routes around it. So essentially, No One.
    3. EVP MIS/IT for that physical server’s jurisdiction
    4. This is no different in a “cloud” scenario than in the current internet scenario.
    Cloud COMPUTING is about the combined computing (processor cycles to compute more rapidly) power, not the data/security layer that transports the data to/from the computing power.

  • I’d agree with Regis in spirit, although the others are probably legally closer to the mark; ultimately, whatever the legal ins-and-outs (and data protection laws probably vary greatly from country to country), it’s up to you to exercise stewardship of the data you put online and it’s not good enough to blame a third party. Must admit though when I read the headline question here, all I could think of was this guy (see link). I am probably very shallow…
    Links:
    http://www.linkedin.com/redirect?url=http%3A%2F%2Fi59.photobucket.com%2Falbums%2Fg309%2FdeathORdie%2FBrianBlessed_FlashGordon_Vultan.jpg&urlhash=Lp6B

  • Ali
    Who owns the data? You do. It’s your data and always remains so
    Who is answerable if the cloud fails? The cloud itself shouldn’t fail. What is more likely is that one leg of the system will fail. If that leg is your own internet connection to the Cloud then your ISP is answerable. If the Data Centre has gone down then they are answerable, but a good Data Centre will have a backup somewhere else in the country.
    Who is responsible if a virtual machine holding data from a company under strict governance is parked next to one that is unregulated on the same physical server? This shouldn’t matter as the two sections of the Virtual Machine shouldn’t be able to see each other and shouldn’t be able to communicate with each other.
    Why does it seem so easy for hackers to attack data that’s online, and if a corporation’s data is in a cloud that’s hacked, who has to stand up and take the licking? If it is your data that’s been hacked then you’ve taken the hit. But a good Data Centre should be secure from hackers. It isn’t that easy to hack a good firewall.
    The ultimate answer is to ensure that you trust the Data Centre. At the end of the day you’ve given them your data and you have to double-check that they will keep it secure. Ask an IT Consultant to check them out for you first.

  • You may be the boss and carry the ultimate can but a lot of what happens is out of your sight and your direct control. That is why due diligence and trust are so important. “Your business in their hands?”:
    http://www.chilternbusinesscomputing.co.uk/#/cloud-computing/4538316729

  • Cloud computing is mostly a case of joint ownership. You owning your data and the owner of the cloud where you place your data. The problem is that it is a little like the internet. The buyer must be aware of who he or she is trusting with their data. At this point you could get very technical and address all of the issue of lines and connections, security, reliability. All of those will be a constant battle of staying ahead of the misuse of the internet. The good news is that most of the places, conducting real business are far more secure than many business sites. The question them becomes a legal one occurring if the supplier fails to provide the service, has a security breach or goes out of business.
    This means that anyone considering cloud computing and storage should address with the same due diligence as they would there own data center all of the possibilities related to the cloud site as well as reliability of connections and service, because very often this is functionality and data that is the life blood of the company.

  • All this fuss about the Data. But who IS the BOSS?
    What happens if the Provider shuts down the Service for what ever Reason. He or She may go bankrupt or just earned loads of Money from stealing your Data.
    How do You get your Data back, if You do? You may own it, but if you can’t access it suddenly in the mid of a Business Day just finishing that live saving Contract.
    This is more about Security then about Safety and easy Access. It’s not the problem with having a Virtual Server somewhere on a Server hosting other Virtual Servers with whatever Security Level they may have.
    Keep in Mind that all the Traffic to store and retrieve Data, Documents and other Stuff you have on you Cloud Space goes via the Internet Network via Protocols that often are not so Secure as You thought.
    Sure, You own the Data but you’re not the Boss as long as you depend on Others. Bosses are those people you need to depend on.

  • Quite a thought provoking question… find my 2 cents as below =)
    Ownership of data is multi faceted… I being the end customer might be the real owner of the data, but at the same time is ABC is taking care of the that data on some virtual server in Texas or for that matter even in Somalia, it becomes the real owner of the data. And the third angle gets added when the same data is hacked or fiddled around with, and that’s when we realize that we have lost the ownership of data to a better coder.
    Well, I for one believe that the architects should be held resposnsible if the cloud fails, but only along with other role players like the ISP, firewall and supports folks who might have added to vulnerability.
    Well… I dont think that an unregulated server parked next to one with real sensitive data is a cause of concern. It happens all the time in all the organizations.
    Why does it seem so easy for hackers to attack data that’s online? This was an interesting part of your query. I think the reason why the data currently put on clouds is suspectible to attacks and is also a little porous to some extent in bcoz of an ongoing rat race between the MS-Azure’s and Amazons’ and googles’ of this planet to capitalize on FMA (first mover’s advantage), and under pressure to capitalize a bigger chunk in lesser time they leave certain loopholes for the hackers. I think the organizations that are saving cost on infrastructre should spend a little from their savings on the security & performance testing of their apps, and should concentrate on inhibiting attacks. Cryptography, firewalls, etc does help curb the attacks, but nothing can replace a proper manual security testing of an app (personal opinion).
    Now coming to back to the main question, i.e. WHO IS THE BOSS? I believe the entity that takes the ownership of the data and pledges to protect is from outside attacks is the real BOSS.
    ~regards,
    varun
    PS: In fact, it just occured to me that when so many players are circumventing around just the ‘data’ and everyone wants to put their hands on the ‘data’ or have ownership of ‘data’ or protect data etc etc… I think DATA itself could be the REAL BOSS here… think over it 😉

  • You might think you own the data, but if you don’t own the cloud, you just gave up the de-facto ownership of your data to some other entity. As for who’s responsible for the problems – well, that’s going to be you.
    Cloud computing is only worth the risk if you own and operate your own cloud on your own network. Otherwise, it’s too risky in my book.

Comments are closed.