Information Technology Reference
In-Depth Information
Encryption can be applied to data when it is being uploaded to the cloud. However,
encryption has a cost: processing and storage would have to include extra steps to decrypt
and encrypt data, respectively. This could cause the service to slow down. This is a sensible
compromise for organizations dealing with sensitive user data. Other techniques include zero-
filling of disk drives before hardware disposal. Unix- and Linux-based operating systems pro-
vide utilities (such as
dd
) that can write a zero byte to every addressable location of the disk
drive. Another similar technique is to overwrite all the disk blocks with random data.
In a cloud storage system, the number of networks increases: LAN, SAN, and WAN are
all in play. In a typical cloud storage platform, data from multiple customers will unequivo-
cally pass through the same network channels. Therefore, faulty equipment, software bugs,
erroneous actions, and human criminal intent can cause other customers to access data that
does not belong to them.
Just as encryption at rest prevents stored data from unauthorized access, encryption based
on PKI techniques for data in transit can protect data from unauthorized readable access.
Legal Issues (Jurisdiction and Data)
With cloud computing and its dynamic nature, certain legal issues arise, including trade-
mark infringement and security concerns regarding sharing of proprietary data resources.
Moreover, laws vary from country to country and region to region, thus making a user
and user data subject to government control and territorial legislation.
During the U.S. government's seizure and shutdown of the MegaUpload cloud storage
service, people lost property rights of stored data on the cloud computing platform. The
U.S. government's approach to data legislation relies on a combination of legislation, regu-
lation, and self-regulation rather than governmental regulation alone. The data privacy leg-
islation tends to be adopted on ad hoc basis. The United States has no single standardized
data protection law comparable to the European Union's Data Protection Directive.
The Data Protection Directive (officially known as Directive 95/46/EC) regulates the pro-
cessing of personal data and free movement of such data within the European Union. It is an
important component of the EU privacy and human rights law. The directive regulates pro-
cessing of personal data by defining scope and principles. The scope defines personal data as
“any information relating to an identified or identifiable natural person (data subject); where
an identifiable person is one who can be identified, directly or indirectly.”
The principles talk about transparency of processing. Data subjects have the right to be
informed when their personal data is being processed. Controllers must provide their name
and address, the purpose of processing, the recipients of the data, and all other information
required to ensure that the processing is fair.
The principles also talk about legitimate purpose and proportionality. Legitimate purpose
regulates that the personal data can be processed only for specified explicit and legitimate
purposes. It also specifies that the data may not be processed further in a way that's incom-
patible with those purposes. Proportionality specifies that the data may be processed only
insofar as it is adequate, relevant, and not excessive in relation to the purposes for which it is
Search WWH ::
Custom Search