Information Technology Reference
In-Depth Information
3.3.1 Compliance
Companies are governed by varying amounts of regulation depending on their business,
size, locations, and public or private status. Their compliance with all applicable regula-
tions can be audited, and failing an audit can have significant consequences, such as the
company being unable to conduct business until it passes a subsequent audit.
Using a public cloud for certain data or services may cause a company to fail a compli-
ance audit. For example, the EU Data Protection Directive dictates that certain data about
EU citizens may not leave the EU. Unless the public cloud provider has sufficient controls
in place to ensure that will not happen, even in a failover scenario, a company that moves
the data into the public cloud would fail an audit.
3.3.2 Privacy
Using a public cloud means your data and code reside on someone else's equipment, in
someoneelse'sfacility.Theymaynothavedirectaccesstoyourdata,buttheycouldpoten-
tially gain access without your knowledge. Curious employees, with or without malicious
intent, could poke around using diagnostic tools that would enable them to view your data.
Data might be accidentally leaked by a service provider that disposed of old equipment
without properly erasing storage systems.
Because of these risks, service providers spell out how they will take care of your data
in their contracts. Contracts aside, vendors know that they must earn their users' trust if
they are to retain them as customers. They maintain that trust by being transparent about
their policies, and they submit to external audits to verify that they are abiding by the rules
they set out.
Anotherissuewiththepubliccloudishowlawenforcementrequestsarehandled.Iflaw
enforcementofficialshaveawarranttoaccessthedata,theycanmakeathirdpartyprovide
access without telling you. In contrast, in a private cloud, their only avenue to access your
data involves making you aware of their request (although clandestine techniques can be
hidden even at your own site).
There is also the possibility of accidental exposure of your data. Due to software bugs,
employee mistakes, or other issues, your data could be exposed to other customers or the
entire world. In a private cloud, the other customers are all from the same company, which
maybeconsidered anacceptable risk;theincident canbecontained andnotbecome public
knowledge. In a public cloud, the exposure could be to anyone, possibly your competitors,
and could be front-page news.
Search WWH ::
Custom Search