Cloud Computing and Security

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation.  At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes.  This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

What dangers can cloud computing users face?

Cloud computing service providers are ultimately concerned with making profit and minimizing their risk. Because of this, mandatory contracts have been implemented, so that users agree to terms and conditions before uploading data into the cloud. These are called cloud Service Level Agreements (i.e., “SLAs”). In fact, cloud SLAs determine the relationship between the cloud computing service providers and users. Often times, the terms of service that cloud computing service providers present can be complicated. The intention may be to catch users off-guard. In addition, providers are careful to allow themselves discretion regarding the modification or screening process of user content. This industry does not have formal regulatory standards. For this reason, several organizations (e.g., Federal Trade Commission) have been formed to protect consumers.

What actions have been taken to ensure security in cloud computing?

The juxtaposition of the vague terms and conditions and lack of formal standards has given rise to organizations aiming to protect users. For example, they include, the National Institute of Standards and Technology, International Organization for Standardization, and Cloud Security Alliance. Many companies have taken a stand against setting regulations on cloud computing, since it will likely drive down their profit maximization. Major companies have refused to join standardization organizations. For this reason, there has been an increased call for the security and risk of cloud computing. The European Union is currently taking action by evaluating what has not been covered in the Regulation on Common European Sales Law in order to create a regulatory framework to decrease risk for consumers. It has also adopted the “Unleashing the Potential of Cloud Computing in Europe” strategy. However, a divide still exists in the legislation in the United States and the standards set in place by the European Union.

At our law firm, we assist clients with legal issues related to cloud computing and security. You may contact us to set up an initial consultation.