Sunday, October 27, 2019

Cloud Security and Future Regulations


Cloud Security

By Sara Kwiecien


The cloud is a virtual storage space for large amounts of data. As our use for technology increases globally, so does our need to store information. Virtual storage decreases user control over their data and increases the possibility of exposure to an outside source. This means an increasingly complex virtual structure which demands an increase in security and legal efficacy. 2


There are several main concerns about security on the cloud. The questions of who controls the data, who should have access to the data, and how do protect the data are the biggest.   Security limits on the cloud are not always well defined or apparent to users. Since servers often cater to multiple clients, it can be difficult to determine who the data belongs to on certain platforms. Different cloud platforms may have different security administrators with variable security protocols overseen by multiple suppliers. The lines of what is prohibited to whom can be blurry, if not on the user end where data is transferred, then on the data management end where data is stored. Some suppliers deal with international companies for data management or storage where cyber law can be change in its interpretation or enforcement. 2

Stored data is usually meant to be accessible by design; someone will probably be looking to use the data at some time. The user stores the data on the cloud with this intention. Behind the scenes, a multitude of workers in the management of data also may end up with access to it, increasing the risk of not just exposure or theft, but accidentally altered or erased data as well. Third party organizations can be used as oversight but that increases the number of hands in the pot.2

Another issue of the cloud is data mining. Many sites require the user to agree to their data policy before allowing access to their applications. Included in this agreement is the right to sell or share their data with additional parties. The issue remains that once the data is sold, the oversight on how it is used lessens, so the risk for misused data increases. Also, if certain data is mined from a particular site, there is the risk that data that is not meant to be included is exposed, particularly on servers that may host multiple clients. Some laws still require updates to be effective with new technology. The Stored Communications Act of 1986 allows that any emails that are on the server for more than 180 days can be requested without judicial review. Server agreements are not always clear as to how long the data will be stored or the impact of long-term storage.3

Data Access


As the internet develops, some laws have been set to try to define some of the parameters expected for access to data. In the 1990’s, the American Psychological Association (APA) was concerned about the internet’s impact on patient and provider confidentiality. They provided a list of ethical guidelines that don’t deal with specific situations, but are meant to be used as constructs to determine the safety of protected health information (PHI) specific regulations. This also resulted in the Health Information Technology for Economic and Clinical Health Act (HITECH) and medical information is regulated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires additional security measures to protect PHI. This is sanctioned by the government and all institutions that handle this type of data are required to comply with HITECH regulations.3

In 2013, the media exploded with data security concerns after Edward Snoden leaked details of government involvement in data mining. Government oversite was questioned as to how and when access to public records should be granted. On the other side, sometimes government data is expected to be accessible to the public. Institutions that receive public funding, like state universities, can have emails or other information released by public request according to the Freedom of Information Act. Emails that contain PHI for faculty or students are at risk, so how and when we release information still requires additional addendums.3

So How Do We Protect the Cloud?


In some areas, data protection is moving quicker than others. Medical information uses closed systems to record data. Data transfers are encrypted and done through FTP sites that include virtual desk encryption which requires a separate access to be created. PHI is often stored on multiple servers so that medical data cannot be connected with identifiers.3

Recommendations for reducing the threat to cyber data include two factor identification which requires a login on two separate devices to proceed, encryption of all data from site to transfer to storage, and the creation of threat models which allow cloud administrators to determine the level and direction of possible threats to their clients beforehand.3 One of the difficulties of cyber security is that it is easier to puzzle out a flaw in an existing system than it is to anticipate where a breach may occur. Society is moving forward on an increasingly digital projection. While there is no certainty of what the future will bring, as the need for data storage increases within the global economy, the need for cloud regulations will increase as well.2


                                                          Photo by Jason Leung on Unsplash
       


                                                                       References


1.Kumar, R., & Goyal, R. (2019). Assurance of Data Security and Privacy in the Cloud: A Three-Dimensional Perspective. Software Quality Professional21(2), 7-26.

2.Kumar, S., Verma, R. S., & Mohan, K. (2017). Survey on Data Security Issues in Cloud Computing. International Journal of Advanced Research in Computer Science8(3).

3.Lustgarten, S. D. (2015). Emerging ethical threats to client privacy in cloud communication and data storage. Professional Psychology: Research and Practice46(3), 154.

Saturday, October 5, 2019

The History of the Cloud

by Sarah M. Goulet

Given how the usage of the internet and computer systems have boomed over the past few decades, one might suppose that Cloud Computing is a relatively young phenomenon.  The ability to connect devices wirelessly only happened around the turn of the century (Zimmermann), after all, and HTML as a language appeared around the 90s.  However, the roots of Cloud Computing reach back even further - to the 1960s.


Early Cloud Computing 

In the early days of terminal usage arose the concept of mainframe computing. In this system, terminals could access a main computer - usually a far more powerful one - to gain access to a shared resource.  Powerful computers were expensive (to buy and maintain), and providing every employee with all of the licensed software they needed could rack up the bucks quickly (Neto).  In terms of cost and efficiency, it made far more sense to set up a system that could be shared - a process favored by companies such as IBM.
Floppy Disks
Image by PublicDomainPictures from Pixabay 

Virtual Machines

In the 1960s, DARPA (the Defense Advanced Research Projects Agency) funded $2 million to MIT in order to create a computer "that could be used by two or more people simultaneously" (Foote). What MIT came up with was the precursor to what would be known as virtualization.  This idea was expanded upon by a computer scientist named J.C.R. Licklider, who was a principle player in developing ARPANET, one of the earliest forms of the internet.  In fact, he was one of the earliest people to sow the seeds of what the web would be like today, envisioning a connected, automated computer network - an "Intergalactic Computer Network" - that would allow access of information from anywhere (Waldrop).  Sound familiar?

The meaning of virtualization has changed somewhat over the years.  These days, we use the term virtual machine (VMs), which describes a virtual computer that acts like a real one (Foote).  Yet, this idea of one of the key ideas that allows Cloud Computing as we know it to work.

The Late 1990s - Early 2000s

The advent of the World Wide Web, allowing millions of personal computers to be connected, expanded the possibilities of information exchange even further.  Now business weren't the only ones who could affordably link their computers.  The late 90s marks the start when the phrase "the cloud" started to gain traction, although it initially described the space in between the user and their provider (Foote).  In 1999, a company called Salesforce took the idea of the cloud and began to market the idea that software could be delivered over the web via SaaS (Software as a Service).

By the mid 2000s, the cloud and its capabilities began rapidly gaining traction.  In 2006, Amazon introduced its Amazon Web Services while Google released Google Docs and Google Spreadsheets (Foote). Google CEO Eric Schmid used the phrase "Cloud Computing" in a conference in the same year, marking the point at which the Cloud gained its modern connotation (although some attribute the first usage of the phrase to a company called NetCentric in 1996) (Regalado).  Indeed, the mid-to-late 2000s marked a boom in usage - Netflix, for example, started up in 2007 - and the expansion of the cloud has barely slowed since.
Image by Tumisu from Pixabay 

Today (2010+)


These days, the ability to use the cloud is mainstream, and it more and more companies and personal users alike are using the cloud for storage, software, and more.  Large companies, such as healthcare providers, use the Cloud to host vast stores of information.  Students and professionals alike can use services such as Google's Drive or Microsoft's OneDrive to host their projects, then access them from anywhere.  From Facebook to Twitter, from Google to Youtube, we all use some aspect of the Cloud, sometimes unknowingly - and that usage is only going to grow in the future. 



Extra: Interested in learning more about Licklider and ARPANET? Check out some good reading material here and here

Additionally, this interactive website provides a great overview into the startup of web languages, functions, and browsers that add up to the Internet we know today.  




References: 
Foote, K. (22 June 2017.) A brief history of cloud computing. Retrieved from https://www.dataversity.net/brief-history-cloud-computing/#.

Neto, M. (18 March 2014). A brief history of cloud computing.  Retrieved from https://www.ibm.com/blogs/cloud-computing/2014/03/18/a-brief-history-of-cloud-computing-3/.

Regalado, A. (31 Oct 2011). Who coined cloud computing? Retrieved from https://www.technologyreview.com/s/425970/who-coined-cloud-computing/.

Waldrop. (2000). Computing’s Johnny appleseed. Technology Review, 103(1), 66. Retrieved from http://search.ebscohost.com.proxy-bloomu.klnpa.org/login.aspx?direct=true&db=asn&AN=2656766&site=ehost-live&scope=site

Zimmerman, K.A. (7 Sept 2017.) History of computers: A brief timeline.  Retrieved from https://www.livescience.com/20718-computer-history.html.

Service Models and Cloud Engineering

By Sarah M. Goulet Although the "Cloud" generally refers to the umbrella term of remote data storage, it should come as no sur...