Cloud Security
By Sara Kwiecien
The cloud is a virtual storage space for large amounts of data. As our use for technology increases globally, so does our need to store information. Virtual storage decreases user control over their data and increases the possibility of exposure to an outside source. This means an increasingly complex virtual structure which demands an increase in security and legal efficacy. 2
There are several main concerns about security on the cloud. The questions of who controls the data, who should have access to the data, and how do protect the data are the biggest. Security limits on the cloud are not always well defined or apparent to users. Since servers often cater to multiple clients, it can be difficult to determine who the data belongs to on certain platforms. Different cloud platforms may have different security administrators with variable security protocols overseen by multiple suppliers. The lines of what is prohibited to whom can be blurry, if not on the user end where data is transferred, then on the data management end where data is stored. Some suppliers deal with international companies for data management or storage where cyber law can be change in its interpretation or enforcement. 2
Stored data is usually meant to be accessible by design; someone will probably be looking to use the data at some time. The user stores the data on the cloud with this intention. Behind the scenes, a multitude of workers in the management of data also may end up with access to it, increasing the risk of not just exposure or theft, but accidentally altered or erased data as well. Third party organizations can be used as oversight but that increases the number of hands in the pot.2
Another issue of the cloud is data mining. Many sites require the user to agree to their data policy before allowing access to their applications. Included in this agreement is the right to sell or share their data with additional parties. The issue remains that once the data is sold, the oversight on how it is used lessens, so the risk for misused data increases. Also, if certain data is mined from a particular site, there is the risk that data that is not meant to be included is exposed, particularly on servers that may host multiple clients. Some laws still require updates to be effective with new technology. The Stored Communications Act of 1986 allows that any emails that are on the server for more than 180 days can be requested without judicial review. Server agreements are not always clear as to how long the data will be stored or the impact of long-term storage.3
Data Access
As the internet develops, some laws have been set to try to define some of the parameters expected for access to data. In the 1990’s, the American Psychological Association (APA) was concerned about the internet’s impact on patient and provider confidentiality. They provided a list of ethical guidelines that don’t deal with specific situations, but are meant to be used as constructs to determine the safety of protected health information (PHI) specific regulations. This also resulted in the Health Information Technology for Economic and Clinical Health Act (HITECH) and medical information is regulated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires additional security measures to protect PHI. This is sanctioned by the government and all institutions that handle this type of data are required to comply with HITECH regulations.3
In 2013, the media exploded with data security concerns after Edward Snoden leaked details of government involvement in data mining. Government oversite was questioned as to how and when access to public records should be granted. On the other side, sometimes government data is expected to be accessible to the public. Institutions that receive public funding, like state universities, can have emails or other information released by public request according to the Freedom of Information Act. Emails that contain PHI for faculty or students are at risk, so how and when we release information still requires additional addendums.3
In some areas, data protection is moving quicker than others. Medical information uses closed systems to record data. Data transfers are encrypted and done through FTP sites that include virtual desk encryption which requires a separate access to be created. PHI is often stored on multiple servers so that medical data cannot be connected with identifiers.3
Recommendations for reducing the threat to cyber data
include two factor identification which requires a login on two separate devices
to proceed, encryption of all data from site to transfer to storage, and the
creation of threat models which allow cloud administrators to determine the
level and direction of possible threats to their clients beforehand.3 One of
the difficulties of cyber security is that it is easier to puzzle out a flaw in
an existing system than it is to anticipate where a breach may occur. Society
is moving forward on an increasingly digital projection. While there is no certainty
of what the future will bring, as the need for data storage increases within
the global economy, the need for cloud regulations will increase as well.2
Photo by Jason Leung on Unsplash
References
1.Kumar, R., & Goyal, R.
(2019). Assurance of Data Security and Privacy in the Cloud: A
Three-Dimensional Perspective. Software Quality Professional, 21(2), 7-26.
2.Kumar, S., Verma, R. S.,
& Mohan, K. (2017). Survey on Data Security Issues in Cloud Computing. International Journal of
Advanced Research in Computer Science, 8(3).
3.Lustgarten, S. D. (2015).
Emerging ethical threats to client privacy in cloud communication and data
storage. Professional Psychology:
Research and Practice, 46(3), 154.

We think about cybersecurity a lot these days, generally speaking, but cloud security, not so much. When it concerns our private devices, our PCs, our Macbooks, phones, we're forever chasing antivirus software, being mindful of the sites we're visiting, but when it comes to accessing things on the proverbial cloud, security is something at least I for one have taken for granted. This was a nicely written, concise foray into the subject.
ReplyDelete