Data Security in the Cloud: Challenges

With the advancement of information and communications technology, cloud computing has evolved as one of the most significant trends. Offering ‘borderless’ access to customer data or computer capacity for data processing, the cloud has created opportunities for enterprises to achieve improved IT flexibility, cost efficiency, and value from their data. While businesses have achieved economies of scale and reduced capital costs by leveraging the cloud, the end user has unrestrained access to limitless information, documents, spreadsheets, presentations and photographs.

However, post-Snowden the growth of the cloud has slipped within small and large businesses on data security concerns. The Information Technology & Innovation Foundation (ITIF) estimated that the US cloud computing industry is poised to lose up to $35 billion by 2016 due to NSA’s surveillance program, PRISM. Alarmingly, Forrester analyst James Staten believes that “the estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues.”

Government data inspection is not only curbing the growth but is also jeopardizing the $5.7 trillion US IT industry. While companies in developed economies started showing their back to US servers in the past decade, countries in the Middle East and South America are increasingly tightening their legislation to avoid data hosting in the US where enactment of the Patriot Act has armed its intelligence and enforcement agencies with unrestrained surveillance powers to access all data of even non-US companies. Also, as plans to reform the Act – to restore privacy – in the 113th Congress has failed, the scope of sensitive information collection remains untouched, allowing authorities to spy on any person or organization.

While this “brutal information capitalism” – as coined by German Economics Minister Sigmar Gabriel – could severely disrupt growth of the cloud business in the US, it opens up opportunities for the expansion of the industry segment in other mature economies, especially in Europe. However, despite little success from random attempts to scale back its data policing, the US is still the preferred data center destination with a massive majority of the exabytes of cloud data stored in the country.

It is equally clear that most of the world’s data passes through the US due more to the lack of alternatives than the reflection of a booming belief in the US information technology infrastructure. Although this scenario should ideally boost cloud infrastructure growth in Europe, doubts have been raised about EU businesses’ capacity to truly adhere to the tougher standards mandated by the General Data Protection Regulation. Skyhigh Networks has found in a survey of 7000 cloud companies that only one in hundred cloud providers meets the proposed EU data protection requirements.

“It’s staggering how few cloud providers are prepared for the new EU regulations,” EMEA director at Skyhigh Networks Charlie Howe reportedly said. “Fortunately, there’s still time for providers to get into shape. This means addressing a number of complex issues now.” Earlier planned for adoption around this time, the rules replace the 1995 directive and propose hefty fines for non compliance.

Aside from the challenges discussed above, another aspect that contributes to the cloud computing conceptual confusion relates to maintaining regulatory compliance in the cloud. Most of the complexities arise from poor knowledge about data privacy and security laws, and lack of clarity on some of the fundamental aspects of clouding computing hasn’t helped. These complexities revolve around regional regulations involving data transmission and data residency.

It is believed that the hefty “fines will make data protection a boardroom issue and will require companies to carefully review what they need to do to comply.” While businesses will need to accept accountability and take technological assistance to keep regulatory compliance at bay, transparent policies will also go a long way in reducing the challenges of data security in the cloud. Also, the complexities surrounding the data sovereignty challenges will ultimately help the global cloud market progress.