If an organization is adopting a cloud service, a security concept must be applied at every computing endpoint automatically. Additionally, the security considerations should be made as soon as possible. This is important, because next to the legal issues, security concerns are the only knock-out argument not to use a cloud service. “There are great possibilities, but there is also great risk. And until security and data issues are not satisfactorily resolved, there won’t be full-scale adoption. We’ll see a more hybrid world, in which Cloud Computing will be used for certain types of applications, but it will be very application-specific and will have to evolve with the concept.” More aspects on Cloud Computing security will be discussed in part 5 of the blog.
Before moving parts of the IT business to the cloud, also legal and regulatory compliance requirements for applications must be controlled and proved against liability. It is crucial for the organization to know, who has or could gain access to the data stored by the cloud provider. It happened to some companies, after having evaluated a cloud service from the technical prospective for years, they had to stop the complete project because of legal concerns.
Next to the data security and integrity, also the transport of data needs to be considered as well as the transport route. If the data is stored within another country, export limitations and issues rise. “There is an inherent tension between Cloud Computing and export control. While the concept of the Cloud is centered on the premise of removing the need to track the details of data movement among various destinations, export control regulations are built largely around restrictions tied to those very movements. If Cloud Computing is to reach its full potential, it is critical for providers and users of cloud services to address its implications with respect to export control.” The study mentioned at “businesscloud9” imposes that also data might fall under the US Export Administration Regulations (EAR) controls rules. This might apply when talking of intellectual property (IP) data.