Tech-Tip# 325 By Mark Tiongco - July 31, 2011
于为您和托管公司,使用云服务存在着一个潜在的法律难题对。例如,云服务提供商Dropbox最近经历了一个安全漏洞,约四小时间所有帐户可以输入任何密码进行访问。 虽然Dropbox能够及时纠正问题,他们的用户之一,针对安全问题现在提起诉讼。
如果你有个人(或公司)被攻破的信息 应该怎么办?你有什么样的法律追溯权? 基本上,这意味着你(和你的法律团队)将有额外的工作来处理与整顿,(如违反合同和/或另谋云服务提供商)。对于云服务的用户寻找能存储音乐到他们各自的数字储物柜,外部单位(如音乐标签公司)的音乐已经提出了一个引起法律轩然的大波亚马逊云音乐服务,从长远来看,关于什么类型的数据可以被存储在云,这可能很难实现。
首先 ,它是合乎逻辑的, 采取“跟不上所有的鸡蛋放在一个篮子里”的做法,这意味着只有上传的相关数据需要由相关的公司人员访问。
接下来 ,您还可以使用第三方加密程序,如True Crypt,并加密所有信息,然后上传到你的云服务器上。 这两项提供双重安全。
1. 首先,您的数据将是无用的,如果未经授权的当事方截获(任何方式)。 (除非他们可以通过破解True Crypt的强硬加密)
2.其次,如果云服务的基础设施被破坏,除了你或你的员工您的信息对任何人来说仍然是无用的。 您还可以在您自己安全个人或公司的网络中保存你的机密信息的副本,以防任何原因的接入点云服务停机。
Tech-Tip# 325 By Mark Tiongco - July 31, 2011
There’s no doubt that cloud computing has made a huge splash in our technologically ubiquitous society. Its benefits help businesses with productivity and give consumers more convenience about back-ups and data storage. Still, there are a few issues that should be addressed for anyone, whether a business owner or average Joe computer user, before making the jump to any cloud computing solution.
Reduced Control
The popular concept of cloud computing involves offloading and archiving pertinent files and data to an off-site 3rd party company which guarantees virtually 100% uptime and secure access anytime anywhere. The problem is that you’re basically having another entity hang on to your confidential information which reduces the amount of control you have over that information. In addition, you have no idea where your information is being stored.
What if, for example, your data is managed by a 3rd party cloud service company whose computer servers are located in Niger and due to an anti-government uprising, the cloud company’s infrastructure is compromised? You would have no idea whether your data was saved and moved to another location or if the data itself was possibly compromised by unauthorized parties. Granted, the chance of this happening is probably low but the big picture is that you’re virtually powerless in safeguarding your own information against issues from the external environment. Regarding Murphy’s Law, many cloud service companies pitch a near-100% uptime guarantee but there is still a chance the service could be unavailable (due to system malfunctions or maintenance) during the time when you need it the most.
Legal Issues
Using cloud services also presents a potential legal headache for both you and the hosting company. For example, cloud service provider Dropbox recently experienced asecurity breach in which all accounts were accessible by entering ANY password for approximately four hours. While Dropbox was able to rectify the issue promptly, one of their users is now filing a lawsuit for the security issue.
What if you had personal (or company) information that was compromised?What legal recourse would you have? Basically it means there would be extra work for you (and your legal team) having to deal with straightening things out, (such as breach of contract and/or having to find another cloud service provider). For cloud service users looking to store music into their respective digital lockers, external parties such as music label companies have raised a legal uproar about Amazon’s cloud music service which could make it difficult, in the long-run, about what type of data can be stored on a cloud.
Proactive Measures
While there is zero way to completely prevent any type of cloud service issue, there are a few steps you can take to minimize the chance of having one of these issues compromise your confidential personal or business information.
First, it would be logical to adopt a“Don’t keep all your eggs in one basket” approach which means only uploading the pertinent data that needs to be accessible to the necessary company personnel.
For example, if you have sales personnel traveling to Europe for a trade show and they need cloud access, it would be wise to not leave your Finance, Competitive Strategy and Company Financial Statements available on the cloud.
You can also specify exactly, which employee(s) are allowed access to your cloud servers and make them aware of the heightened security involved with such access. (Increased accountability with updated IT security access/policies)
Next, you can also use a 3rd party encryption program such as True Crypt and encrypt all information before uploading it to your cloud service. This provides redundant security on two counts.
The big picture is that with all this technology that’s continuously revolutionizing our personal and company lives, you should always approach new technological solutions with a balanced perspective, weighing both the pros and cons while considering what steps can be taken to keep your digital life secure.
Are you currently utilizing a cloud service? If so, let us know in the comments and share your own prespective about this topic!
Till Next Week.... Happy Computing!