Since 1986 - Covering the Fastest Computers in the World and the People Who Run Them

Language Flags
August 1, 2012

Can Service Providers Curb Privacy Concerns?

Robert Gelber

Recent cloud computing surveys share a similar tone regarding user perceptions of the technology. While enterprise managers look to cloud as a cost-savings measure, IT professionals are squeamish when it comes to moving sensitive data offsite. Indeed, privacy concerns are leading users to think twice about migrating their applications to cloud services.

Eosensa, a governance, risk and compliance advisory service provider, addresses these issues in a recent report: “Protecting Sensitive Data in the Cloud.”

The authors discuss how various methods of encryption and tokenization can better secure information stored in public clouds. For example, the FIPS 140-2 spec, described by NIST as a strong encryption type, is required for products that use government encryption and is suggested for use on data stored in SaaS applications.

Tokenization is another form of data security that is aimed at answering residency issues, which arise when servers store only a portion of the data. The technique is used to reduce the scope of compliance management and auditing for SaaS applications.

Will these solutions convince potential users of cloud services that their data is safe? What about the preying eye of government?

Earlier this year, HPC in the Cloud wrote about a report published by international law firm Hogan Lovells. The study compared the laws of 10 countries in respect to government access of cloud-based data. While the US was typically considered the worst offender of data privacy, other countries had implemented similar, and in some cases, harsher tactics. These nations included the United Kingdom, Germany, France, Spain, Australia, Canada and Japan among others.

In every case, the state could require cloud service providers to disclose customer data during the course of a government investigation. They also had access to monitor electronic communications sent through a cloud provider’s systems. France stood out for its power to compel encryption service providers to hand keys over to government officials.

While services like Eosensa may assist users with data encryption and compliance requirements, they cannot guarantee a risk-free environment. Their service may even lead users to experience a false sense of security, at least as far as government interception is concerned.

Encryption and tokenization are important methods to increase data privacy, but governments hold the highest authority on the matter. Without new legislation reducing the power of government access to cloud-based data, no vendor can guarantee the security of their clients’ information.

SC14 Virtual Booth Tours

AMD SC14 video AMD Virtual Booth Tour @ SC14
Click to Play Video
Cray SC14 video Cray Virtual Booth Tour @ SC14
Click to Play Video
Datasite SC14 video DataSite and RedLine @ SC14
Click to Play Video
HP SC14 video HP Virtual Booth Tour @ SC14
Click to Play Video
IBM DCS3860 and Elastic Storage @ SC14 video IBM DCS3860 and Elastic Storage @ SC14
Click to Play Video
IBM Flash Storage
@ SC14 video IBM Flash Storage @ SC14  
Click to Play Video
IBM Platform @ SC14 video IBM Platform @ SC14
Click to Play Video
IBM Power Big Data SC14 video IBM Power Big Data @ SC14
Click to Play Video
Intel SC14 video Intel Virtual Booth Tour @ SC14
Click to Play Video
Lenovo SC14 video Lenovo Virtual Booth Tour @ SC14
Click to Play Video
Mellanox SC14 video Mellanox Virtual Booth Tour @ SC14
Click to Play Video
Panasas SC14 video Panasas Virtual Booth Tour @ SC14
Click to Play Video
Quanta SC14 video Quanta Virtual Booth Tour @ SC14
Click to Play Video
Seagate SC14 video Seagate Virtual Booth Tour @ SC14
Click to Play Video
Supermicro SC14 video Supermicro Virtual Booth Tour @ SC14
Click to Play Video