Cloud Computing: Legal and Security Issues - Research Paper Example

Cloud Computing: Legal and Security Issues Student’s Name Institution Cloud Computing: Legal and Security Issues Introduction The technology of cloud computing is at its development stage as far as its implementation and usage are concerned. This is caused by the heavy advancement in the technology that constitutes cloud computing. The concept of cloud computing emerges from the desire of the information technologists to incorporate new content into information processing. Although vaguely understood by many people, the concept mainly comprises grid computing, use of software as a service, storage in the virtualization, and/or utility computing. All these components simply refer to the consumer using the service issued by the provider, which is also known as the cloud.1 Cloud computing has significant economic advantages to people who use it for their IT missions. Some of the benefits include lower operational costs, scalability, and limited site-support. This implies licenses and other resources in cloud computing are flexible and can easily be transformed to reflect the demand and supplies of the clouds. However, the cloud computing technology is characterized by several legal and security concerns. The existing licensing contracts and agreements, pro forma documents, and sharing agreements do not provide adequate solutions to the concerns. Therefore, the main problem that needs to be addressed in cloud computing technology is to develop ways that would ensure that privacy of data is well protected.2 This paper addresses the main legal and security concerns that cloud computing technology brings over the traditional on-site computing. The paper also illustrates information on a number of protocols, such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS), which are considered as new elements in the cloud computing. Under the emerging trend, the paper also outlines the major ethical issues that surround the use of cloud computing over traditional on-site computing. Concept of Cloud Computing Cloud computing is a new technology in the field and is often likened to grid computing, cluster computing, utility computing, service computing, P2P computing, web 2.0 and market-oriented computing. The major features of cloud computing that make it function effectively include its: autonomic nature, high scalability, high reliability, dynamic discovery, and ubiquitous accessibility. These features make cloud computing to be regarded as a highly elastic computing system. As a result, the users of the cloud computing model have a chance to rent the services as required as they also store and access data by applying Web 2.0 advancement, which uses a scalable computing technology at a lower cost.3 Cloud computing does not represent technological improvements in data centers. The concept simply shows essential modeling transformation on how IT is provisioned and applied in data storage and accessibility.4 Therefore, the concept of cloud computing represents a significant transition from computing as a product that users purchase to a service that is provided to the users over the network of large-scale data centers; this is what is referred to as a cloud. The major factors that attract people to using cloud computing technology are the reduced capital and operating expenses that are incurred in using the technology.5 The technology involved in the cloud computing system is not as complicated as the majority of people think. The cloud simply comprises the back-end and the user-end layers; the user-end layers are the ones that are easily seen by the person using the technology. The use-end layers are seen when, for instance, someone accesses his email on Yahoo. What is normally seen in such cases is the software that runs on the user-end of the cloud.6 The back-end layer of the cloud comprises the software and hardware modeling that facilitates the interface, which appears on the user-end. Since computers in this technology are set up to operate together, the system works as if the devices were running on one machine, which makes good use of computing power. In addition, the cloud computing system allows for maximum flexibility, which is controlled according to the available demands and supplies.7 Although the cloud computing technology is appraised for its economic benefits and flexibility, it comes with a number of legal, ethical and security issues, which grow at the same rate as the technology itself.8 The issues negatively impact the efficiency of the cloud computing technology, which people thought would be a comprehensive solution to the traditional on-site computing model. It is evident that the cloud computing model can become very effective if these issues are adequately addressed.9 Defining Privacy and Security Concepts in Cloud Computing In many technologies, especially the ones that involve data storage and accessibility, privacy and security of data are the main factors that define their effectiveness. Consequently, it is important to define what privacy and security mean in the cloud computing technology before attempting to outline the privacy and security issues in it. The concepts of privacy and security in cloud computing are well defined through integrity, confidentiality, assurance, resilience, and accountability.10 Integrity in cloud computing refers to the amount of confidence that the data stored in the cloud should have. The idea of integrity requires that the data in the cloud should be protected against threats such as intentional or accidental alteration of its content by unauthorized people. In a wide perspective, integrity should also cover obstacles of harmonizing multiple databases. To ensure that high integrity is maintained in cloud computing, the vendors should ensure that the technology is supported by properly designed distributed models, well audited codes, and control mechanisms with robust rights of entry.11 On the other hand, confidentiality is the privacy of the data stored in the clouds; this is a very important element in cloud computing and should be maintained when data is sent across the border of the organization that uses the technology. The failure to safeguard internal secrets and personal data that is sensitive can result in the leakage of crucial information about an individual or organization. Confidentiality is mainly supported by legal protections and use of access control tools such as encryption.12 Assurance, the third aspect of security, refers to the guarantee that the cloud computing software would perform according to the buyer’s expectation. This means that the cloud vendor should ensure that he fully provides the assurance that reflects on the client’s specifications that are given to him or her during the purchase. The vendor should ensure that the software and hardware perform according to the organization’s needs. There are several factors that can be used to reinforce assurance in cloud computing devices. One of them includes using a careful process transition from the business model to the legal contracts via the technical model.13 The fourth concept, resilience, ensures that the cloud computing devices are designed in such way that they are able to cope adequately with security threats without critical malfunctioning. The technology used in cloud computing, in most cases, provides reinforcement on resilience. The technology is a great potential as it effectively identifies chances of threats. This potentiality is at sometimes compromised by the shift in critical models and functions of an organization. Resilience is supported by factors such as diversification and redundancy.14 The last concept, accountability, involves mapping the actions in the model for responsible users. It is advisable that cloud computing actions be traced uniquely back to the vendor. This is effective as it enables a comprehensive integration process in an organization, which also includes conflict resolution mechanisms and bad behavior deterrence. In most cases, accountability in cloud computing is supported by access and authentication control devices, robust identity, and the ability to log and audit transactions.15 Privacy and Security Problems in Cloud Computing A number of privacy and security concerns, such as the malware, are considered as ever-present issues in cloud computing. These issues must be addressed on a serious note as they form the most important part of cyber-security concerns. It has been proven that cyber-threat cloud services cause numerous structural as well as institutional problems. These issues can only get an adequate redress if the stakeholders in the cloud computing field collaborate with the government to end the problems by setting up tough measures to deal with the offenders.16 The first security concern that cloud users face as they transit from traditional to cloud computing is the conflict that arises due to some components of their information systems; this is the principal agent problem. A principal agent problem, according to economists, arises when a person dealing with an agent is not certain that his actions are a complete reflection of the principal’s best interests.17 This problem mainly occurs in situations where there is a significant divergence of the two interests. This is similar to the information asymmetry problem in which a client is not certain of what the provider does. The problem of information asymmetry is worsened by the difficulty to rate security as an absolute property.18 The problem of information asymmetry makes it difficult for cloud computing vendors to offer an absolute guarantee against poor performance outcomes. However, most vendors compensate for the limitation by convincing their clients that they will be responsible for economic precautions. The vendors must also convince the third party about their willingness to take adequate economical sensible safety measures. In that case, the original customer has limited control over the system and cannot complain accordingly in case of a bad outcome.19 A number of studies that have been conducted on the terms and conditions of a cloud computing purchase reveal that most vendors deny any responsibility for the security of the data in case of a bad outcome. In most of the cases, the vendors leave the responsibility for security to the client, even in cases where the user cannot take any defensive action to prevent the security issue. The users are required to rely exclusively on the vendors’ efforts without understanding the real content and implication of the precautions outlined by them.20 Another area where privacy and security issues are evident is where clients may have their own privacy preferences. For instance, there are cases in which a client may choose to challenge law enforcement demands for data to the highest extent possible as opposed to settling for the provider’s partial way. This move is likely to spoil the relationship between the vendor and the low enforcement agents. Most vendors would like to build a long-term positive relationship with the law enforcement agents for their own good. In a case where the vendor and the client are dealing with a foreign government, the problem becomes worse.21 There are also other areas where the legal front poses a number privacy concerns to the users of cloud computing. The data stored in cloud computing technology is by definition, subject to voluntary sharing with a third party. This, according to most jurisdictions, compromises the level of privacy in cloud computing. This phenomenon puts the privacy of data stored in cloud computing systems at extremely lower level than it is the case with laptops, desktops or mobile devices such as iPads.22 The law enforcement agents use this loophole to gain access to personal information stored in cloud computing systems in the name of reinforcing the national security. Unfortunately, the 4th Amendment cannot protect personal data stored in cloud computing as the law does not safeguard such data from a third party.23 The uncertainty that exists on the limits of the sovereign power also compromises the privacy of data stored in cloud computing system. It is obvious that the decentralized nature of the technology used in cloud computing can be used to create a false impression that the location of data is irrelevant to the platform. This impression is useful for hiding data cloud technology from a third party. However, this data does exist under the jurisdiction of an individual. The fact that the data exists under someone’s jurisdiction, makes its privacy prone to abuse by other parties and legal frameworks, including the different set of laws operating in the area.24 Another security concern in cloud computing arises from the fact that the cloud technology market is evolving and it lacks adequate laws to guide the operation of providers. It is difficult to set up effective ways to safeguard data in a technology that is still developing. As companies compete in offering cloud computing technologies, some win while others lose. Those that lose are likely to be shuttered. When a provider is shuttered, its clients will definitely lose their data and other critical information because there are no strict laws to look into such cases.25 Lastly, data aggregation, which is a common practice in cloud computing, comes with its own set of privacy risks. Collection and aggregation of data in cloud computing are accepted by law and they constitute the main benefits of the technology. The data are collected mostly from desperate sources; the data is collected for critical reasons such as shared access to government catalogs. Once this data is collected, there may be the temptation to exploit it in different ways to obtain the exact information needed. Since there is no law guiding such practices, it is difficult to use such data without compromising its privacy.26 Dealing with Privacy and Security Issues in Cloud Computing The most effective remedy to privacy and security issues in cloud competing technology is legal clarifications. It is clear that most users of cloud computing are not aware of the platforms they use or how privacy protections apply in the different platforms.27 In most cases, people shift from cloud computing to laptops or other devices without understanding how privacy rules differ across these technologies. Most users do not know that their privacy drops when they shift to another device. For that reason, the government should enact laws that reinforce a search warrant of probable cause. This mechanism can provide better protection for the data and materials, which are stored or transferred through cloud computing.28 Apart from the privacy protection upgrades, the law enforcement agencies can also assist the cloud vendors by enacting strict laws that prevent online offenders such as hackers from ruining the technology. The Computer Fraud and Abuse Act that was passed on 1986 does not adequately deal with privacy issues of data stored in cloud computers or other online devices.29 The 1986 law does not spell it out clearly whether the punishment outlined in its provision is applicable to the whole of cloud data center or an individual account that is hacked. The government should upgrade the Computer Fraud and Abuse Act of 1986 to apply the maximum penalty on the individual accounts that are hacked. This is the only way that the law enforcing agents can reduce cases of cyber crime in the country.30 Another mechanism that can be used to deal with the issues of privacy and security in cloud computing is disclosure and transparency. The vendors of cloud computing need to disclose the level of privacy of cloud devices being offered so that the clients are completely aware of the privacy level of the various devices before they purchase them. The clients should be made to understand the privacy responsibility that is taken by the vendor to avoid blame games whenever there are bad outcomes. Such information is important as it gives prospective clients a chance to choose the best alternatives among the cloud devices.31 Lastly, every stakeholder in cloud computing technology should engage effectively in the search for privacy and security protection. The collective effort of all the stakeholders in the sector is necessary for threat mitigations in the technology. The vendors and the users should be willing to pay for the additional costs required to cater for the additional security features toward protection of privacy of the cloud data. This may also enable the vendors and users to work together to develop other mechanisms that can allow them to improve the level of privacy and security of the devices used by the cloud computing technologies. In conclusion, cloud computing is an emerging technology that is characterized by a number of privacy and security issues. The cloud computing technology has more advantages than the traditional computing type. The cloud computing technology comes with greater economic benefits and flexibility that make it more preferred by the majority of clients in the sector. However, these benefits are watered by the privacy and security concerns that the users of the cloud computing technology face when using it. The issues are mostly caused by the ambiguity of the laws that are meant to safeguard cyber crime. Other causes include the lack of full engagement and transparency of all the stakeholders. These issues can be dealt with by enacting laws that impose heavy penalties on online crimes. The providers and users also need to enhance their transparency and engagement toward improving the level of privacy and security in cloud computing. Bibliography Furht, Borivoje, and Armando Escalante, Handbook of Cloud Computing (Springer, 2010). Halpert, Ben, Auditing Cloud Computing: A Security and Privacy Guide (Wiley, 2011). Krutz, Ronald, and Russell Dean Vines, Cloud Security: A Comprehensive guide to Secure Cloud Computing (Wiley Publisher, 2010). Marks, Eric A, and Bob Lozano, Executive’s Guide to Cloud Computing (Wiley, 2010). Mather, Tim, Subra Kumaraswamy and Shahed Latif, Cloud Security and Privacy (O’Reilly, 2009). Miller, Michael, My Google Chromebook (Pearson Education, 2011). Molen, Fred, Get Ready for Cloud Computing: A Comprehensive Guide to Virtualization and Cloud Computing (Van Haren Publishing, 2010). Pearson, Siani, and George Yee, Privacy and Security for Cloud Computing (Springer, 2013). Sosinsky, Barrie A, Cloud Computing Bible (John Wiley, 2011). Winkler, Vic, Securing the Cloud: Cloud Computer Security Techniques and Tactics (Elsevier Science, 2011). Read More