I track a variety of blogs and news sources. One is my colleague at Perficient Eric Roch who just blogged on Cloud Computing Security. Worth a look. Here’s an excerpt:
Security vulnerabilities are nothing new, but are a greater risk for cloud computing and will be a deterrent for many to make an early move to cloud computing applications and platforms.
While the expertise to assess network security vulnerabilities is widely available, most companies do not have the security expertise to architect a secure application from the ground up. This will be a barrier to build cloud computing applications for many.
Michael – Thanks for the reference. I wonder that in a cloud-computing multi-tenant environment, who owns the data and is legally responsible for its safeguard? For example, if I use cloud to pump millions of marketing leads into the system and one day I realize that my leads are being used by my competitor for the last one year through some form of security breach. Is the service provider liable?
Sidd, I’m following up with a friend who works for one of those organizations. I’ll let you know once I get a response. In the meantime, I’m betting that it’s covered in any contract you sign with the multi-tenant provider. They had to have been asked that question. It will most likely be covered but in a way to limit liability for the vendor. That means you will need to review the contract to ensure you are covered. I’ll respond with more when my friend gets back to me.
I did a little research on this topic and didn’t get very far. The best I could find out is that the owner of the data is the person who created this but………………..there are exceptions. For example, Facebook at one time had a user agreement that stated they owned everything you put out there. Also, similar but not perfectly related is the legal liability of posts on forums and other sites. In the United States, as long as there are rules around modification, the liability seems to fall on the creator of the content rather than the hoster of the content. That’s good in that the creator is seen as the person ultimately in charge, liable, and an owner of that content.
I should note that in Brazil, one court just found the hoster liable for that type of thing. In other words, the full realization of all this in law is still being figured out. When you sign up for a SAAS provider, you should read the agreements very carefully.