Data Breach in the Clouds
I was recently provided an opportunity to write the lead article for Hisox's new "global technology news" publication. Hiscox is one of the leading international insurers of "cyber risk" (a.k.a.data security and privacy insurance) and has taken an active role in understanding and insuring this risk. Their expertise lead them to focus on the challenges of breach/incident response in the Cloud (among other cloud computing issues).
As we move into 2011 it should be obvious that cloud computing is not a fad, but rather a computing model that is becoming ubiquitous. Cloud computing offers a slew of advantages including efficiency, instant scalability and cost effectiveness. However, these advantages must be balanced against the control organizations may lose over their information technology operations when they are reliant on a cloud provider to provide key processes (InfoLawGroup has written extensively on many of the legal challenges associated with cloud computing). The issues that arise out of this loss of control are apparent when considering data breach response and liability in the cloud.
When a cloud customer puts its sensitive data into the cloud it is completely reliant on the security and incident response processes of the cloud service provider in order to respond to a data breach. This situation poses many fundamental problems.
You can read further about the data breach issues raised by Cloud computing, as well as ways to address these issues by visiting Hiscox's newsletter: ENGLISH VERSION; GERMAN VERSION; SPANISH VERSION; FRENCH VERSION.