Data privacy in cloud computing allows collecting, storing, transferring and sharing the data over the cloud without putting the privacy of personal data at a risk. Many times customer even does not have knowledge about how their personal information over the clouds is processed. With the increasing popularity of the cloud, data privacy is becoming a crucial factor in cloud computing.
In this section, we will discuss the data privacy in cloud computing along with the challenges faced while protecting the privacy of the information. Further, we will discuss the parameters considered while protecting data privacy.
Content: Data Privacy in Cloud Computing
- What is Data Privacy?
- Challenges in Data Privacy
- Protecting Data Privacy
- Future of Data Privacy
- Key Takeaways
What is Data Privacy in Cloud Computing?
In general, the term data privacy means that your crucial or important data on the internet is neither observed nor disseminated by other people. With data privacy, you can share data while protecting your personal data.
Now associate the term data privacy with cloud computing. With the growing popularity of the cloud, millions of users place there private, public or professional data over the cloud. Several cloud customer doesn’t even have knowledge of the physical location of the server where the data is being placed and how the data or information is processed on those servers.
Just like cloud provides easy access to data similarly, it is easy to lose control over the data in the cloud. The questions that can be raised over data privacy in the cloud are can we trust the cloud for data privacy? Can we lose data over the cloud? Is cloud reliable enough? Does switching cloud provider affect data privacy?
The term data privacy revolves around PII (Personally Identifiable Information). The personal information helps in uniquely identifying or locate a particular individual. This information can also be used with other resources to identify an individual.
If the data on the cloud has unauthorized access or it inappropriately collected store or shared then it might lose the trust of the customer. There are two types of customer information that can be collected over the cloud i.e. user information and personal information.
The user information includes:
- The information collected directly by the customer through the application’s user interface.
- Information collected indirectly through customer such as metadata in documents.
- Information about the customer’s usage behaviour such as logs, history.
- Information related to customers system such as IP address, browser, operating system etc.
All the collected customer data is not always personal data. The personal data or PII is only the information that can reveal the identity of a particular individual which includes:
- Sometimes you fill the contact forms of the sites that include name, email id, contact number your address.
- Forms that you fill to generate identification include your driving licence, your passport id, and your social security number.
- The demographic information that includes your gender, age, birth date, religion etc.
- Your professional information such as your office name, your designation, office address etc.
- Your health-related information such as your health insurance policy, your health history, etc.
- Your financial information such as your annual income, your credit records, number of accounts, etc.
- Your online activities login credentials, your cookies, your IP address, which Operating system you are using, the browser you are using to access the services.
The personal information or data is sensitive and require a greater level of controlled collection. Even sometimes the user data can also be very sensitive. After seeing a brief introduction of data privacy let us discuss the challenges faced in maintaining data privacy.
Challenges in Data Privacy
1. Complexity in Assessing Risk
Though the cloud service providers promote cloud services as a simple way to flow your personal data over the internet. The real challenge is faced in assessing the risk involved in the life cycle of data processing and its consent with the legal framework.
The risk to the privacy of data can be addressed as follow:
- Data Replication: To maintain the redundancy of data, the cloud provider takes data backup periodically. Generally, the customer is unaware of the location where this data replication has been stored? Who has the authority to access this data? Can the customer identify or control this kind of unauthorized replication of data?
- Data Loss: For any business, data loss can lead to a big disaster. In the cloud, it is even easier to lose data. So the cloud customer must ensure that all the users must access the cloud data within a predefined policy and cloud customer must have authority to block the user violating the policy.
2. Implying Consumer Privacy in Emerging Business Model
Cloud services enable the users to collect, store and share a vast amount of data at a very low cost. This has led to the emergence of new business models. Increasing user also increases the risk.
The emerging business model collects consumer data over a time, at a specific level, they also collect your profile data. This collection of consumer data does not have consent with the privacy of consumer’s data and even is unknown to the consumer.
The low-cost storage offered by the cloud providers let the new emerging businesses to store data for an indefinite time which gives them the opportunity to find future use of this data. The business may not have disclosed this future use of data at the time of data collection.
3. Internal Threat
There is always a chance of internal threat to your data in the cloud. You might be in a mode that according to security policies declared by the cloud service provider you have the data at a safer place.
But your company employees that have access to data over the cloud can misuse their authorization to access the crucial information of the company such as financial information, customers details etc.
Protecting Data Privacy
The Federal Trade Commission (FTC) has been educating the cloud consumer about the importance of privacy of personal data that is collected, stored and shared over the cloud. To protect the privacy of data FTC has pointed out a few parameters that are discussed as below:
- Collection: Applications or systems developed for collecting data must have a valid reason to do so.
- Notice: Cloud service provides or companies must produce a clear cut notice to the data owner prior to collecting, storing, transferring, disclosing and sharing their personal data.
- Choice and Consent: The owner of the data must provide a clear consent regarding the collection, storage, management and sharing of personal data to the cloud provider.
- Use: The collected personal data must be used with a valid purpose according to the announcement made in the notice
- Security: While transferring, storing, managing and sharing the personal data accurate security measures must be taken to ensure the confidentiality, integrity and authenticity of the data.
- Access: To maintain data privacy protection, unauthorized access to personal data must be restricted.
- Retention: The collected personal data must retain for the period till the business goal is accomplished or for the time that is required by the law.
- Disposal: The collected personal data must be disposed of in a secured manner so that it does not leave any trail behind.
Future of Data Privacy in Cloud
Business models supporting the technical architecture of cloud computing has legal and policy issues over the privacy and confidentiality of personal data. The future of privacy and confidentially of personal data in the cloud can be discussed with the help of points below.
- To improve the data privacy in the cloud the better policies and practices must be used by cloud providers, laws relevant to data privacy must improve and it requires more vigilance by the users.
- Some standards must be set in order to let customer judge and access between different cloud providers.
- Cloud users must pay more attention to the terms and services offered by cloud providers.
- Risks that are not addressable through the policies, required to implement changes in the law.
- Data privacy is the ability to share information or data alongside protecting the personal information that can reveal an individual identity.
- Data privacy must be considered as an important factor by both users and cloud providers.
So that’s all about the data privacy in cloud computing. The personal data over the cloud is always at a risk and it is a challenge to protect data privacy in the cloud.