Many speak of the security issues of the cloud – (too) few of its security opportunities

Posted on February 24, 2013 by


Since quite a while I am following with interest David T.S. Fraser’s blog on legal aspects of cloud computing. Though called Canadian Cloud Law Blog – News and commentary on legal aspects of cloud computing from a Canadian perspective – his expert commentaries are definitely applicable beyond Canadian soil and jurisdiction.

One of his recent posts titled ‘Note to HRSDC: Cloud computing and remote access dramatically reduces the risk of portable device data breaches’ is quite remarkable since it is one of the (too few) discussions considering the cloud’s potential to increase the security level (provided the proper controls are in place of course).

Many speak of the security issues of the cloud – (too) few of its security opportunities yet.

Basically he argues that it is more secure (less risky) for an organization to have (sensitive) business data requiring mobile access stored  in the data centres of (professional,trustworthy) cloud computing/storage providers than having it on portable storage devices such as USB hard drives and USB thumb drives.

Examples he notes to support is argument are significant incidents (data privacy breaches) related to the loss of USB thumb drives by Government organization’s employees  – containing sensitive information of several thousand citizens.

His words:

 “For the past few years, the majority of questions about the risk of cloud computing have focused on the fact that the data may be outside … (%your country/legislation%) … and that the customer is trusting someone else to secure the data. Those are important questions to to ponder, but few turn their minds to the fact that, in most cases, cloud computing is uch safer for the data and significantly lowers the risk to data”

I agree.
Now, when the sensitivity-related risk focus shifts from privacy to confidentiality – to the risk of data leakage due to espionage let’s say – the perspective to cloud computing security shifts as well, doesn’t it ?
Well, not completely I would say. You still want your intellectual property in your private cloud rather than on a missing USB thumb drive, don’t you ?

Here is the link to the reading: