Cloud computing refers to storing and accessing data and programs over the Internet instead of on a computer hard drive. It allows users to access files, applications, and computing resources from anywhere on any Internet-connected device. There are potential benefits like reduced costs, increased scalability and efficiency, but also privacy and security risks since data is stored remotely by third-party providers and may be accessed from various locations. When considering cloud services, users should understand how their data will be protected and review a provider's privacy policies and security measures.
Cloud computing: Legal and ethical issues in library and information servicese-Marefa
Provides an overview of what is cloud computing and its role in library networking and automation. It presents the legal and ethical issues facing library and information specialists when using cloud computing including confidentiality, privacy and licensing.
یک راهنما و معرفی مختصر درباره پردازش ابری (Cloud Computing).
این متن که به زبان انگلیسی نوشته شده است، مفهوم Cloud Computing را به زبان ساده بیان کرده است.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Cloud computing: Legal and ethical issues in library and information servicese-Marefa
Provides an overview of what is cloud computing and its role in library networking and automation. It presents the legal and ethical issues facing library and information specialists when using cloud computing including confidentiality, privacy and licensing.
یک راهنما و معرفی مختصر درباره پردازش ابری (Cloud Computing).
این متن که به زبان انگلیسی نوشته شده است، مفهوم Cloud Computing را به زبان ساده بیان کرده است.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Aes based secured framework for cloud databasesIJARIIT
A Cloud database management system is a distributed database that delivers computing as a service (Caas) instead of
a product. Improving confidentiality of information stored in a cloud database .It is a very important contribution to the cloud
database. Data encryption is the optimum solution for achieving confidentiality. In some normal methods, encrypt the whole
database through some standard encryption algorithm that does not allow in SQL database operations directly on the cloud. This
formal solution affected by workload and cost would make the cloud database service inconvenient. I propose a novel
architecture for adaptive encryption of public cloud database. Adaptive encryption allows any SQL operation over encrypted
data. The novel cloud database architecture that uses adaptive encryption technique with no intermediate servers. This scheme
provides cloud provider with the best level of confidentiality for any database workload. I can determine the encryption and
adaptive encryption cost of data confidentiality from the research point of view. Index Terms Adaptive encryption Technique, AES (Advanced encryption Standard), Metadata.
Challenges and Proposed Solutions for Cloud ForensicIJERA Editor
Cloud computing is a heavily evolving topic in information technology (IT). Rather than creating, deploying and managing a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. Due to this large scale, in case an attack over the network of cloud, it’s a great challenge to investigate to cloud. There is a very low research done to develop the theory and practice of cloud forensic. The investigator has huge challenge of getting the IP address of the culprit as there is dynamic IP in cloud computing. Also one among many problems is that the customer is only concerned of security and threat of unknown. The cloud service provider never lets customer see what is behind "virtual curtain" which leads customer more doubting for the security and threat issue. In cloud forensics, the lack of physical access leads to big challenge for investigator. In this paper we are presenting few common challenges which arise in cloud forensic and proposed solution to it. We will also discuss the in brief about cloud computing and cloud forensic.
"The transition of companies to cloud-based will be quicker for some and slower for others depending on their individual circumstances, But the change will happen."
In looking at the legitimate ramifications of protection and cloud registering, it is imperative to see a portion of the foundation. Right now, will look at a portion of the specialized foundation of the present innovations before examining distributed computing and its focal points and disservices in more detail. We will likewise present some lawful issues that emerge in the cloud setting and quickly audit different calls for activity that have sounded with regard to the cloud, for example, calls for revising enactment, proposing enactment, or calling for gauges or expanded straightforwardness.
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...csandit
Cloud computing promises good opportunities for economies around the world, as it can help reduce capital expenditure and administration costs, and improve resource utilization. However there are challenges regarding the adoption of cloud computing, key amongst those are security and privacy, reliability and liability, access and usage restriction. Some of these challenges lead to a need for cloud computing policy so that they can be addressed. The purpose of this paper is
twofold. First is to discuss challenges that prompt a need for cloud computing policy. Secondly, is to look at South African ICT policies and regulatory laws in relation to the emergence of cloud computing. Since this is literature review paper, the data was collected mainly through literature reviews. The findings reveals that indeed cloud computing raises policy challenges that needs to be addressed by policy makers. A lack of policy that addresses cloud computing challenges can
negatively have an impact on areas such as security and privacy, competition, intellectual property and liability, consumer protection, cross border and juridical challenges.
Trust Your Cloud Service Provider: User Based Crypto ModelIJERA Editor
In Data Storage as a Service (STaaS) cloud computing environment, the equipment used for business operations
can be leased from a single service provider along with the application, and the related business data can be
stored on equipment provided by the same service provider. This type of arrangement can help a company save
on hardware and software infrastructure costs, but storing the company’s data on the service provider’s
equipment raises the possibility that important business information may be improperly disclosed to others [1].
Some researchers have suggested that user data stored on a service-provider’s equipment must be encrypted [2].
Encrypting data prior to storage is a common method of data protection, and service providers may be able to
build firewalls to ensure that the decryption keys associated with encrypted user data are not disclosed to
outsiders. However, if the decryption key and the encrypted data are held by the same service provider, it raises
the possibility that high-level administrators within the service provider would have access to both the
decryption key and the encrypted data, thus presenting a risk for the unauthorized disclosure of the user data. we
in this paper provides an unique business model of cryptography where crypto keys are distributed across the
user and the trusted third party(TTP) with adoption of such a model mainly the CSP insider attack an form of
misuse of valuable user data can be treated secured.
TeleDOC - Breve Presentazione IntroduttivaNovark Srl
Una breve descrizione delle principali caratteristiche di TeleDOC, la soluzione integrata per la gestione documentale in cloud di Novark dedicata a commercialisti e aziende che permette anche di effettuare la contabilità esternalizzata e la conservazione sostitutiva.
Aes based secured framework for cloud databasesIJARIIT
A Cloud database management system is a distributed database that delivers computing as a service (Caas) instead of
a product. Improving confidentiality of information stored in a cloud database .It is a very important contribution to the cloud
database. Data encryption is the optimum solution for achieving confidentiality. In some normal methods, encrypt the whole
database through some standard encryption algorithm that does not allow in SQL database operations directly on the cloud. This
formal solution affected by workload and cost would make the cloud database service inconvenient. I propose a novel
architecture for adaptive encryption of public cloud database. Adaptive encryption allows any SQL operation over encrypted
data. The novel cloud database architecture that uses adaptive encryption technique with no intermediate servers. This scheme
provides cloud provider with the best level of confidentiality for any database workload. I can determine the encryption and
adaptive encryption cost of data confidentiality from the research point of view. Index Terms Adaptive encryption Technique, AES (Advanced encryption Standard), Metadata.
Challenges and Proposed Solutions for Cloud ForensicIJERA Editor
Cloud computing is a heavily evolving topic in information technology (IT). Rather than creating, deploying and managing a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. Due to this large scale, in case an attack over the network of cloud, it’s a great challenge to investigate to cloud. There is a very low research done to develop the theory and practice of cloud forensic. The investigator has huge challenge of getting the IP address of the culprit as there is dynamic IP in cloud computing. Also one among many problems is that the customer is only concerned of security and threat of unknown. The cloud service provider never lets customer see what is behind "virtual curtain" which leads customer more doubting for the security and threat issue. In cloud forensics, the lack of physical access leads to big challenge for investigator. In this paper we are presenting few common challenges which arise in cloud forensic and proposed solution to it. We will also discuss the in brief about cloud computing and cloud forensic.
"The transition of companies to cloud-based will be quicker for some and slower for others depending on their individual circumstances, But the change will happen."
In looking at the legitimate ramifications of protection and cloud registering, it is imperative to see a portion of the foundation. Right now, will look at a portion of the specialized foundation of the present innovations before examining distributed computing and its focal points and disservices in more detail. We will likewise present some lawful issues that emerge in the cloud setting and quickly audit different calls for activity that have sounded with regard to the cloud, for example, calls for revising enactment, proposing enactment, or calling for gauges or expanded straightforwardness.
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...csandit
Cloud computing promises good opportunities for economies around the world, as it can help reduce capital expenditure and administration costs, and improve resource utilization. However there are challenges regarding the adoption of cloud computing, key amongst those are security and privacy, reliability and liability, access and usage restriction. Some of these challenges lead to a need for cloud computing policy so that they can be addressed. The purpose of this paper is
twofold. First is to discuss challenges that prompt a need for cloud computing policy. Secondly, is to look at South African ICT policies and regulatory laws in relation to the emergence of cloud computing. Since this is literature review paper, the data was collected mainly through literature reviews. The findings reveals that indeed cloud computing raises policy challenges that needs to be addressed by policy makers. A lack of policy that addresses cloud computing challenges can
negatively have an impact on areas such as security and privacy, competition, intellectual property and liability, consumer protection, cross border and juridical challenges.
Trust Your Cloud Service Provider: User Based Crypto ModelIJERA Editor
In Data Storage as a Service (STaaS) cloud computing environment, the equipment used for business operations
can be leased from a single service provider along with the application, and the related business data can be
stored on equipment provided by the same service provider. This type of arrangement can help a company save
on hardware and software infrastructure costs, but storing the company’s data on the service provider’s
equipment raises the possibility that important business information may be improperly disclosed to others [1].
Some researchers have suggested that user data stored on a service-provider’s equipment must be encrypted [2].
Encrypting data prior to storage is a common method of data protection, and service providers may be able to
build firewalls to ensure that the decryption keys associated with encrypted user data are not disclosed to
outsiders. However, if the decryption key and the encrypted data are held by the same service provider, it raises
the possibility that high-level administrators within the service provider would have access to both the
decryption key and the encrypted data, thus presenting a risk for the unauthorized disclosure of the user data. we
in this paper provides an unique business model of cryptography where crypto keys are distributed across the
user and the trusted third party(TTP) with adoption of such a model mainly the CSP insider attack an form of
misuse of valuable user data can be treated secured.
TeleDOC - Breve Presentazione IntroduttivaNovark Srl
Una breve descrizione delle principali caratteristiche di TeleDOC, la soluzione integrata per la gestione documentale in cloud di Novark dedicata a commercialisti e aziende che permette anche di effettuare la contabilità esternalizzata e la conservazione sostitutiva.
Web Application based on City Information Modelling Technolgy ( GIS and BIM Integration )
for City Assets Management - Using 3D Spatial Data Infrastructure Web Viewer.
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Cloud computing has been a buzzword in the IT industry for quite some time now. Though it has been around for quite a while, its popularity has increased manifold in the last few years. The reason for this is simple – the benefits of cloud computing are simply too hard to ignore.
In a nutshell, cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale.
https://dailytimeupdate.com/cloud-computing-definition/
Cloud computing is an information technology paradigm that enables ubiquitous access to shared pools of configurable system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet.
Security of Data in Cloud Environment Using DPaaSIJMER
The rapid development of cloud computing is giving way to more cloud services, due to
which security of services of cloud especially data confidentiality protection, becomes more critical.
Cloud computing is an emerging computing style which provides dynamic services, scalable and payper-use.
Although cloud computing provides numerous advantages, a key challenge is how to ensure
and build confidence that the cloud can handle user data securely. This paper highlights some major
security issues that exist in current cloud computing environments. The status of the development of
cloud computing security, the data privacy analysis, security audit, information check and another
challenges that the cloud computing security faces have been explored. The recent researches on data
protection regarding security and privacy issues in cloud computing have partially addressed some
issues. The best option is to build data-protection solutions at the platform layer. The growing appeal
of data protection as a service is that it enables to access just the resources you need at minimal
upfront expense while providing the benefits of enterprise-class data protection capabilities. The
paper proposes a solution to make existing developed applications for simple cloud Systems
compatible with DPaaS. The various security challenges have been highlighted and the various
necessary metrics required for designing DPaaS have been investigated.
Abstract--The paper identifies the issues and the solution to overcome these problems. Cloud computing is a subscription based service where we can obtain networked storage space and computer resources. This technology has the capacity to admittance a common collection of resources on request. It is the application provided in the form of service over the internet and system hardware in the data centers that gives these services. But having many advantages for IT organizations cloud has some issues that must be consider during its deployment. The main concern is security privacy and trust. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario [4].
Keywords--Cloud, Issues, Security, Privacy, Resources, Technology.
Cloud computing has revolutionized the way businesses operate by providing on-demand access to a wide range of computing resources such as servers, storage, applications, and services over the internet. This has eliminated the need for companies to maintain expensive hardware infrastructure and has enabled them to scale up or down their resources as per their requirements.
In the early days of cloud computing, most businesses were hesitant to move their operations to the cloud due to concerns around security, reliability, and control. However, over time, these concerns have been addressed, and cloud computing has become an integral part of modern businesses.
What are the advantages of adopting public cloudNicole Khoo
Public cloud computing brought a fundamental change from the conventional norms of an organizational data center to a parameterized open environment to use by adversaries.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
This 7-second Brain Wave Ritual Attracts Money To You.!
Cloud computing
1. Introduction to Cloud Computing
When you store your photos online instead of on your home computer, or use
webmail or a social networking site,
you are using a “cloud computing”
service. If you are an organization,
and you want to use, for example, an
online invoicing service instead of
updating the in-house one you have
been using for many years, that
online invoicing service is a “cloud
computing” service.
Cloud computing refers to the
delivery of computing resources over
the Internet. Instead of keeping data
on your own hard drive or updating
applications for your needs, you use a
service over the Internet, at another
location, to store your information or
use its applications. Doing so may
give rise to certain privacy
implications.
For that reason the Office of the Privacy Commissioner of Canada (OPC) has
prepared some responses to Frequently Asked Questions (FAQs). We have also
developed a Fact Sheet that provides detailed information on cloud computing and
the privacy challenges it presents.
Cloud Computing
Cloud computing is the delivery of computing services over the Internet. Cloud
services allow individuals and businesses to use software and hardware that are
managed by third parties at remote locations. Examples of cloud services include
online file storage, social networking sites, webmail, and online business
applications. The cloud computing model allows access to information and computer
resources from anywhere that a network connection is available. Cloud computing
provides a shared pool of resources, including data storage space, networks,
computer processing power, and specialized corporate and user applications.
2. 2
The following definition of cloud computing has been developed by the U.S. National
Institute of Standards and Technology (NIST):
Cloud computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.
This cloud model promotes availability and is composed of five essential
characteristics, three service models, and four deployment models.1
Characteristics
The characteristics of cloud computing include on-demand self service, broad
network access, resource pooling, rapid elasticity and measured service. On-demand
self service means that customers (usually organizations) can request and manage
their own computing resources. Broad network access allows services to be offered
over the Internet or private networks. Pooled resources means that customers draw
from a pool of computing resources, usually in remote data centres. Services can be
scaled larger or smaller; and use of a service is measured and customers are billed
accordingly.
Service models
The cloud computing service models are Software as a Service (SaaS), Platform as a
Service (PaaS) and Infrastructure as a Service (IaaS). In a Software as a Service
model, a pre-made application, along with any required software, operating system,
hardware, and network are provided. In PaaS, an operating system, hardware, and
network are provided, and the customer installs or develops its own software and
applications. The IaaS model provides just the hardware and network; the customer
installs or develops its own operating systems, software and applications.
Deployment of cloud services:
Cloud services are typically made available via a private cloud, community cloud,
public cloud or hybrid cloud.
Generally speaking, services provided by a public cloud are offered over the
Internet and are owned and operated by a cloud provider. Some examples include
services aimed at the general public, such as online photo storage services, e-mail
services, or social networking sites. However, services for enterprises can also be
offered in a public cloud.
In a private cloud, the cloud infrastructure is operated solely for a specific
organization, and is managed by the organization or a third party.
In a community cloud, the service is shared by several organizations and made
available only to those groups. The infrastructure may be owned and operated by the
organizations or by a cloud service provider.
1
NIST cloud definition, version 15 http://csrc.nist.gov/groups/SNS/cloud-
computing/
3. 3
A hybrid cloud is a combination of different methods of resource pooling (for
example, combining public and community clouds).
Why cloud services are popular
Cloud services are popular because they can reduce the cost and complexity of
owning and operating computers and networks. Since cloud users do not have to
invest in information technology infrastructure, purchase hardware, or buy software
licences, the benefits are low up-front costs, rapid return on investment, rapid
deployment, customization, flexible use, and solutions that can make use of new
innovations. In addition, cloud providers that have specialized in a particular area
(such as e-mail) can bring advanced services that a single company might not be
able to afford or develop.
Some other benefits to users include scalability, reliability, and efficiency. Scalability
means that cloud computing offers unlimited processing and storage capacity. The
cloud is reliable in that it enables access to applications and documents anywhere in
the world via the Internet. Cloud computing is often considered efficient because it
allows organizations to free up resources to focus on innovation and product
development.
Another potential benefit is that personal information may be better protected in the
cloud. Specifically, cloud computing may improve efforts to build privacy protection
into technology from the start and the use of better security mechanisms. Cloud
computing will enable more flexible IT acquisition and improvements, which may
permit adjustments to procedures based on the sensitivity of the data. Widespread
use of the cloud may also encourage
open standards for cloud computing that
will establish baseline data security
features common across different
services and providers. Cloud computing
may also allow for better audit trails. In
addition, information in the cloud is not
as easily lost (when compared to the
paper documents or hard drives, for
example).
Potential privacy risks
While there are benefits, there are
privacy and security concerns too. Data is
travelling over the Internet and is stored
in remote locations. In addition, cloud
providers often serve multiple customers
simultaneously. All of this may raise the
scale of exposure to possible breaches,
both accidental and deliberate.
Concerns have been raised by many that
cloud computing may lead to “function creep” — uses of data by cloud providers that
were not anticipated when the information was originally collected and for which
consent has typically not been obtained. Given how inexpensive it is to keep data,
there is little incentive to remove the information from the cloud and more reasons
to find other things to do with it.
4. 4
Security issues, the need to segregate data when dealing with providers that serve
multiple customers, potential secondary uses of the data—these are areas that
organizations should keep in mind when considering a cloud provider and when
negotiating contracts or reviewing terms of service with a cloud provider. Given that
the organization transferring this information to the provider is ultimately
accountable for its protection, it needs to ensure that the personal information is
appropriate handled.
Privacy is not a barrier but it must be taken into consideration
The Personal Information Protection and Electronic Documents Act (PIPEDA) does not
prevent an organization from transferring personal information to an organization in
another jurisdiction for processing.
However, PIPEDA establishes rules governing those transfers — particularly with
respect to obtaining consent for the collection, use and disclosure of personal
information, securing the data, and ensuring accountability for the information and
transparency in terms of practices.
For more information on the views of the Office of the Privacy Commissioner of
Canada with respect to outsourcing of personal data processing across borders,
please see our Guidelines for Processing Personal Data Across Borders. These
considerations apply whether moving data in the cloud or otherwise.
It is important to note that many non-Canadian based cloud providers may also be
subject to PIPEDA. To the extent that a cloud provider has a real and substantial
connection to Canada, and collects, uses or discloses personal information in the
course of a commercial activity, the provider is expected to protect personal
information, in keeping with PIPEDA.
Conclusion
Cloud computing offers benefits for organizations and individuals. There are also
privacy and security concerns. If you are considering a cloud service, you should
think about how your personal information, and that of your customers, can best be
protected. Carefully review the terms of service or contracts, and challenge the
provider to meet your needs.
For more information on cloud computing, see:
Reaching for the Clouds
The Report on the 2010 Office of the Privacy Commissioner of Canada’s
Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing
Guidelines for Processing Personal Data Across Borders
5. 5
Frequently Asked Questions
What is cloud computing?
Simply put, cloud computing is the delivery of computing services over the Internet.
Whether they realize it or not, many people use cloud computing services for their
own personal needs. For example, many people use social networking sites or
webmail, and these are cloud services. Photographs that people once kept on their
own computers are now being stored on servers owned by third parties. These are
also examples of cloud services.
Cloud services are popular because people can access their e-mail, social networking
site or photo service from anywhere in the world, at any time, at minimal or no
charge. Some cloud providers may, however, use the personal information of users
for advertising purposes or to learn more about the users for other reasons. The
Office of the Privacy Commissioner of Canada (OPC) has been critical of some of
these practices, largely because they occur without individuals fully realizing how
their personal information is being used “in the cloud.” Individuals should pay careful
attention to whether and how the cloud company protects their personal information.
Users should also protect their own personal information by using any privacy
settings that the service may offer.
Can cloud computing affect privacy?
When it comes to cloud computing, the security and privacy of personal information
is extremely important. Given that personal information is being turned over to
another organization, often in another country, it is vital to ensure that the
information is safe and that only the people who need to access it are able to do so.
There is the risk that personal information sent to a cloud provider might be kept
indefinitely or used for other purposes. Such information could also be accessed by
government agencies, domestic or foreign (if the cloud provider retains the
information outside of Canada).
For businesses that are considering using a cloud service, it is important to
understand the security and privacy policies and practices of the provider. The terms
of service that govern the relationship with the provider sometimes allow for rather
liberal usage and retention practices.
Which party is accountable for personal information? The business that
collects it from individuals or the cloud provider?
The Personal Information Protection and Electronic Documents Act (PIPEDA) does not
prohibit cloud computing, even when the cloud provider is in another country. Under
PIPEDA, organizations must ensure that they collect personal information for
appropriate purposes and that these purposes be made clear to individuals; they
obtain consent; they limit collection of personal information to those purposes; they
protect the information; and that they be transparent about their privacy practices.
PIPEDA also requires that when an organization transfers personal information to a
third-party for processing, it remains accountable for that information. It must use
contractual or other means to ensure that the personal information transferred to the
third party is appropriately protected. Therefore, an organization that is considering
using a cloud service remains accountable for the personal information that it
6. 6
transfers to the cloud service, and it must ensure that the personal information
remain protected in the hands of that cloud service provider. Organizations need to
carefully review the terms of service of the cloud provider and ensure that the
personal information it entrusts to it will be treated in a manner consistent with
PIPEDA. For more information on transferring of personal information to third
parties, please see our Guidelines for Processing Personal Data Across Borders.
Why are organizations interested in cloud computing?
Cloud computing can significantly reduce the cost and complexity of owning and
operating computers and networks. If an organization uses a cloud provider, it does
not need to spend money on information technology infrastructure, or buy hardware
or software licences. Cloud services can often be customized and flexible to use, and
providers can offer advanced services that an individual company might not have the
money or expertise to develop.
I’ve heard that cloud computing may improve privacy protection. Is this
true?
For businesses that are considering using a cloud service, cloud computing could
offer better protection of personal information compared with current security and
privacy practices. Through economies of scale, large cloud providers may be able to
use better security technologies than individuals or small companies can, and have
better backup and disaster-recovery capabilities. Cloud providers may also be
motivated to build privacy protections into new technology, and to support better
audit trails.
On the other hand, while cloud computing may not increase the risk that personal
information will be misused or improperly exposed, it could increase the scale of
exposure. The aggregation of data in a cloud provider can make that data very
attractive to cybercriminals, for example. Moreover, given how inexpensive it is to
keep data in the cloud, there may be a tendency to retain it indefinitely, thereby
increasing the risk of breaches.
For more information, please see Cloud Computing.