Potential risks related to Cloud Computing

The biggest perceived barriers for both consumer and SME take-up of cloud computing are lack of privacydata securityprovider lock-inlack of standardisation, and jurisdictional issues relating to applicable law and law enforcement access to data.

Data security and privacy

Potential general data security risks arising from cloud computing relate to: an increase in threats to data confidentiality due to the concentration of data on common cloud infrastructure; the loss of IT control and governance by organisations using cloud services; and an increased risk of data interception in authentication and transmission procedures.

Multiple approaches exist to tackle these vulnerabilities, such as differentiation of the level of security needed by sensitivity of data or use of a ‘private cloud’ managed by the organisation itself or a provider. Additional data security assurance could also be provided through a form of audit and certification systems of cloud services providers.  

Data security and standards

Transparency is often lacking in providers’ provisions concerning data security, in particular a lack of data integrity guarantees combined with disclaimers of liability clauses in contracts; a lack of standards regarding data control and security; and often unclear and incomplete information concerning security and privacy on cloud providers’ websites.

Jurisdiction and standards

Law-abiding consumers or business users storing their data in the cloud may well be affected by compulsory orders for disclosure, without notification, as in a public or shared cloud authorities may seize the servers or computers containing personal information of the guilty and innocent alike; this is compounded by a lack of standards in providers’ ‘thresholds’ of disclosure.

Jurisdiction

The main challenges surrounding the legal issues regarding privacy relate to: ambiguities as to the role of the cloud service provideruncertainty regarding applicability of EU laws; the need for more effective data protectionuncertainty regarding laws governing international data transfers, and the lack of universality in data protection legislation.

Source: Fielder A. et al., Cloud computing, Study prepared for the European Parliament's Committee on Internal Market and Consumer Protection, 2012, http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=73411. p.47.