Security and Legal Issues in the Cloud

I recently tuned in to a Webinar on Security and Legal issues in the Cloud. I was pleased to find that most of the presenters started from the view point that Cloud technology is mainly rebranding of existing services and so many of the issues are what we know and are used to.

One of the main differences is not surprisingly trust levels. The more you outsource your services to the Cloud the more you need to have confidence in a third party to correctly handle your data and intellectual property. This can be achieved to a degree by the certifications and reputation of the supplier but it’s important to carry out your own audits.

Authentication was also heavily discussed during the presentations. One of the common side effects of Cloud Systems is the necessity to introduce yet another authentication level for the user population which of course is never popular. One of the presenters proposed federated authentication as a solution, particularly SAML and OpenID. These technologies as well as others have been around for a while but never seem to have got the momentum they might have.

Data protection is another area that needs some thought. It’s important to know where your data is held as it is governed by the laws of the country where it is located as well as those from which it is accessed. Regulation is very different from country to country and particularly between North America and Europe.

Although not directly related to the Webinar’s main subject, the undercurrent of the presentations was perhaps the most important. Cloud Computing is currently in fashion which has lead to many “Cloud” solutions being implemented when perhaps they shouldn’t have been. You would hope that the technology industry would be based more on fact that fashion but unfortunately that doesn’t seem to be the case.