No Data Privacy In The Cloud
July 01, 2011
Most people understand that data in the cloud won’t have the same level of security and privacy that data inside your corporate firewall has. But some recent news has shown just how insecure your cloud-based data really is.
My colleague Howard Marks recently wrote about the problems with the Dropbox cloud storage service, and how they exposed the accounts of users. These problems led to Howard, and many other users, dropping their own use of Dropbox.
Of course, it wasn’t just the fact that Dropbox made it possible to log into anyone’s account that was the problem (as bad as that was). It’s also the fact that Dropbox has the keys to the encryption of the data, meaning the company (or any party it chose or was forced to give the keys to) could view your data.
The importance of someone else having access to your data became even clearer during the recent Office 365 launch, when Microsoft admitted to a ZDNet reporter that it would turn over data from European companies, in European-based servers, if the data was the subject of a U.S. Patriot Act investigation or request.
Now, everyone has always known that data held in U.S.-based server locations could be the subject of a Patriot Act request, and that the businesses and persons that were the subject of the request might not ever know if their data had been turned over. But I think a lot of companies, especially overseas, were surprised to find that the U.S. government could request their non-U.S.-based data simply if the company running the service was U.S.-based.