For businesses that may be looking at cloud computing as a key way to address cost savings and communications versatility, Cassels Brock & Blackwell LLP partner Bernice Karn has important advice: “Do your homework.”
In fact, Ms. Karn is warning that ‘key business’ should never be entrusted to the cloud.
While the model is alluring, with its offer of easy, scalable and low-cost configurable computing resources via the internet, the inherent security issues can’t be overlooked. While some of the risks aren’t new, the cloud environment is unique in that it creates a world where virtualized servers exist on one physical box, providing facilitated opportunities for ‘tenants’ to gain access to one another’s data or to attack the server with malicious code.
“Any time computing resources are shared by a number of users, the potential exists for virtual neighbours to gain visibility to a user’s activity patterns, which might potentially enable the creation of covert and side channels into the neighbour’s data,” notes Ms. Karn. “Activity patterns may be accessed and lead to reverse engineering of a digital customer base or discovery of revenues.”
Other issues of concern include data co-mingling, questions of data ownership, the location of stored data, data retention periods, provider consolidation and regulatory compliance.
Any Canadian organization seriously contemplating the use of cloud computing should carefully analyze the risks and rewards and commit to taking advantage of the various contractual modifications and user best practices that offer enhanced protection.
Adds Ms. Karn, “Keep in mind that the basic premise of cloud computing is that it offers exactly the same service for many users. That’s what makes it low cost. So the cloud providers may not be willing to contractually agree to clauses that will require them to perform the service differently for each user. In other words, like with everything else, you get what you pay for.”