The new and the old of cloud privacy
Yesterday I was honoured to have an opportunity to speak briefly at the Privacy Commissioner's Privacy Forum, titled "Think Big? Privacy in the age of big data".
A question was put to a panel by Vikram Kumar from InternetNZ as follows: “There are many real privacy risks in relation to cloud services. There also many misconceptions. What do you think is the single greatest risk and the single biggest misconception?”
Cloud services can give rise to privacy issues, but perhaps the biggest misconception is that privacy issues arise because a service is deployed in a cloud.
People need to make decisions about which services to trust. This means weighing up the characteristics of a given provider and service against what is relevant and important to them, or to their organisation. To approach decisions in a principled way, it is critical not to over-simplify. We need to understand the true sources of potential issues.
For example, outsourcing, offshoring and shared infrastructure pre-date the cloud. Naturally, these practices give rise to the same considerations as they always have, and that's true whether a service is deployed in a cloud or not. Some cloud services will involve one or more of these practices, but many clouds will not.
Cloud services can be self hosted, on-shore, and dedicated to one organisation. This is increasingly common, and a cloud dedicated to one organisation is generally referred to as a private cloud.
Cloud computing is simply one way to deploy computing services more efficiently.
There are two core technical aspects that are at the heart of cloud computing. Firstly, services deployed in a cloud are virtualised, so that, they run in a logical environment. And secondly, services deployed in a cloud are managed in a highly automated manner.
But these technical aspects - virtualisation and automated management - don’t in themselves present new privacy issues.
Of course there are many Internet and data trends that can give rise to new privacy issues. For example, the internet advertising business is made more profitable by profiling people. There are serious issues to debate around big data, and biometrics.
But again, these are not issues with the cloud per se. Just as cloud services can be deployed in a private cloud for a single organisation, many cloud services have nothing to do with advertising, big data, or biometrics.
Of course, the public interest in cloud computing provides a new need and opportunity for people to demand responsible conduct from their providers. But it is important in decision making to understand what issues are, and unfortunately it's not as simple as treating all cloud services the same. Each cloud service is unique.
There was also a question about the steps a person or organisation can take to mitigate the risks, and in that context I briefly discussed the elements of trust for Internet privacy from my previous article.
Here's to a bright, and trustworthy, future of cloud computing.
Article by Waldo Kuipers, Corporate Affairs Manager, Microsoft New Zealand Limited
Update (12 June 2012): A video of the presentation to the Privacy Forum is now live should you prefer that format.
[View:https://www.youtube.com/watch?v=LOfaWlWtTRw&feature=plcp]
Cartoon (Applications in the Cloud) is © Chris Slane. All rights reserved. Used with permission.