Taking A Dim View Of Cloud Data Storage Privacy

The FTC is taking a closer look at how cloud computing service providers handle data privacy issues. Is this really a step in the right direction, or another bureaucratic exercise in futility?
The FTC is taking a closer look at how cloud computing service providers handle data privacy issues. Is this really a step in the right direction, or another bureaucratic exercise in futility?According to a recent InformationWeek article, the Federal Trade Commission (FTC) is responding to a Federal Communications Commission (FCC) effort to determine "how broadband and data portability issues relate to cloud computing, identity, and privacy" as part of the FCC's National Broadband Plan: "[T]he ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," wrote FTC attorney David C. Vladeck in a letter to FCC Secretary Marlene H. Dortch. Over at Ars Technica, a similar article drew a number of interesting reader comments. Many of these comments point out that users have a responsibility to know how a cloud service provider intends to protect their data -- and how it proposes to use their data for marketing or tracking purposes.

Others note that trying to make sense of the average provider's terms of service or end-user licensing agreements requires a law degree. Even then, the only conclusion you can draw in many cases is that providers are bending over backwards to ensure that their EULAs give them as much latitude as possible to use -- or misuse -- customer data.

Persuading service providers to adopt human-readable EULAs or TOS agreements in this litigation-happy age makes putting toothpaste back into the tube sound like child's play. But there are still common-sense steps that small businesses can take before they entrust their data to a cloud computing service provider.

The first and most obvious step concerns encryption. If your company plans to store sensitive data in the cloud, then deal with services that employ end-to-end encryption. Another alternative is to encrypt your data on the desktop, using a tool like TrueCrypt, before uploading your data to the cloud.

Don't Miss: NEW! Storage How-To Center

If losing data could harm your business or your customers, then it's time to walk away from any cloud-based service that can't offer a satisfactory level of data encryption.

When using cloud-based applications for business purposes, make an effort to understand how, when, and to what extent a provider monitors your online activity for marketing purposes. If you can't get straight answers to your privacy-related questions, or if the answers sound fishy, then at least you know what you're getting your company into.

Also look at whether a provider employs open standards to deliver services, including data storage services. Uploading your data to a service that employs proprietary data-storage formats requires a leap of faith that no business owner should be comfortable making.

Finally, are you aware of a provider's data retention policies? If these policies are anything like those employed at Facebook, run away and don't look back.

So, will that FTC inquiry help to straighten things out? Don't hold your breath. Government regulation has so far failed miserably to protect businesses and their customers against an endless series of data breaches and invasive marketing schemes.

If this is what the future holds for cloud computing, maybe it's time we all took a deep breath and stepped back. We need to hold cloud computing providers to a far, far higher standard.

Editor's Choice
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
John Edwards, Technology Journalist & Author
Carlo Massimo, Political Reporter and Columnist
Nathan Eddy, Freelance Writer
John Edwards, Technology Journalist & Author