The other day I wrote a post titled While the fat versus thin debate is no longer relevant in the cloud, ownership of and accessibility to sensitive data is now the key consideration, in which I broached the subject of data security in the cloud, especially as it relates to unwanted government access to confidential information.
The real question is how do you operate in a global business community without compromising your interests or those of either your partners or customers so as to avoid a possible lawsuit such as the current action involving Amex?
The answer as my 49th Parallel co-host Jim Bouchard would say is a simple, not easy.
With this seeming paradox in mind, and rather than offer my two cents on the subject – after all you can read what I have to say anytime, I sought out the opinion of another one of Procurement Insights’ resident experts to provide their take on the question regarding data ownership and access.
Richard Stiennon
Renown author of books such as Surviving Cyber War and the highly informative and controversial ThreatChaos.com blog, international security expert Richard Stiennon provided in his usual succinct fashion, incredible insight relative to my above referenced post.
Here is what Richard had to say about data ownership and security in the cloud:
Very interesting piece Jon. I have not been tracking the Amex case. I was familiar with Canadian and European concerns over using data centers in the US, particularly for email archiving. There is a wide spread fear that the NSA reads everything, or at least has the power to grab those records. The other way, when data is stored overseas, giving the NSA jurisdiction, I had not seen.
That said . . .
Protecting data is actually quite simple Jon. ALL data should be encrypted ALL the time in the cloud. View your provider as the enemy. They cannot control their privileged users and they are subject to subpoena or lawful intercept. If encrypted and if the encryption keys are stored off the cloud, you have control over your data and do not have to worry about third party jurisdictional issues.
So, what are your thoughts relative to Richard’s recommendations? Do you agree or disagree?
As always, use the comment space in this blog post to throw your hat into the proverbial opinion ring.
30
Procurement Insights 
Lucky Balaraman
June 9, 2011
I’m quite sure the NSA, with its eyes closed and one hand tied behind its back, will be able to crack any encoding you might manage to achieve.
Lucky Balaraman
CEO
TMG
Chennai, India
Providers of engineering and architectural CAD services
procureinsights
June 9, 2011
So is it safe to assume Lucky that there is no such thing as secure data . . . and if not, what effect does this have on cloud adoption (if any)?
Purushothaman
September 28, 2011
“ALL data should be encrypted ALL the time in the cloud.” It is not possible and I strongly disagree to it..
piblogger
September 28, 2011
Just to be clear Purush, with what do you strongly disagree . . . encrypting the data or the position that said encryption is not possible?
Purushothaman
September 29, 2011
Encrypting the data is not possible.