Understanding where a file goes when you save it to your PC is a fairly simple concept. It lives on your hard drive in a set of folders that you have most likely created and organized yourself. Those files are only stored on your computer, in your home or office, under your control. What about saving files onto the cloud? Where do those files go? Who controls them? Who 'owns' the data? Who owns the cloud? Whose cloud is it anyways?
What Is the Cloud?
To understand who owns the cloud, you have to start with a basic understanding of what the cloud actually is. At the most basic level, the cloud is a network of connected servers. When you save information to these servers you can access your data from any computer that is connected to the clouds network. Data can also move from server to server 'through the cloud' without the need to download then upload large chunks of data.
The concept of the cloud is one that has been developing over the past 50 years. The idea was introduced in the sixties by J.C.R. Licklider, who was responsible for enabling the development of ARPANET (Advanced Research Projects Agency Network) in 1969.
J.C.R. Licklider was an American psychologist and computer scientist and is being considered one of the essential figures in computer history.
His vision was for everyone on the globe to be interconnected and accessing programs and data from any site anywhere. This later became the basis of what we now know as the internet. The term Cloud Computing, however, was not coined until the late 90s and early 2000s as it started to become available to the masses.
Where Is the Cloud?
Keep in mind that the Cloud is not just a few servers either. Data is stored in very large warehouses that are managed and guarded by companies like Google, Apple, and Dropbox. Yes, the cloud is a real physical and tangible storage facility (not in the sky).
The cloud is complicated in nature because there are multiple parties involved rather than just one in the case of local storage. If you give your data to a cloud provider, your cloud provider can outsource its work to another storage or process provider, so who is responsible if your information is lost or damaged?
Who Owns the Cloud?
Ownership rights are generally covered by three areas of law—copyright, confidentiality, and contract. Copyright grants the creator of an original work exclusive rights for its use and distribution. Confidentiality, are contracts entered into by two or more parties in which some or all of the parties agree that certain types of information that pass from one party to the other or that are created by one of the parties will remain confidential.
A contract is a voluntary arrangement between two or more parties that is enforceable at law as a binding legal agreement. However, the implementations of these laws are all dependent on the country where your data is being stored. If your data is created in one country and stored in another the rules that apply become skewed.
There are two types of data in the cloud. Data created outside the cloud and data created within the cloud. You can safely assume that data created outside the cloud belongs to the creator, under copyright laws. Conversely, ownership of the data created IN the cloud either by the customer or the provider is not so clear-cut. You need to be conscious of the service agreement language between you and your cloud provider.
Moving forward, well-established cloud vendors are beginning to construct their service agreements to include the privacy of your data. For example, Section 3.2 of the Amazon Web services customer agreement states:
We will not (a) disclose Your Content to any government or third party or (b) subject to Section 3.3, move Your Content from the AWS regions selected by you; except in each case as necessary to comply with the law or a binding order of a governmental body. Unless it would violate the law or a binding order of a governmental body, we will give you notice of any legal requirement or order referred to in this Section 3.2.
Advances are being made towards the security and privacy of data stored in the cloud. So long as customers continue to strive to protect their intellectual property rights, smart cloud providers will listen and respond.
Depending on the sensitivity of your data and how it’s processed in the cloud it may be necessary for you to negotiate the contract language between you and your provider.
To keep up to date on legal issues surrounding the use of the cloud check out this great resource at the Cloud Legal Project.
How Safe Are My Data In the Cloud?
Generally, cloud servers are quite well secured, but due to super high costs of top-notch security, it makes little sense implementing super expensive measures for everyone. That being said, the question arises. How safe are my data in the cloud? What are cloud companies doing to protect my data?
Among basic safety measures that cloud companies implement we can find:
- Advanced firewalls. Not just any firewall, but advanced systems checking for data packets, examine the source and destination data and also verify packet integrity.
- Intrusion detection. It can happen - intruder breaks through first lines of defence and gets into the system. That is why there are in place intrusion detection systems, which identify when someone is trying to break in and tracks odd user behaviour that might be an intruder. When a user is evaluated as a treat, he is either evicted or put into Cloud Prison, where he waits till he is properly verified as an actual real user.
- Event logging. In case it is already too late to stop the intruder, it is important to proceed with the analysis of the system, see what happened, how did it happen, and to release safety patch to patch the path. This seems like a far-too-late solution, but it happens quite often that intruder chooses for his first attack so-called poking attack. This attack is meant only to poke defence systems to see whether a full-scale attack would be possible or not. Even logging also serves as a database of all odd user behaviour, the user needs and helps improving security systems by evaluating user behaviour patterns.
- Internal firewalls. In the cloud, similar to other systems, are layers of access, where some accounts may access and some not. Since some attacks manage to penetrate the first less secure level, the internal firewall is meant to prevent the attacker from getting deeper into the system causing more damage.
- Encryption. Encryption is fancy applied math applied to a secure system. Encryption works in a way that every user gets generated (literally calculated) key. This key is then applied to open up the file by calculating its way through the encrypted file. When an attacker steals file that has been encrypted, and couldn't steal pattern, formula which would calculate the file data, he will end up with worthless mesh of characters. Encryption complexity rapidly increases, and as of now, there is standard encryption of 256-bits. The most advanced being AES encryption system. To break this system (to calculate all possible outcomes) it would take, to the most powerful supercomputer in the world (MilkyWay-2) a couple of million years.
- Physical security. Every modern data centre is being monitored by a surveillance system and has on-spot guards to take care of possible in-person intruders, secure data in case of a natural catastrophe or during unexpected events, like a fire attack.
- Insurance. It can happen that this all will fail. What then? In most of the developed world data, centres must be insured. So when there is already data breach, you should be compensated for every misfortune this brings.
To Wrap It Up
Cloud is a system of data centres placed around the world and served to you from the nearest physical location. There your data are securely stored under non-stop software and on-spot surveillance. Cloud security systems are physical security, insurance, data encryption, internal firewalls, external firewalls, event logging and user behaviour evaluation, and intrusion detection. Security of data in the cloud is often the largest bill in operating costs, but due to economy of scale, you don't have to worry about paying enormous sums for your data protection.
Data clouds have both its perks, like security, low maintenance costs and data availability from anywhere, and disadvantages like you can never be sure where all your data physically are stored.
