Cloud computing is getting more and more popular due to allowing clients to access computing services conveniently through the Internet. Here we can consider the internet as the medium to transfer a service to the client. There are, however, some privacy drawbacks to this convenience. In this article, we try to investigate the roots of the problem to give you an idea of how to choose the suitable technology for your needs.
Background of the concerns
In the most basic way, the concerns regarding cloud computing and data privacy are related to the fact that with off-premises deployment, the server could be located anywhere in the world while in the conventional on-premises mechanism, all the computer resources and software are established on the premises of the organization using them, rather than at a remote facility such as a server.
The popularity of cloud computing is more related to eliminating two problems:
- Cost of computational resources
- Time of deployment
Provisioning these two factors was never an easy task, therefore using a technology that pretty much solves both at the same time seemed very intriguing. However, there are always some hurdles along the way and here it is the privacy of personal data. Whether it’s your own sensitive data or the other people’s information that you’re storing.
Off-premises deployment using cloud computing is always worthy of our attention but we need to know how they impact privacy compared to on-premises alternatives.
Let’s take a look at cloud computing and its major privacy issues.
Root of the Concerns
To better understand such privacy concerns, we first need to know a little bit about this technology. Cloud computing is a model to deploy and access computing resources. The basic characteristic of this model is using the internet to transfer information to a or more remote locations. Such services are usually provided by third parties called cloud service providers.
Cloud service providers are very helpful in provisioning. You might have heard “pay as you go” or “pay what you use“, which indicates you don’t need to provision exactly how much resources you need and you pay only for what you use, and if you need more you can easily pay the extra amount.
Privacy Concern Points
There are several players in this game. Firstly, the cloud service provider, then the software service providers, the customer, and the end-user.
- The cloud service provider owns the infrastructure and hosts software and application which brings us to the next point
- The cloud platforms which is an application service that runs on the cloud.
- Software service providers on the other hand create the applications that customers use to benefit from cloud computing services.
- The software service providers can also be independent in that case we can call the independent software vendor who only uses the cloud platforms to deliver its software to customers.
- The customer can be an enterprise with several employees who are end users of the service
Now let’s consider some scenarios to show how these players can interact with each other to provide users with a specific service. The scenario can be as simple as cloud service provider → cloud platform → end-users where users have access to their emails via software deployed in a cloud platform by the cloud service provider. Alternatively, it can be more complicated like cloud service provider → cloud platform → independent software vendor → customer → end-users where users have access to their emails via software used in a company as the customer which is deployed in a cloud platform by an independent software vendor hosting it on the cloud platform provided by a cloud service provider.
Why do we need to know this? Because only this way that we have a rough idea of how many steps our data should travel for us to be able to use a service in the cloud. Potentially, each exchange point represented by → can be a privacy concern point.
Each exchange point between different units is a potential touchpoint and therefore a privacy concern for our data.
Cloud Service Types
This is important to know different models of cloud services as it gives us a clearer picture of what actually cloud services are. Let’s quickly cover different models. These service models were originally introduced in The NIST Definition of Cloud Computing.
- Software as a Service or SaaS – Providing consumers to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a web browser or a program interface.
- Platform as a Service or PaaS – Providing consumers to deploy consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider onto the cloud infrastructure.
- Infrastructure as a Service or IaaS – Providing consumers to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
In SaaS, the consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. In PaaS, the consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. In IaaS, the consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components e.g. host firewalls.
|Has Control Over||SaaS||PaaS||IaaS|
|application configuration settings||Limited||●||●|
You can choose different deployment models which each has its own pros and cons regarding data privacy.
- Public Cloud – Provisioned for open use by the general public and owned, managed, and operated by a business, academic, or government organization. It exists on the premises of the cloud provider.
- Private Cloud – Provisioned for exclusive use of single organization and owned, managed, and operated by the organization or a third party and it may exist on or off-premises.
- Hybrid Cloud – A composition of two or more cloud infrastructures including private and public that remain unique entities, but are bound together.
Cloud Computing and Privacy
Now that we know the basics of cloud computing, let’s consider these points and see which may be a privacy concern
- You run a business and need to share your information with a cloud provider
- You are an individual user of cloud computing services and need to leave your data to third-party
- The geographical location of your stored data on the cloud and the local law on how to treat the information
- Disclosure of your information to private parties
- Migrating your data from one cloud provider to another while you need your data to be removed compeletly from the first one
- Obligations the specific cloud provider has about disclosing the data
As you see at least some of them can be a concern no matter what cloud services, which model and you use as long as you are not using the on-premises deployment. This will be the topic of our next article on data privacy.
You can find out more about the differences between cloud and on-premises deployments in the
Cloud computing as a means of accessing computer resources through the Internet provides different advantages such as scalability and ease of use. However, we need to have a rough idea about how they work to avoid any potential privacy issues.
A cloud platform basically provides infrastructure and the operating system to deploy software in the cloud. Software-as-a-service is essentially software deployed and accessed through the Internet.
The roots of privacy issues are tied to cloud computing structure which leaves your data vulnerable by exposing it to different touchpoints so service providers and the users should pay more attention to details when moving to the cloud.