Monthly Archive for March, 2010

Cloud computing – data privacy and compliance

By Olafur Ingthorsson on March 25, 2010 in Cloud Security. 5 Comments

Often, when the cloud computing discussion takes off, especially in relation to public clouds, one recurring issue soon emerges, namely, the the issue of data privacy and responsibility. It seems clear that different legislations related to data privacy and, especially, cross-border transfer of data is causing a lot of uncertainty and retention by many IT managers considering cloud services. Especially does this relate to certain type of data, e.g. financial information, health records and personal identifiable information. With the global distribution of data centers and the opaquenature of data location in many cloud services – e.g. do you actually now where your Google Apps information is physically stored? – complicates matters further. Compliance with local regulatory issues can be a thorny and sensitive issue, especially for organizations. There are many questions that arise concerning data privacy, accessibility and administration, such as:

  • Data seizure due to legal investigation – organizations need to adhere to local legislation
  • What is the accessibility of local authorities to data under investigation residing in a different jurisdiction
  • Fear of infringement of data protection rights due to seizure of a server in the host jurisdiction
  • Data losses caused by cloud provider and unauthorized disclosures in the cloud
  • The cloud provider goes bankrupt – what happens to my data

If an organization migrates data, application or processes to a cloud provider in another jurisdiction it is still fully responsible for that data and needs to apply to local data protection legislation and regulations when handling personal data. In a public cloud environment this can be difficult as the organization is unlikely to know if and when data is moved, where and how it is stored and, sometimes, who has access to it and what particular security measures are in place. Therefore, it is quite possible that a dispute can arise about who is actually responsible for data protection compliance. Organizations need to be particularly careful when selecting a third-party cloud provider with this in mind and should in all circumstances require a written declaration describing how the provider will address compliance with local legislation and provide assurance in the event of data losses or unauthorized disclosures. Even better, requesting SLAs and certifications of quality and operational control, e.g. equivalent to a SAS 70 Report – Type II (Statement on Auditing Standard 70).

Tags: , , .

The emergence of mobile cloud computing

By Olafur Ingthorsson on March 19, 2010 in Mobile Cloud Computing. 10 Comments

Did yo know that digital media entertainment (DME) traffic currently represented by the iPhone is already 35 times higher than that created by traditional handsets? Many analysts believe that most mobile apps will move from being handset-centric (thick-clients) to the cloud so that mobile terminals will run applications directly from the cloud – especially as apps become larger and feature rich. Today, this is not necessarily the case.

Take iPhone for example – where users purchase and download apps from iTunes AppStore for running them on the phone, although some apps may support back-end processing and data storage as well. Evidently this will change – and why shouldn’t it? Mobile cloud computing is certainly just another method of delivering software applications in a service fashion over the network – in this case wirelessly, e.g. via WiFi and mobile broadband networks such as 3G and WiMax. Mobile network equipment manufacturers and providers are promising that their future Long-Term-Evolution (LTE) platforms will support approximately 170Mbit/s data rate speed (uplink and downlink) in each cell – although in reality the throughput is probably going to be somewhat lower. Obviously the available speed will be dynamically distributed between users within each cell – the more users the less bandwidth for each user.

Users will be able to seamlessly transfer from WiFi networks to mobile operator broadband networks, and vice versa, without necessarily knowing what network he or she is accessing at any particular time. The handset, e.g. smartphone, will make sure that it is selecting and using the most beneficial connection in terms of cost and quality.

Mobile cloud computing

Clearly, this will improve user experience and flexibility and enhance service delivery. Users can access SaaS apps irrelevant of their device, fixed or wireless, PC or smartphone. It should be noted that many analysts, including ABI Research, assert that cloud computing will soon become a disruptive force in the mobile world and, eventually, becoming the dominant way in which mobile applications operate and are delivered.
Tags: , , .