Part 2 – How Privacy Could Cripple the Cloud
Security and privacy are often mentioned together. This is natural, because they are related, yet distinct topics. Security is a technical concept concerned with the controlled access, protection, integrity, and availability of data and computer system functions. Privacy is a common policy objective that can be achieved in part by applying security principles and technical solutions. In previous posts, I’ve discussed how cloud security is not really a problem, any more so than it is in IT in general, when it is approached properly in the cloud environment. Privacy, as discussed in Part 1 of this series, is unfortunately not so “simple.”
I’ve already made the case that some commonly held beliefs about what is inherently secure or insecure are based on control of the physical infrastructure and ownership of the premises where the infrastructure is located. I’ve further posited that these ideas are outdated, and at the very least insufficient to insure secure cloud systems (as well as traditional data centers, for that matter).
In the discussion of privacy, we’ve seen governments urged to action by their citizenry to combat the erosion of individual control of personal information. Unfortunately, lawmakers have approached such legislation from the outmoded perspective of physical security. Privacy laws are rife with injunctions that PII must only be stored or transmitted under circumstances that derive from a physical location. The European Union, for example, forbids the PII of any EU citizen from being stored or transmitted outside of the EU. Although treaties such as the EU-US Safe Harbor Framework, established in 2000, facilitates some degree of data sharing across the EU-US boundary, it is showing signs of failure when applied to cloud-based application scenarios. Although laudable in their intent, privacy laws that dependent upon containing data within a particular jurisdiction can prove to have more negative effects on both privacy outcomes and achieving the full benefit of cloud-based global services to the individual being “protected.”
First, given the highly-publicized data breaches of large corporations and government entities, it is obvious that data behind a brick wall is still quite vulnerable. Laws that mandate limits on where data can be stored may convey a false sense of security to those who think that meeting the law’s requirements results in sufficient protection. Socially engineered attacks can penetrate all but the most highly guarded installations, and once the data has been extracted, it is impossible to “undisclose” it. Again, it is the perimeter-based model that is not up to the task of protecting data in a hyper-connected world. Second, limitations on how data can be shared and transmitted can negatively impact the owner of PII when they cannot be serviced by cloud vendors outside of their jurisdiction. Frameworks such as Safe Harbor are band-aids, not solutions.
One solution is to endow sensitive data with innate protection, such that wherever the data goes, its protection must also go. A container model for self-protecting data allows for the owner to specify his or her intentions regarding the data’s distribution and use, regardless of its location, and is the zero trust model for data. Rather than depend on a perimeter and control of physical infrastructure to insure privacy objectives are met, the policy is built into the data container, and only when the policy is followed will the data be made available.
Of course, such a solution is easier described in a paragraph than implemented, although many valiant efforts have been attempted to varying degrees of success. Still, a viable implementation – one that is scalable, robust, and easily made ubiquitous – has yet to be created. Unfortunately, the wheels of governments and legal systems will not be inclined to wait for it. Without educating policy makers to better understand the real threats to privacy rather than the perceived ones, we invite a continued spate of ill-conceived requirements that could make the problem worse while ironically robbing “protected” citizens of the full value of cloud technology.