top of page
Search
    • 5 min read

Privacy Concerns Still Slowing Cloud Adoption


While cloud adoption is still growing rapidly, there remains a determined base of companies who have rejected cloud adoption. These companies overwhelmingly worry about security/privacy issues, particularly relating to customer data. Cloud computing privacy concerns are real and many businesses currently lack the tools to master the additional challenges that cloud adoption might bring.


There is frequently a misconception that addressing cloud computing challenges would be far too expensive. There are also many cloud privacy concerns. When companies are planning a transition to cloud services and applications, there are 5 questions that must be addressed:

  1. What is the best way to get reliable cloud security for a reasonable price?

  2. Does cloud computing affect privacy?

  3. What are the risks and concerns of cloud computing?

  4. Which is the biggest concern about cloud computing?

  5. What is cloud privacy?

The cloud infrastructure is becoming too complicated to monitor effectively

A recent survey of companies in Europe and the UK reveals that data privacy, regulatory compliance and cloud privacy concerns are by far the largest concerns of information security professionals. With the EU’s General Data Protection Regulation (GDPR) taking effect next year, heralding a 79X increase in fines, it’s no wonder that these priorities are top of mind.


What’s disheartening, however, is that 42% of information security professionals also admit that they lack both the tools and talent to keep their customers’ privacy intact. The ties between on-premise data centers, public cloud resources, and vendors or partners have become so numerous that companies are no longer confident that they can track and secure sensitive data and meet basic cloud storage privacy concerns.

How does data migrate from security to insecurity?

Here’s a common scenario in which there’s a potential for sensitive files to end up in a risky location where they are vulnerable to attacks. In theory, your sensitive data storage should adhere to the following requirements

  • It should be located on a secure, centralized server (or endpoint, as long as the information is part of a backup and tracked by a secure DLP solution).

  • The data should be encrypted, with access limited to authorized personnel only. Never underestimate the level of threat.

  • Whenever that data is decrypted for use or modification, there should be an auditable record stating who decrypted which files, and for how long.

In practice, this degree of security is not always feasible. On the one hand, latency issues might reasonably prevent companies from storing critical data in a centralized location. On the other hand, people like shortcuts - and do not always understand cloud computing privacy concerns.

Does cloud computing affect privacy?

Cloud computing clearly affects privacy and any business or organization that uses cloud computing needs to understand the relevant laws relating to data security.


Whether it’s due to practicality or human error, there are a number of factors that might cause your employees to place sensitive files in cloud storage. It may be much easier to access those files there — but it’s a terrible risk for customers.


A Boston-area hospital, St. Elizabeth’s Medical Center, was recently assessed a $218,000 fine for that exact situation, in which unencrypted PHI was stored on the cloud without a single risk assessment.

What are the risks and concerns of cloud computing?

Cloud computing privacy concerns cover a range of key issues. The primary failure of St. Elizabeth’s was that the organization didn’t conduct a risk assessment. The hospital could have been spared a good deal of expense and embarrassment if its managers had posed the basic question: What is cloud privacy?


It’s entirely possible to store PHI or PII on the cloud safely. For example, a company in California opens a branch in NYC. The branch office needs access to PII, but accessing the massive database remotely entails a great deal of latency, which cuts into productivity.


In this scenario, it would be perfectly acceptable for the company to host an instance of that database with a cloud service provider that runs a data center on the East Coast. As long as certain precautions are noted and observed, there’s a reduced liability with regard to HIPAA or PCI-DSS. For HIPAA, these precautions include:

  • Always encrypt PHI in the cloud

  • Always send PHI over encrypted connections such as SSL

  • Always understand where your PHI resides — which cloud, which VM, and if possible which bare-metal server

Storing other kinds of sensitive information, such as PII that’s protected under PCI-DSS, entails slightly different requirements (They’re listed in greater detail here). Under this compliance regime, the customer and the cloud service provider must undertake a carefully negotiated relationship.


For example, let’s say that a cloud provider controls the firewall around a customer’s application. It’s the cloud provider’s responsibility to keep maintaining the firewall. It’s the customer’s responsibility, however, to ensure that the firewall is configured in accordance with a particular compliance regime.


In a different example, let’s say that a customer is working with an MSP. The MSP administrates the customer’s IT, and provides cloud storage. The cloud storage, however, is provided via yet another third party. In this case, it’s the customer’s responsibility to track down this third-party relationship and understand how they handle security in turn — but this brings us back to our initial problem:


With increasingly complicated cloud architecture, it’s becoming more and more difficult to understand where in the cloud your data actually is, and how it’s administrated. Companies need a solution which lets them track and control their data in real time.

You may also be interested in:

A Practical Approach to Data Privacy and Compliance Insider Threat at The Age of No Perimeter Privacy Concerns Still Slowing Cloud Adoption

Why and How to Balance Security & Usability

Data privacy – a Daunting Opportunity

Which is the biggest concern about cloud computing?

Since the COVID-19 pandemic and the transition to remote working, one of the biggest cloud storage privacy concerns is employees having remote access to sensitive data - often via multiple devices. The internet is not a safe place and any device or website can be compromised.

Protect your data with Actifile

Actifile helps IT administrators simplify the process of locating sensitive data in a complex environment. Instead of relying on manual record-keeping, Actifile appends code to each piece of PII, PHI, or other sensitive data you need to be aware of. IT Administrators can take instant action by:

  • Automatically discovering where sensitive data lives on your network, and getting a notification when it’s out of place or potentially harmful to your organization.

  • Detecting actions such as attempting to move, print, or delete customer information, intercepting any attempt to steal or corrupt your mission-critical information.

  • Both malicious actions and human error can be prevented with active protection that can block individuals from sharing, sending, or downloading sensitive data.

As long as your data is on a cloud, server, or endpoint with anActifile node, you’ll be able to know where your data is at a touch of a button. If someone tries to move your data somewhere where there’s no Actifile monitoring — such as a USB drive or an unmonitored private cloud — you’ll know right away. A free risk assessment is the first step towards preventing your data from ever being lost, leaked, or stolen.

bottom of page