As enterprises explore public cloud storage and/or integrate it into their IT systems to create hybrid infrastructure, security, control and data portability have been ongoing concerns. The European Parliament recently backed a resolution pushing for interoperable cloud standards to increase competition between vendors, but on a smaller level, many organizations are still working on setting up transparent, flexible contracts with cloud providers.
The European Commission has been working with the European Telecommunications Standards Institute on a cloud computing strategy that would formulate new standards for cloud services. More specifically, their guidance promotes data security, portability and interoperability, making the case that open cloud architectures can enable better protection of sensitive data while also benefiting businesses, which won't be locked in to one service.
Going forward, the EC may investigate the ramifications of storing copyrighted works in the cloud, as well as how to keep data at-large safe from surveillance. The European Parliament has pushed for providers to become jointly liable with customers in regard to protecting data and responding to breaches.
Some service-level agreements with cloud providers have certainly been too vague or opaque to assuage customer concerns about how their data is processed. Writing for Network Computing, Peter Long advised companies to carefully review the terms of service in any cloud contract, checking for specific provisions such as whether the provider can change or copy data, how fees are structured and which party is liable if the servers are compromised.
While many organizations still fear attacks on cloud storage, vendors are continually improving cloud security for data at rest and in transit. SYS-CON Media's Eric Silver explained that some backup providers offer 256-bit encryption, which is virtually impossible to bypass without having the appropriate key. Vendors such as IBM have also been working on solutions that shield data during pre-transfer, addressing the vulnerability of information as it makes it way between data centers and public clouds.