How disruptive is the cloud?

  • By Paul Rubell
  • 13 Feb, 2014

Big data is disruptive technology. As a result, cloud computing poses both legal and practical challenges to privacy and information security.

The digital location of data is essential to its warehousing, use and manipulation.

But its very existence makes the data vulnerable to malicious and inadvertent breach.

This is not a new phenomenon. “Name, rank, and serial number” was the axiomatic way that the Army sought to minimize the disclosure of military secrets and private data – yet by design, it also disclosed a modicum of personally identifiable information; namely, one’s name, rank, and serial number.

Today, the law tries to keep up with the rapid pace of technology, but it cannot.

Legislation compels companies, governments, healthcare providers, financial institutions to adopt Big Data and to deploy protective measures.

The litany of statutes that aim to urge the adoption of cloud technology and at the same time, to protect corporate secrets and individual privacy, grows by the day, including these:

  • HIPAA and the HITECH Act (electronic medical records and their privacy and security);
  • Stored Communications Act (data at rest);
  • Electronic Communications Privacy Act (data in transit);
  • EU Privacy Directives;
  • Digital Millennium Copyright Act (prohibits anti-circumvention).

The solutions to legal privacy problems can only be legislated so far. Business needs to deploy smarter technology to protect their own information and that of its customers, B-to-B and B-to-C alike.

Technology providers need to rethink and retool their security measures continually. How is it possible that vulnerabilities occur on a daily basis to software applications created by global developers such as Microsoft, Oracle, and Adobe?

It is always the weakest link that poses the greatest threat to secrecy and privacy and security.

Therefore, identifying weak links must be a mission-critical priority.

The recent credit card breach at Target stores was caused by an outside vendor’s sloppiness. But said another way, it was Target’s sloppiness in its selection and oversight of its outside vendor that enabled the breach to occur.

Weakness in a pipeline can allow gas, oil or water to dribble out or to explode into the ground or atmosphere.

Similarly, weakness in cloud security can disrupt the disclosure of private information that belongs solely to a business, an individual, or a government.

Without politicizing the incident, the Edward Snowden debacle highlights how security lapses at one layer can lead to the unauthorized disclosure of confidential information.

Snowden, Booz Allen, or the US government: who facilitated the secrecy leaks? Was it the person (Snowden) who illegally took data and released it publicly and purposefully? Or did the lapse really occur when Snowden’s employer, Booz Allen, failed to take appropriate measures in hiring him and maintaining his security clearance? Or – did the United States of America deploy enough safeguards to oversee the actions (and inactions) of its vendor, Booz Allen?

Cybersecurity and the law need to work together, not at cross-purposes.

If corporate policy doesn’t require frequent changes of hard passwords and encrypted email, it really doesn’t matter what the law says.

If security privacy is not enforced from a criminal as well as civil standpoint, runaway hackers will be emboldened.

Unless social media precautions are taken, trade secrets and personal information can leak like a sieve.

The solution is clear. The technology, business, government, and legal communities need to work hand in hand if the homeland, business, and personal security are to be protected.

Cyberliability and Privacy Issues in the Food and Beverage Industry

By Paul Rubell November 2, 2018
Cyberliability and privacy are very important to the food, beverage and hospitality industries. Today the industry faces many 21st century risks. Paul Rubell addresses these risks.

Europe Can Regulate Your Company's Facebook Page

By Paul Rubell July 16, 2018
by Paul Rubell, Esq. Every company in the world that has a Facebook social media page may be subject to the European Union’s newly-enacted GDRP (General Data Protection Regulation) and the chokehold of EU law enforcement. Many businesses wrongly believe they are not collecting personal data via their Facebook pages but that is likely not […]

USA indicts the Chinese hacker who breached Anthem’s website

By Paul Rubell August 30, 2017
  by Paul Rubell, Esq. A 36-year old Chinese national from Shanghai has been indicted by a federal court in California for transmitting malicious software tools to companies located in the United States. Yu Pingan was arrested on August 27, 2017 when he arrived in the United States to attend a conference.  Pingan used the online pseudonym […]

Are violent selfies protected by the Constitution?

By Paul Rubell April 29, 2017
Taking videos is a form of expression that is guaranteed by the Bill of Rights. However, even free speech has constitutional limits. For instance, if you shout "fire" in a crowded theater, you can be arrested and the 1st Amendment will not protect you.

Not best practices: Apple’s iCloud is neither private nor secure

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Can your business survive a massive data breach? If your business stores, backs up or syncs its data to the cyber cloud, take note. Apple’s iCloud is currently the subject of ransomware. As you will read, the moral to this article is that confidential business data, trade secrets, customer lists and […]

Best practice to keep your trade secrets private: avoid Password Managers

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Information is the currency of 2017. For this reason it is mission-critical to keep data currency safe, secure and private. Just as gold bricks should be stored in a physical safe, data needs to be kept secret electronically. Passwords are the key to enter the digital vault. Strong passwords are designed […]

Twitter says hello to hacking; Users say goodbye to privacy

By Paul Rubell March 16, 2017
Enjoy my newest article. You can read more on my blog at paulrubellblog.wordpress.com.

Awaiting the President’s Cybersecurity Executive Order

By Paul Rubell March 13, 2017
by Paul Rubell, Esq. Witness today’s risks of cyber crime.  Hackers, bad actors and foreign governments have long had the ability to assault our Nation. Current events have opened citizens’ eyes to the reality of the cyber threat. It is remarkable how the public has either forgotten or turned a blind eye to well-known security […]

Net Neutrality is No More

By Paul Rubell March 3, 2017
By Paul Rubell, Esq. Internet users have been suddenly stripped of an important source of privacy protection.  On March 1, 2017, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) abruptly suspended the net neutrality rules that had been scheduled to go into effect on March 2nd.  Internet users in the United States have […]

Cross-Browser Tracking: It’s time to update your Privacy Policy!

By Paul Rubell February 16, 2017
by Paul Rubell, Esq. It is remarkable that many companies do not know the vastness of private information they obtain from their social media and website.  It is essential for every business to understand its legal responsibility to protect their customers’ personal information. OLD NEWS:  Web browsers can follow your voyage through the Internet. Firefox, Internet […]
More Posts