When you choose cloud computing, you will have user data stored in remote servers that can be run by a third party and accessed via the Internet. So, the chances of the data getting compromised are understandably high. In other words, information which is kept inside cloud storage may not be always confidential. Confidentiality refers to prevention of unauthorized data access and ensuring that only users with the rightful permission have access to such stored data.

Why is sensitive data stored in cloud not always private?

The cloud is no doubt a convenient medium for storing data for SMBs and extremely popular because it is flexible, cost-effective and adaptable to different types of businesses, regardless of size or needs. But, at the same time, you should be cautious when using cloud storage as not all types of data is fit for it. For instance, data which is complied by small enterprises that are involved in research activities will have information which is sensitive and private. The lab notes will typically have to be kept private as they may have data which is otherwise not protectable. Such notes may be basis for patent application and this means that all the data contained therein has to remain undisclosed till the time the patent gets filed. 

Just like paper notes which one would have to keep inside safes, electronic data must be also be technologically protected. So, there has to be proper encryption methods and passwords which can prevent unauthorized data access. These must also be updated and changed from time to time. Storing electronic data or physical data on-site involved deploying multiple security measures which are designed to protect the data. This also means that when data is stored in clouds, you actually have limited powers to ensure it stays safe and completely free from leakages or unauthorized disclosures.

In cloud storage, there will be many storage locations which are spread across the globe. Such locations are not always clearly defined. Moreover, the staff which works for your provider will have to manage such data. So, for sensitive data stored in a cloud, there will always be risks particularly since legal framework for the cloud remains uncertain. To be sure that your cloud provider can offer secure storage, you should ideally read through reviews, compare their plans and choose one after carefully reviewing its stand on data loss issues, confidentiality and security. But all said and done, when you choose cloud storage for highly confidential data, even when it is being offered by reputed and reliable vendors, one cannot eliminate risks altogether.

If you are still interested in readymade cloud services like those which the popular cloud service providers offer, you must carry out proper review of the provider’s SLA before you sign up. You should look at the provisions and disclaimers on confidentiality and provider’s responsibility when there is a data loss incident or an unauthorized disclosure. When you have “click-through” terms there is hardly room for negotiations; in other words, the providers will assure that data will be kept confidential and that the staff is also committed to guaranteeing this. But the liability provisions are not clearly stated and this is why data confidentiality may not be fully guaranteed. Most of the providers will steer clear of making any clear declaration of protecting data confidentiality. They will not accept liability for it and there is usually a lack of clarity and transparency regarding the limit up to which data security has been guaranteed.

When you read through the terms and conditions of the agreements you will see there are provisions where data disclosure can be actually requested. When there are sudden leaks provider liability is not known and some contracts are totally silent on the key terms. Uncertainly is also noticeable on issues like applicability of the EU laws for international data transfer. So, in other words, storage vendors will try and give you a secure storage space. They will also impose obligations of confidentiality on their staffs. But one cannot declare that the storage is going to be risk-free. Recently in 2017, data belonging to 200 million Americans was disclosed; Verizon, an Israeli company, had also announced a leak of data belonging to 6 million clients at that time. Representatives of both these companies had explained the events as “human factor” which proves that centralized cloud storage may not be reliable. Today however, this problem of secure storage is being resolved through blockchain technologies.