SlideShare a Scribd company logo

Intro to cloud computing

Kashif Bhatti, profile picture
Kashif Bhatti

Cloud computing refers to storing and accessing data and programs over the Internet instead of on a computer's hard drive. It allows users to access files, applications, and computing resources from anywhere on any device with an Internet connection. While cloud computing provides benefits like flexibility, scalability, and cost savings, it also raises privacy and security issues because users' personal data is stored on remote servers owned by third-party cloud providers. Organizations considering cloud services need to understand these issues and ensure users' personal information is properly protected.

TechnologyBusiness
1 of 5
Download to read offline
1
2
3
4
5
Introduction to Cloud Computing When you store your photos online instead of on your home computer, or use webmail or a social networking site, you are using a “cloud computing” service. If you are an organization, and you want to use, for example, an online invoicing service instead of updating the in-house one you have been using for many years, that online invoicing service is a “cloud computing” service. Cloud computing refers to the delivery of computing resources over the Internet. Instead of keeping data on your own hard drive or updating applications for your needs, you use a service over the Internet, at another location, to store your information or use its applications. Doing so may give rise to certain privacy implications. Cloud Computing Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, Computer processing power, and specialized corporate and user applications. The following definition of cloud computing has been developed by the U.S. National Institute of Standards and Technology (NIST): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.1 Characteristics The characteristics of cloud computing include on-demand self service, broad network access, resource pooling, rapid elasticity and measured service. On-demand self service means that customers (usually organizations) can request and manage their own computing resources. Broad network access allows services to be offered over the Internet or private networks. Pooled resources means that customers draw from a pool of computing resources, usually in remote data centres. Services can be scaled larger or smaller; and use of a service is measured and customers are billed accordingly. Service models The cloud computing service models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In a Software as a Service model, a pre-made application, along with any required software, operating system, hardware, and network are provided. In PaaS, an operating system, hardware, and network are provided, and the customer installs or develops its own software and applications. The IaaS model provides just the hardware and network; the customer installs or develops its own operating systems, software and applications. Deployment of cloud services: Cloud services are typically made available via a private cloud, community cloud, public cloud or hybrid cloud. Generally speaking, services provided by a public cloud are offered over the Internet and are owned and operated by a cloud provider. Some examples include services aimed at the general public, such as online photo storage services, e-mail
services, or social networking sites. However, services for enterprises can also be offered in a public cloud. In a private cloud, the cloud infrastructure is operated solely for a specific organization, and is managed by the organization or a third party. In a community cloud, the service is shared by several organizations and made available only to those groups. The infrastructure may be owned and operated by the organizations or by a cloud service provider. 1 NIST cloud definition, version 15 http://csrc.nist.gov/groups/SNS/cloudcomputing/ A hybrid cloud is a combination of different methods of resource pooling (for example, combining public and community clouds). Why cloud services are popular Cloud services are popular because they can reduce the cost and complexity of owning and operating computers and networks. Since cloud users do not have to invest in information technology infrastructure, purchase hardware, or buy software licences, the benefits are low up-front costs, rapid return on investment, rapid deployment, customization, flexible use, and solutions that can make use of new innovations. In addition, cloud providers that have specialized in a particular area (such as e-mail) can bring advanced services that a single company might not be able to afford or develop. Some other benefits to users include scalability, reliability, and efficiency. Scalability means that cloud computing offers unlimited processing and storage capacity. The cloud is reliable in that it enables access to applications and documents anywhere in the world via the Internet. Cloud computing is often considered efficient because it allows organizations to free up resources to focus on innovation and product development. Another potential benefit is that personal information may be better protected in the cloud. Specifically, cloud computing may improve efforts to build privacy protection into technology from the start and the use of better security mechanisms. Cloud computing will enable more flexible IT acquisition and improvements, which may permit adjustments to procedures based on the sensitivity of the data. Widespread use of the cloud may also encourage open standards for cloud computing that will establish baseline data security features common across different services and providers. Cloud computing may also allow for better audit trails. In addition, information in the cloud is no as easily lost (when compared to the paper documents or hard drives, for example). Potential privacy risks While there are benefits, there are privacy and security concerns too. Data is travelling over the Internet and is stored in remote locations. In addition, cloud providers often serve multiple customers simultaneously. All of this may raise the scale of exposure to possible breaches, both accidental and deliberate. Concerns have been raised by many that cloud computing may lead to “function creep” — uses of data by cloud providers that were not anticipated when the information was originally collected and for which consent has typically not been obtained. Given how inexpensive it is to keep data, there is little incentive to remove the information from the cloud and more reasons to find other things to do with it. Security issues, the need to segregate data when dealing with providers that serve
multiple customers, potential secondary uses of the data—these are areas that organizations should keep in mind when considering a cloud provider and when negotiating contracts or reviewing terms of service with a cloud provider. Given that the organization transferring this information to the provider is ultimately accountable for its protection, it needs to ensure that the personal information is appropriate handled. Privacy is not a barrier but it must be taken into consideration The Personal Information Protection and Electronic Documents Act (PIPEDA) does not prevent an organization from transferring personal information to an organization in another jurisdiction for processing. However, PIPEDA establishes rules governing those transfers — particularly with respect to obtaining consent for the collection, use and disclosure of personal information, securing the data, and ensuring accountability for the information and transparency in terms of practices. For more information on the views of the Office of the Privacy Commissioner of Canada with respect to outsourcing of personal data processing across borders, please see our Guidelines for Processing Personal Data Across Borders. These considerations apply whether moving data in the cloud or otherwise. It is important to note that many non-Canadian based cloud providers may also be subject to PIPEDA. To the extent that a cloud provider has a real and substantial connection to Canada, and collects, uses or discloses personal information in the course of a commercial activity, the provider is expected to protect personal information, in keeping with PIPEDA. Conclusion Cloud computing offers benefits for organizations and individuals. There are also privacy and security concerns. If you are considering a cloud service, you should think about how your personal information, and that of your customers, can best be protected. Carefully review the terms of service or contracts, and challenge the provider to meet your needs. For more information on cloud computing, see: Reaching for the Clouds The Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing Guidelines for Processing Personal Data Across Borders Frequently Asked Questions What is cloud computing? Simply put, cloud computing is the delivery of computing services over the Internet. Whether they realize it or not, many people use cloud computing services for their own personal needs. For example, many people use social networking sites or webmail, and these are cloud services. Photographs that people once kept on their own computers are now being stored on servers owned by third parties. These are also examples of cloud services. Cloud services are popular because people can access their e-mail, social networking site or photo service from anywhere in the world, at any time, at minimal or no charge. Some cloud providers may, however, use the personal information of users for advertising purposes or to learn more about the users for other reasons. The
Office of the Privacy Commissioner of Canada (OPC) has been critical of some of these practices, largely because they occur without individuals fully realizing how their personal information is being used “in the cloud.” Individuals should pay careful attention to whether and how the cloud company protects their personal information. Users should also protect their own personal information by using any privacy settings that the service may offer. Can cloud computing affect privacy? When it comes to cloud computing, the security and privacy of personal information is extremely important. Given that personal information is being turned over to another organization, often in another country, it is vital to ensure that the information is safe and that only the people who need to access it are able to do so. There is the risk that personal information sent to a cloud provider might be kept indefinitely or used for other purposes. Such information could also be accessed by government agencies, domestic or foreign (if the cloud provider retains the information outside of Canada). For businesses that are considering using a cloud service, it is important to understand the security and privacy policies and practices of the provider. The terms of service that govern the relationship with the provider sometimes allow for rather liberal usage and retention practices. Which party is accountable for personal information? The business that collects it from individuals or the cloud provider? The Personal Information Protection and Electronic Documents Act (PIPEDA) does not prohibit cloud computing, even when the cloud provider is in another country. Under PIPEDA, organizations must ensure that they collect personal information for appropriate purposes and that these purposes be made clear to individuals; they obtain consent; they limit collection of personal information to those purposes; they protect the information; and that they be transparent about their privacy practices. PIPEDA also requires that when an organization transfers personal information to a third-party for processing, it remains accountable for that information. It must use contractual or other means to ensure that the personal information transferred to the third party is appropriately protected. Therefore, an organization that is considering using a cloud service remains accountable for the personal information that it transfers to the cloud service, and it must ensure that the personal information remain protected in the hands of that cloud service provider. Organizations need to carefully review the terms of service of the cloud provider and ensure that the personal information it entrusts to it will be treated in a manner consistent with PIPEDA. For more information on transferring of personal information to third parties, please see our Guidelines for Processing Personal Data Across Borders. Why are organizations interested in cloud computing? Cloud computing can significantly reduce the cost and complexity of owning and operating computers and networks. If an organization uses a cloud provider, it does not need to spend money on information technology infrastructure, or buy hardware or software licences. Cloud services can often be customized and flexible to use, and providers can offer advanced services that an individual company might not have the money or expertise to develop. I’ve heard that cloud computing may improve privacy protection. Is this
true? For businesses that are considering using a cloud service, cloud computing could offer better protection of personal information compared with current security and privacy practices. Through economies of scale, large cloud providers may be able to use better security technologies than individuals or small companies can, and have better backup and disaster-recovery capabilities. Cloud providers may also be motivated to build privacy protections into new technology, and to support better audit trails. On the other hand, while cloud computing may not increase the risk that personal information will be misused or improperly exposed, it could increase the scale of exposure. The aggregation of data in a cloud provider can make that data very attractive to cybercriminals, for example. Moreover, given how inexpensive it is to keep data in the cloud, there may be a tendency to retain it indefinitely, thereby increasing the risk of breaches. For more information, please see Cloud Computing.

More Related Content

PDF
02 05 d_51_cc_efiles
Vinay Bondirwad
 
PDF
Cloud computing
hundejibat
 
PDF
International Journal of Engineering Research and Development
IJERD Editor
 
DOC
Briefing 47
Srinivas Reddy Manda
 
DOCX
Cloud computing assignment
ACCA Global
 
PDF
Cloud computinghuthcebula
Gopibabu Srungavarapu
 
PPTX
Privacy in cloud computing
Ahmed Nour
 
PDF
The Basics of Cloud Computing
Novinidea
 
02 05 d_51_cc_efiles
Vinay Bondirwad
 
Cloud computing
hundejibat
 
International Journal of Engineering Research and Development
IJERD Editor
 
Briefing 47
Srinivas Reddy Manda
 
Cloud computing assignment
ACCA Global
 
Cloud computinghuthcebula
Gopibabu Srungavarapu
 
Privacy in cloud computing
Ahmed Nour
 
The Basics of Cloud Computing
Novinidea
 

What's hot (18)

PDF
Aes based secured framework for cloud databases
IJARIIT
 
PDF
B1802041217
IOSR Journals
 
PDF
What is cloud computing report
Product Reviews
 
PDF
Cloud Computing
Azhar Hassan
 
DOCX
Cloud
Sreekumar M.k
 
PDF
Filr white paper
Novell
 
DOCX
Fog doc
priyanka reddy
 
PDF
Trust Your Cloud Service Provider: User Based Crypto Model
IJERA Editor
 
DOCX
Paper 3 Draft 3
Utphala P
 
PDF
Challenges and Proposed Solutions for Cloud Forensic
IJERA Editor
 
PPTX
Moving to the Cloud When & Where
Mohammed Sajjad Ali
 
PDF
Cloud computing
Hira Zahan
 
PDF
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
IJERA Editor
 
PDF
Cloud Computing and Security Issues
IJERA Editor
 
DOCX
Data Security and Privacy in Cloud Computing
Gaurav kumar rai - student
 
PPTX
Cloud computing contracts
Meera Kaul
 
PDF
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
csandit
 
PDF
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Editor IJMTER
 
Aes based secured framework for cloud databases
IJARIIT
 
B1802041217
IOSR Journals
 
What is cloud computing report
Product Reviews
 
Cloud Computing
Azhar Hassan
 
Cloud
Sreekumar M.k
 
Filr white paper
Novell
 
Fog doc
priyanka reddy
 
Trust Your Cloud Service Provider: User Based Crypto Model
IJERA Editor
 
Paper 3 Draft 3
Utphala P
 
Challenges and Proposed Solutions for Cloud Forensic
IJERA Editor
 
Moving to the Cloud When & Where
Mohammed Sajjad Ali
 
Cloud computing
Hira Zahan
 
Data Partitioning Technique In Cloud: A Survey On Limitation And Benefits
IJERA Editor
 
Cloud Computing and Security Issues
IJERA Editor
 
Data Security and Privacy in Cloud Computing
Gaurav kumar rai - student
 
Cloud computing contracts
Meera Kaul
 
THE IMPACT OF EXISTING SOUTH AFRICAN ICT POLICIES AND REGULATORY LAWS ON CLOU...
csandit
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Editor IJMTER
 
Ad

Viewers also liked (9)

DOC
Different Roads To Heaven My Paper On Luther, Calvin And Catholic Ideas Be...
Joseph Florencio
 
DOC
La economia
Joselyn Castañeda
 
PDF
Online travel review study
BullsEye Internet Marketing
 
PPT
Evaluacion pory. public
USAT
 
PDF
Normas apa 6ta edicion 2012
Lorena Gomez
 
PPTX
Webinar Presentation: Influencing IT Decisions with Social
LinkedIn
 
PDF
Tema8.2ºbachillerato.física
quififluna
 
PPT
3. aci exposion reparacion viviendas
Francisco Sanchez
 
PDF
Hype vs. Reality: The AI Explainer
Luminary Labs
 
Different Roads To Heaven My Paper On Luther, Calvin And Catholic Ideas Be...
Joseph Florencio
 
La economia
Joselyn Castañeda
 
Online travel review study
BullsEye Internet Marketing
 
Evaluacion pory. public
USAT
 
Normas apa 6ta edicion 2012
Lorena Gomez
 
Webinar Presentation: Influencing IT Decisions with Social
LinkedIn
 
Tema8.2ºbachillerato.física
quififluna
 
3. aci exposion reparacion viviendas
Francisco Sanchez
 
Hype vs. Reality: The AI Explainer
Luminary Labs
 
Ad

Similar to Intro to cloud computing (20)

DOCX
Introduction to cloud computing
vishnu varunan
 
DOCX
Introduction to cloud computing
vishnu varunan
 
PPTX
Cloud computing
Uttam Kumar
 
PPTX
computing
Pappu Deepti
 
PDF
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
PDF
G017324043
IOSR Journals
 
PDF
Cloud Computing: Overview & Utility
iosrjce
 
PDF
Understanding Cloud Computing, It's Services, Benefits, And Challenges
theijes
 
PDF
Cloud Computing - A future prerogative
Wayne Poggenpoel
 
PDF
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.Florence Dayana
 
DOCX
Cloud computing
Arysha Channa
 
PPTX
clude computing presentation topic .pptx
rishimaurya893
 
DOCX
Cloud Computing
Abdul Aslam
 
PPT
Cloud Computing
Sandeep Singh
 
PDF
Introduction to cloud security
IAEME Publication
 
PPTX
PRESENTATION ON CLOUD COMPUTING
vipluv mittal
 
PPTX
PRESENTATION ON CLOUD COMPUTING
vipluv mittal
 
PDF
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance Brokers
 
PDF
Cloud Computing Insurance
Statewide Insurance Brokers
 
PPTX
CLOUD COMPUTING.pptx
SurajThapa79
 
Introduction to cloud computing
vishnu varunan
 
Introduction to cloud computing
vishnu varunan
 
Cloud computing
Uttam Kumar
 
computing
Pappu Deepti
 
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
G017324043
IOSR Journals
 
Cloud Computing: Overview & Utility
iosrjce
 
Understanding Cloud Computing, It's Services, Benefits, And Challenges
theijes
 
Cloud Computing - A future prerogative
Wayne Poggenpoel
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.Florence Dayana
 
Cloud computing
Arysha Channa
 
clude computing presentation topic .pptx
rishimaurya893
 
Cloud Computing
Abdul Aslam
 
Cloud Computing
Sandeep Singh
 
Introduction to cloud security
IAEME Publication
 
PRESENTATION ON CLOUD COMPUTING
vipluv mittal
 
PRESENTATION ON CLOUD COMPUTING
vipluv mittal
 
Statewide Insurance - Cloud Computing with ACE Insurance
Statewide Insurance Brokers
 
Cloud Computing Insurance
Statewide Insurance Brokers
 
CLOUD COMPUTING.pptx
SurajThapa79
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Teaching material agriculture food technology
LiaRayya
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
A Presentation on Artificial Intelligence
memembruh336
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Encapsulation theory and applications.pdf
gurumoop
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

Intro to cloud computing

  • 1. Introduction to Cloud Computing When you store your photos online instead of on your home computer, or use webmail or a social networking site, you are using a “cloud computing” service. If you are an organization, and you want to use, for example, an online invoicing service instead of updating the in-house one you have been using for many years, that online invoicing service is a “cloud computing” service. Cloud computing refers to the delivery of computing resources over the Internet. Instead of keeping data on your own hard drive or updating applications for your needs, you use a service over the Internet, at another location, to store your information or use its applications. Doing so may give rise to certain privacy implications. Cloud Computing Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, Computer processing power, and specialized corporate and user applications. The following definition of cloud computing has been developed by the U.S. National Institute of Standards and Technology (NIST): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.1 Characteristics The characteristics of cloud computing include on-demand self service, broad network access, resource pooling, rapid elasticity and measured service. On-demand self service means that customers (usually organizations) can request and manage their own computing resources. Broad network access allows services to be offered over the Internet or private networks. Pooled resources means that customers draw from a pool of computing resources, usually in remote data centres. Services can be scaled larger or smaller; and use of a service is measured and customers are billed accordingly. Service models The cloud computing service models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In a Software as a Service model, a pre-made application, along with any required software, operating system, hardware, and network are provided. In PaaS, an operating system, hardware, and network are provided, and the customer installs or develops its own software and applications. The IaaS model provides just the hardware and network; the customer installs or develops its own operating systems, software and applications. Deployment of cloud services: Cloud services are typically made available via a private cloud, community cloud, public cloud or hybrid cloud. Generally speaking, services provided by a public cloud are offered over the Internet and are owned and operated by a cloud provider. Some examples include services aimed at the general public, such as online photo storage services, e-mail
  • 2. services, or social networking sites. However, services for enterprises can also be offered in a public cloud. In a private cloud, the cloud infrastructure is operated solely for a specific organization, and is managed by the organization or a third party. In a community cloud, the service is shared by several organizations and made available only to those groups. The infrastructure may be owned and operated by the organizations or by a cloud service provider. 1 NIST cloud definition, version 15 http://csrc.nist.gov/groups/SNS/cloudcomputing/ A hybrid cloud is a combination of different methods of resource pooling (for example, combining public and community clouds). Why cloud services are popular Cloud services are popular because they can reduce the cost and complexity of owning and operating computers and networks. Since cloud users do not have to invest in information technology infrastructure, purchase hardware, or buy software licences, the benefits are low up-front costs, rapid return on investment, rapid deployment, customization, flexible use, and solutions that can make use of new innovations. In addition, cloud providers that have specialized in a particular area (such as e-mail) can bring advanced services that a single company might not be able to afford or develop. Some other benefits to users include scalability, reliability, and efficiency. Scalability means that cloud computing offers unlimited processing and storage capacity. The cloud is reliable in that it enables access to applications and documents anywhere in the world via the Internet. Cloud computing is often considered efficient because it allows organizations to free up resources to focus on innovation and product development. Another potential benefit is that personal information may be better protected in the cloud. Specifically, cloud computing may improve efforts to build privacy protection into technology from the start and the use of better security mechanisms. Cloud computing will enable more flexible IT acquisition and improvements, which may permit adjustments to procedures based on the sensitivity of the data. Widespread use of the cloud may also encourage open standards for cloud computing that will establish baseline data security features common across different services and providers. Cloud computing may also allow for better audit trails. In addition, information in the cloud is no as easily lost (when compared to the paper documents or hard drives, for example). Potential privacy risks While there are benefits, there are privacy and security concerns too. Data is travelling over the Internet and is stored in remote locations. In addition, cloud providers often serve multiple customers simultaneously. All of this may raise the scale of exposure to possible breaches, both accidental and deliberate. Concerns have been raised by many that cloud computing may lead to “function creep” — uses of data by cloud providers that were not anticipated when the information was originally collected and for which consent has typically not been obtained. Given how inexpensive it is to keep data, there is little incentive to remove the information from the cloud and more reasons to find other things to do with it. Security issues, the need to segregate data when dealing with providers that serve
  • 3. multiple customers, potential secondary uses of the data—these are areas that organizations should keep in mind when considering a cloud provider and when negotiating contracts or reviewing terms of service with a cloud provider. Given that the organization transferring this information to the provider is ultimately accountable for its protection, it needs to ensure that the personal information is appropriate handled. Privacy is not a barrier but it must be taken into consideration The Personal Information Protection and Electronic Documents Act (PIPEDA) does not prevent an organization from transferring personal information to an organization in another jurisdiction for processing. However, PIPEDA establishes rules governing those transfers — particularly with respect to obtaining consent for the collection, use and disclosure of personal information, securing the data, and ensuring accountability for the information and transparency in terms of practices. For more information on the views of the Office of the Privacy Commissioner of Canada with respect to outsourcing of personal data processing across borders, please see our Guidelines for Processing Personal Data Across Borders. These considerations apply whether moving data in the cloud or otherwise. It is important to note that many non-Canadian based cloud providers may also be subject to PIPEDA. To the extent that a cloud provider has a real and substantial connection to Canada, and collects, uses or discloses personal information in the course of a commercial activity, the provider is expected to protect personal information, in keeping with PIPEDA. Conclusion Cloud computing offers benefits for organizations and individuals. There are also privacy and security concerns. If you are considering a cloud service, you should think about how your personal information, and that of your customers, can best be protected. Carefully review the terms of service or contracts, and challenge the provider to meet your needs. For more information on cloud computing, see: Reaching for the Clouds The Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing Guidelines for Processing Personal Data Across Borders Frequently Asked Questions What is cloud computing? Simply put, cloud computing is the delivery of computing services over the Internet. Whether they realize it or not, many people use cloud computing services for their own personal needs. For example, many people use social networking sites or webmail, and these are cloud services. Photographs that people once kept on their own computers are now being stored on servers owned by third parties. These are also examples of cloud services. Cloud services are popular because people can access their e-mail, social networking site or photo service from anywhere in the world, at any time, at minimal or no charge. Some cloud providers may, however, use the personal information of users for advertising purposes or to learn more about the users for other reasons. The
  • 4. Office of the Privacy Commissioner of Canada (OPC) has been critical of some of these practices, largely because they occur without individuals fully realizing how their personal information is being used “in the cloud.” Individuals should pay careful attention to whether and how the cloud company protects their personal information. Users should also protect their own personal information by using any privacy settings that the service may offer. Can cloud computing affect privacy? When it comes to cloud computing, the security and privacy of personal information is extremely important. Given that personal information is being turned over to another organization, often in another country, it is vital to ensure that the information is safe and that only the people who need to access it are able to do so. There is the risk that personal information sent to a cloud provider might be kept indefinitely or used for other purposes. Such information could also be accessed by government agencies, domestic or foreign (if the cloud provider retains the information outside of Canada). For businesses that are considering using a cloud service, it is important to understand the security and privacy policies and practices of the provider. The terms of service that govern the relationship with the provider sometimes allow for rather liberal usage and retention practices. Which party is accountable for personal information? The business that collects it from individuals or the cloud provider? The Personal Information Protection and Electronic Documents Act (PIPEDA) does not prohibit cloud computing, even when the cloud provider is in another country. Under PIPEDA, organizations must ensure that they collect personal information for appropriate purposes and that these purposes be made clear to individuals; they obtain consent; they limit collection of personal information to those purposes; they protect the information; and that they be transparent about their privacy practices. PIPEDA also requires that when an organization transfers personal information to a third-party for processing, it remains accountable for that information. It must use contractual or other means to ensure that the personal information transferred to the third party is appropriately protected. Therefore, an organization that is considering using a cloud service remains accountable for the personal information that it transfers to the cloud service, and it must ensure that the personal information remain protected in the hands of that cloud service provider. Organizations need to carefully review the terms of service of the cloud provider and ensure that the personal information it entrusts to it will be treated in a manner consistent with PIPEDA. For more information on transferring of personal information to third parties, please see our Guidelines for Processing Personal Data Across Borders. Why are organizations interested in cloud computing? Cloud computing can significantly reduce the cost and complexity of owning and operating computers and networks. If an organization uses a cloud provider, it does not need to spend money on information technology infrastructure, or buy hardware or software licences. Cloud services can often be customized and flexible to use, and providers can offer advanced services that an individual company might not have the money or expertise to develop. I’ve heard that cloud computing may improve privacy protection. Is this
  • 5. true? For businesses that are considering using a cloud service, cloud computing could offer better protection of personal information compared with current security and privacy practices. Through economies of scale, large cloud providers may be able to use better security technologies than individuals or small companies can, and have better backup and disaster-recovery capabilities. Cloud providers may also be motivated to build privacy protections into new technology, and to support better audit trails. On the other hand, while cloud computing may not increase the risk that personal information will be misused or improperly exposed, it could increase the scale of exposure. The aggregation of data in a cloud provider can make that data very attractive to cybercriminals, for example. Moreover, given how inexpensive it is to keep data in the cloud, there may be a tendency to retain it indefinitely, thereby increasing the risk of breaches. For more information, please see Cloud Computing.