Insurance and Governance for Data on the Cloud
I was just doing my banking and was thinking that banks have legislation to protect my money against fraud and theft. If there was a system error and my money was stolen, they have to put it back somehow. Why can’t this be done for data centres and cloud computing providers? The data in an organisation’s database/software could potentially be alot more valuable than the cash in their bank. If the data was missing, companies could be out of business. If the data was stolen, competitiveness, organisational secrets and privacy could be compromised. These are highly valuable but probably harder to quantify it in dollar terms.
If this is the case, why can’t the government enforce some sort of legislation on data centre providers and cloud computing suppliers? Maybe an insurance amount could be paid to ensure data integrity and security? If organisations do not pay that they do not get the benefit of the security? These are just some high level thoughts.
Cloud computing is not only great for businesses technically, its also very low cost and fantastic for the environment. These are areas that are of interests to government. If more businesses could reduce their cost and make more money, they could potentially be stimulating the economy. Green IT has also been a popular topic in the IT and since government’s are trying to reduce green house emissions, why not start with one of the largest energy consuming technology – computers?
This is an idea that came up from no where and something that could be looked at. What are your thoughts on this? Is this feasible? Does government have any incentives to tackle this? Would businesses be willing to pay more? If yes, how much? What will be the liability of data centre providers? Feel free to comment.
Aaron said,
Mr. Lew: Very valid and interesting points that address the risks inherent with putting trust in cloud companies for your company data. One thought is whether enforcement and protection necessarily has to come from the government. Granted, banks and financial institutions for example have governance policies mandated by government agencies – but then, they are regulated in many ways in that manner, whereas commercial business is not so strictly governed. I do not disagree with your concept, but wonder if emphasis and pressure for self-regulation could also come from the business sector itself; that is, companies demand higher levels of protection from a cloud vendor or they will not conduct their business with that company. This implies, of course, that the company seeking cloud services is knowledgeable about cloud computing/storage or whatever, and can intelligently approach and discuss the subject with the vendor. Now, enforcement would be another matter – this is where I would see government participation. The business sector defines and insists upon transparency, security and insurance and the government backs it up with coherent and responsive enforcement.
Cheers!
Sean Lew said,
Aaron: Really interesting points. I agree with you on self-regulation. This will not only protect the customers, it will also portray that the service provider is confident of their services, integrity and openness. I believe that this a three way relationship that invloves customers, vendor and the government and each has their own responsibility to make it work. Customers are suppose to secure the software side of things, vendor is supposed to secure the hardware side of things and the government is suppose to enforce it if something dodgy happens.
If a cloud provider can actually do this, I do think it could be a market changer and can be very competitive in the cloud computing space. It then becomes more like a valid outsourcing deal with all the SLAs and what not.
Add A Comment