Legalities Over the Cloud and Who Owns your Data

When trying to figure out who has rights to your data there are three things to consider: you, the cloud provider, and the region your data is held in. A lot of the issues become issues because of the varying laws; where your data is held might be in different country than the country you uploaded from. So, even after you figure out what your agreement is with a Cloud provider they can be subject to the particular laws of another country; fore instance America has a set of laws known as the Patriot Act which grants the US government access under certain conditions. So even after you figure out who owns the data, and what that means, you might not have control over who is accessing the data.

When you decide on a Cloud provider there are a number of things that you want to look at. One of them being the terms of service that will, most likely, define how a provider views your data, and what they can do with it. The terms of service will be restricted by your regions governing principles. Fore-instance in England they have the ‘Copyright and Rights in Databases Regulations 1997’ to help clear up some of the vagaries of this new technological development. The law defines two types of data one that is protected by copyright law, and ones that aren’t but are still regulated in their way. The existence of the law is a step in the right direction towards clarifying ownership of the information that is being stored in the Cloud.

Although to confuse this issue even further is the fact that some of your information may be stored in your own database but you are using a Cloud service to handle it from time to time. Or your Cloud provider is servicing out to another Cloud provider; so they may host your information in a storage unit that isn’t their own. Each of these situations has unique problems and each part of this chain of concerns depends on user agreements and the particular governing bodies. So there is no single solution to answer the question of who owns your data, and as this issue becomes generally understood hopefully we will see some best practices winning out. Although I wouldn’t necessarily say there is no way to find out. There are some things that can be done to better understand what is happening. Unfortunately one of those things is reading over all your relevant user agreements, and as one source claims it would take roughly 250 working hours to read all the user/privacy agreements most of us come across in one year. So you have to balance your need to know with your time, but be warned the details are important.

Understanding governing rules of where your data is being held or processed is not insignificant either. Each region is going to have its own governing rules about what happens when data is processed and the processing of the data may influence who owns the data now that it has been changed. So each step and movement of your data becomes an important issue to consider when deciding on a Cloud provider.

Who owns your data, then? It depends on the governing laws and user agreement made between you and the Cloud provider. It also depends upon the governing laws of where your data is being held, in addition to the agreements that your cloud provider may be making with their cloud provider. The Cloud has so much under the umbrella of Cloud services, that often one type of Cloud provider will outsource to another type of Cloud provider.

The Cloud Operators and Their Security Concerns

As a data operator of a Cloud service you will have many security concerns. Any new technology comes with a host of new threats to your business model, in particular the business of maintaining privacy in the digital world has become difficult. According to the CSA publication The treacherous 12, there are over 12 security threats to consider. Their article focuses on the 12 most pressing issues they have chosen, of which several of them are of particular concern. According to wikipedia the CSA puts Insecure interfaces and API’s at almost a third of the ‘cloud security outages’, and data loss and leakage make up to a quarter, with hardware failure being the third most troublesome issue.

Without going into great technical detail there are a variety of ways that an insecure API can result in loss or release of sensitive data. To simplify the situation it is about access, a multitude of individuals who now have controlled access. Every door though provides a weakness that walls do not have. Your API is a door into the server room, and a host of people all have their own doors. While most people only have access to their own portion of the server, the server can have bugs not known that give access to other parts of the room. Not to mention the fact that often a Cloud customer may give access to third parties to use the data on the Cloud.

Data loss can occur in a number of significant ways outside of malicious intentions. It is important to maintain backups in case of disaster. Any kind of disaster that destroys the actual hardware of the Cloud service is a possibility to keep in mind; though a client encrypting their information and forgetting the encryption code is a far more likely concern. It does not rest solely on the Cloud provider to prevent loss of information. While malicious intent does compromise most of the loss of data that could have been prevented, it is much more difficult to maintain good practices of protection against an intelligent intruder, over lets say the Customer forgetting their encryption key.

The Mitigation of data leakages involves many types of habits that a good Cloud provider must follow. There are a few types of applications that the Cloud provider can set up to mitigate data leaks from shared networks. It is important to keep in mind that the hardware a client is using could be used by a number of other customers. And this creates security vulnerabilities in the system itself that, even without malicious intent, can lead to outsiders having access to the clients data. Any program is going to have bugs, bugs are essentially problems in the code that wasn’t vetted for. This is going to happen with any program. The amount of code it takes to write a sophisticated program means that there are vulnerabilities that haven’t been thought through, or even discovered yet.

Vulnerabilities lie in loose links, and with so many links in the encryption process it becomes difficult to cover all your bases. It isn’t impossible, the important thing is to stay ahead of the curve. You want to be more secure than your neighbour to prevent vulnerabilities. But the facts are that the code itself is often hundreds of lines long, and to know every vulnerability in a chain that large becomes difficult, luckily finding cracks in the chain is also difficult for the hacker. But above and beyond the programming errors, which can be solved with frequent patches, is the human vulnerabilities and hardware failure.

Full featured list

User Interface

Almost real time database environment.  When viewing records, a simple click of the mouse will refresh the database showing the most current records for all computers on the network.  Allowing you to “virtually” walk around from computer to computer seeing how they are being used.

User friendly graphical interface that even beginners can master.

Easy point and click reporting video porno.

White Box Basics

Over a dozen items of information are recorded including user, application, keystrokes, date, start time, end time, elapsed time, active time, inactive time, copy/cut/paste contents, application title, application location, and more.

All information is either encrypted, password protected or both.

Records all application use, and the keystrokes typed.

Almost every feature of Black Box can be turned on, or off, giving you the ability to determine exactly how the computer is monitored.

Block certain activity from being recorded!  Don’t want to monitor specific programs, or monitor activity during certain times of the day?  No problem!
Uses the latest in software technology to provide the fastest, most reliable software available.

Easy visual confirmation that White Box is running.  You can display one of two program icons in the systray, both serving different functions.  However, they both tell you that White Box is running on the computer – without requiring you to actually sit down at the computer and type in the program access hot keys.

White Box is specifically designed for use on heavily used computers / networks.

No recurring monthly fee’s for use.  You pay a one time fee.

Powerful Reporting

All information is saved into a fully searchable database.  Searches can be made by user, application, date, time, keystrokes, window title or any combinations of these.

Chart reports can be instantly created to reflect exactly how the computer is being used.  Either bar or pie charts can be created.

Database records and charts can be printed.  Charts can be printed in color or black and white!
The quick report window gives you the option of printing individual records of computer usage.  No need to print 1000 records, when you only need a couple!

Database records can be exported to HTML documents, allowing users to browse records from your company’s intranet, or over the Internet.

Computer usage productivity can be determined by a a few clicks of the mouse.  Easily determine if the computer is primarily being used for Internet access, work activity, or playing xxx games!

Stealth Technology

White Box runs completely invisible.  When in Stealth Mode it will not show in the taskbar, task manager, or alt + tab window.

There is no unneeded background processing.  White Box only processes information while the computer is being used.  If the computer is sitting idle, so will White Box.  No mysterious hourglass mouse pointers will appear, or hard drive activity will happen – White Box never gives away the fact that something is running in the background.

White Box creates random length, random character titles.  Sniffing software won’t be able to search out White Box based on it’s name, to shut it down.

Restrict access to the folder where White Box is located.  When a user tries to do something in the White Box folder, White Box will automatically close the Explorer window.

Restrict access to the computer registry.  When users try to browse through the registry using regedit, Black Box will automatically close the regedit window.

White Box won’t record any activity that happens within White Box.

Networking

Computer activity can be saved to a database across almost any network setup.

UNC or mapped drives can be used.

White Box can save to a password protected share.

Hidden shares can also be saved too, in fact we recommend it!

If the remote database becomes unavailable, White Box will automatically default to another database.

White Box automatically logs in to the remote computer, completely hidden in the background.  No password dialog windows will open.  If the remote computer is unavailable, White Box will automatically switch to another database.

Security

Access to White Box is password protected.

Access to the White Box database is password protected.

You determine the program access hot keys.  If you don’t want to use the default program access hot keys you can change them to any of a couple hundred possibilities.

If you plan to inform computer users of potential monitoring, White Box gives you the option of creating a custom warning screen.  Access cannot be gained into White Box from this warning screen.

White Box runs virtually undetectable in the background.  Making it virtually impossible to detect and close.

Plus Alert

The Alert add-on gives you the ability to monitor for specific activity.  Based on either words or specific programs.  Records that trigger the Alert add-on will be saved to a separate section of the database that only contains Alert activity.  Giving you instant access to questionable activity, without having to comb through all computer records.

Almost instant emails!  White Box plus Alert will email you when questionable activity takes place if you select this option.  This is great for addressing issues as they arise, instead of days or weeks later!