cloud provider – T Clouds Project

Legalities Over the Cloud and Who Owns your Data

Posted on July 10, 2016

When trying to figure out who has rights to your data there are three things to consider: you, the cloud provider, and the region your data is held in. A lot of the issues become issues because of the varying laws; where your data is held might be in different country than the country you uploaded from. So, even after you figure out what your agreement is with a Cloud provider they can be subject to the particular laws of another country; fore instance America has a set of laws known as the Patriot Act which grants the US government access under certain conditions. So even after you figure out who owns the data, and what that means, you might not have control over who is accessing the data.

When you decide on a Cloud provider there are a number of things that you want to look at. One of them being the terms of service that will, most likely, define how a provider views your data, and what they can do with it. The terms of service will be restricted by your regions governing principles. Fore-instance in England they have the ‘Copyright and Rights in Databases Regulations 1997’ to help clear up some of the vagaries of this new technological development. The law defines two types of data one that is protected by copyright law, and ones that aren’t but are still regulated in their way. The existence of the law is a step in the right direction towards clarifying ownership of the information that is being stored in the Cloud.

Although to confuse this issue even further is the fact that some of your information may be stored in your own database but you are using a Cloud service to handle it from time to time. Or your Cloud provider is servicing out to another Cloud provider; so they may host your information in a storage unit that isn’t their own. Each of these situations has unique problems and each part of this chain of concerns depends on user agreements and the particular governing bodies. So there is no single solution to answer the question of who owns your data, and as this issue becomes generally understood hopefully we will see some best practices winning out. Although I wouldn’t necessarily say there is no way to find out. There are some things that can be done to better understand what is happening. Unfortunately one of those things is reading over all your relevant user agreements, and as one source claims it would take roughly 250 working hours to read all the user/privacy agreements most of us come across in one year. So you have to balance your need to know with your time, but be warned the details are important.

Understanding governing rules of where your data is being held or processed is not insignificant either. Each region is going to have its own governing rules about what happens when data is processed and the processing of the data may influence who owns the data now that it has been changed. So each step and movement of your data becomes an important issue to consider when deciding on a Cloud provider.

Who owns your data, then? It depends on the governing laws and user agreement made between you and the Cloud provider. It also depends upon the governing laws of where your data is being held, in addition to the agreements that your cloud provider may be making with their cloud provider. The Cloud has so much under the umbrella of Cloud services, that often one type of Cloud provider will outsource to another type of Cloud provider.

Data protection Use cases

Hackers and the Cloud

Posted on July 10, 2016

There are a variety of reasons someone might be hacking your information, with any Cloud service there is going to be a wealth of data. Remember, whatever your reason for choosing one Cloud provider over another, other people are likely making similar choices for similar reasons. In addition, with more and more people moving their data to the Cloud, the increase in payoff for the hacker attracts more sophisticated hackers. Hackers will use a number of entry points to get into the Cloud provider. A lot of the vulnerabilities are in the interface between you and the Cloud provider. A Cloud service should be using the most sophisticated techniques to secure your data on their end. But remember that an API gives access to the server, in limited formats, to any one using the UI or API.

An API, or Application Programming Interface, is is similar to a UI, or User Interface. Though often used similarly, the two can offer varying services depending on who is using the term. An interface is the way a user interacts with some program or programs; an API provides access to the service. It is a program that you can operate from a remote location. This interface provides a key security loophole that can be exploited because the Cloud provider is giving access to the user. It can seem an obvious problem, and in some respects it is, in addition some API’s give access to the Cloud customer’s customer. Some companies or individuals are using Cloud services to offer back up and security to their prospective clients.

There is no one-step way to prevent hackers, a lot depends on the systems you are using. For every system there are going to periodic vulnerabilities, but staying up to date with the latest patches for your software is important. Researching known vulnerabilities is also important. There are various companies which you can hire to keep you abreast of vulnerabilities and problems that occur.

A lot of Hackers are increasing their efforts towards spear phishing, spear phishing is a way to find out passwords or answers to security question through indirect means. After discovering who has access, a hacker will look through public information about that customer, and even a username that might be given away by the employee. The most basic thing you can do to thwart hackers is to educate your employees on the various threats to security. What could seem like an innocuous question, or email attachment, can very well be the opening to an attack. The basics are simple, verify everything. If you aren’t sure of the website, or an email attachment, then do a little research into it. Perhaps you are getting a call from someone saying they are a provider; find out for sure by calling them back.

Hackers have a variety of reasons to get your information, sometimes to sell it to other hackers who can use your usernames and passwords to log into other sites. Suffice to say, this information is becoming more and more of a commodity it our markets. And as long as there are people who want that information, a burgeoning blackmarket for information will develop.

The difficulty is that this is all going on behind the scenes. You may have been hacked and not even know it, yet identifying what information was compromised, and the weak point in your system that allowed for the breach, is a crucial part of keeping a competitive edge in the world today. A lot of the prevention can seem vague or unnecessary to keep your data safe, but it is vital to understand security and your Cloud provider.

Cloud operators Data protection

The Cloud Operators and Their Security Concerns

Posted on July 4, 2016

As a data operator of a Cloud service you will have many security concerns. Any new technology comes with a host of new threats to your business model, in particular the business of maintaining privacy in the digital world has become difficult. According to the CSA publication The treacherous 12, there are over 12 security threats to consider. Their article focuses on the 12 most pressing issues they have chosen, of which several of them are of particular concern. According to wikipedia the CSA puts Insecure interfaces and API’s at almost a third of the ‘cloud security outages’, and data loss and leakage make up to a quarter, with hardware failure being the third most troublesome issue.

Without going into great technical detail there are a variety of ways that an insecure API can result in loss or release of sensitive data. To simplify the situation it is about access, a multitude of individuals who now have controlled access. Every door though provides a weakness that walls do not have. Your API is a door into the server room, and a host of people all have their own doors. While most people only have access to their own portion of the server, the server can have bugs not known that give access to other parts of the room. Not to mention the fact that often a Cloud customer may give access to third parties to use the data on the Cloud.

Data loss can occur in a number of significant ways outside of malicious intentions. It is important to maintain backups in case of disaster. Any kind of disaster that destroys the actual hardware of the Cloud service is a possibility to keep in mind; though a client encrypting their information and forgetting the encryption code is a far more likely concern. It does not rest solely on the Cloud provider to prevent loss of information. While malicious intent does compromise most of the loss of data that could have been prevented, it is much more difficult to maintain good practices of protection against an intelligent intruder, over lets say the Customer forgetting their encryption key.

The Mitigation of data leakages involves many types of habits that a good Cloud provider must follow. There are a few types of applications that the Cloud provider can set up to mitigate data leaks from shared networks. It is important to keep in mind that the hardware a client is using could be used by a number of other customers. And this creates security vulnerabilities in the system itself that, even without malicious intent, can lead to outsiders having access to the clients data. Any program is going to have bugs, bugs are essentially problems in the code that wasn’t vetted for. This is going to happen with any program. The amount of code it takes to write a sophisticated program means that there are vulnerabilities that haven’t been thought through, or even discovered yet.

Vulnerabilities lie in loose links, and with so many links in the encryption process it becomes difficult to cover all your bases. It isn’t impossible, the important thing is to stay ahead of the curve. You want to be more secure than your neighbour to prevent vulnerabilities. But the facts are that the code itself is often hundreds of lines long, and to know every vulnerability in a chain that large becomes difficult, luckily finding cracks in the chain is also difficult for the hacker. But above and beyond the programming errors, which can be solved with frequent patches, is the human vulnerabilities and hardware failure.

Software Use cases

Popular cloud computing services: SaaS (Software as a Service)

Posted on June 24, 2016

One of the reasons the ‘Cloud’ has become such a ubiquitous term is the Saas model. Some people are beginning to think Saas should not be thought of as a part of the Cloud packages at all, because it provides in some respects a different type of service than Paas or Iaas.

Saas or Software as a service is the most basic service, essentially it is a cloud offering that individuals or companies can use to standardize routine tasks or services. An email client might use this type of cloud packaging because the basics of client needs to work across platforms. Essentially Saas is a data storage, offering specific software that uploads and downloads from the general server. The whole process is streamlined by the Cloud provider. The Cloud provider is doing all the developing for the software; while in Paas the platform can do some of the work– Saas takes this beyond the scope of what Paas provides. Saas is really just the data storage aspect of the Cloud offering where the data is limited in scope to the type of software the Saas is providing.

The Saas model, in fact most Cloud based services, rely upon the use of some software interface for the client that uploads and downloads from the Cloud. The Cloud operator utilizes intelligent software to handle data from the clients. Examples include GoogleDrive, iCloud, or an application store; all these services remotely hold data and software in the cloud that the client is able to upload and download from. It takes little know-how to operate many of Saas Cloud operations the Cloud is able to manage and essentially streamlines aspects of business operations.

Interoperability and security are still issues with the Saas model. A problem with Saas is the use of software precludes or interferes with control over your data. The software operator remains in control of formatting the software. The data a customer puts onto the Cloud is read by their own network through a pre-designed software client, so porting or moving customers’ data is a cumbersome process. As portability is a problem for all Cloud services the service of your particular Cloud host is an extremely important decision.

What a Saas customer must keep in mind is that they are limited by the software they are using. If, for-instance, one wanted to port data or use their information in any particular way, they would need to design their own system for accessing the information for personal use. Porting data from an Saas Cloud provider is a significant concern for the customer. On the other hand, the software service is already pre-packaged into the product so the customer does not have to worry about setting up a system. And usually a customer using Saas will be looking to outsource significant amounts of IT needs to the Cloud provider.
As Cloud customers come from all walks of life, the client base for a provider is not limited to a company.

But many individuals use a Saas in their day to day operations. Saas is such a ubiquitous model that many people are using it without knowing it has a particular designation. Whether Saas should be considered in step with the other services is up in the air, but the basics of a Cloud service are there. The Cloud host usually maintains a large server or servers to hold the that is being sent through its operation, and the client accesses that data as way of interfacing with data, often in the form of communications. The Cloud is a nascent industry with new issues cropping up routinely.

Scalability

Scaling and Economics of Scale for the Cloud

Posted on May 23, 2016

The advantages of moving your computing needs into the cloud is for some an obvious move and for others an important question to consider. The simple explanation is that the market is designed to be more efficient, in this case by moving separate databases to a central location. With new technologies there is a market for unused storage that the economy of scale allows us to free up and eliminate waste by a centralized server. Now pricing isn’t the only motivating factor one might use the Cloud; wether you are outsourcing a whole IT department to the Cloud, a few simple tasks, the hardware systems of your operation, or some combination taking into account waste becomes a vital part of any entrepreneur’s job.

For most new entrepreneurs they are growing their operations and want to keep costs as lean as possible, and as scalable as possible, to keep the business growing according to needs that may not be predictable. So you may be shopping for a Paas operation to meet your particular needs, now one thing to consider is what do you want to keep in house and what services do you want to pay for. Your Paas provider is going to be able to provide a number of services that when you started would have been generally wasted resources. And in the future you have the capacity to move into a different system depending on one’s needs. This flexibility is the essence of the scalability of the information economy in general, it gives a whole new model to the information that wasn’t available in the past.

Economies are run by many factors, one such factor can be scaling, which is what having a dedicated server allows for. By hosting one large server and being able to adjust how the data is stored between computers allows for the Cloud provider to eliminate waste that might be collecting by each company hosting their own dedicated server. The advantages to this model is that it saves start up money for the client, and gives them greater flexibility for their needs, and provides a third party to profit in a new way. This process is one factor in driving our economy, in fact Adam Smith isolated this phenomenon. Adam Smith gave an example of separating tasks between three different individuals, and by doing this he found they were able to produce more; this is an example of an economy of scale. In a more industrial world we see this process going on in factories and all over our economy. The scale of the Cloud provider’s servers allows for them to make more profit than is lost by each client individually.

There are by some standards two ways to scale your operation using Cloud resources, that is horizontal scaling and vertical scaling. Vertical scaling is the ability to add more hardware resources and horizontal scaling is the codes ability to utilize those increased resources. On the one hand you may have more need for a more robust network of memory, and then on the other you may have to scale your operation to be able to handle an increase in RAM usage. The usage of greater quantities of RAM demand a more agile program that can convert between sources of data. An operation that is scalable in these two ways are able to effectively utilize the Cloud to its potential. Different Cloud providers are able to utilize these scaling effects differently. Fore-instance a Paas Cloud service will handle both horizontal scaling and vertical scaling; while a Iaas Cloud provider may only help you to scale your operation vertically.