The privacy commissioner of Canada’s largest province has raised concerns about the use of third-parties to host data on the Internet, otherwise known as cloud computing, urging companies to adopt responsible identity management before it’s too late.
Shane Schick’s Computerworld
In a white paper published Wednesday, Ontario Information and Privacy Commissioner Ann Cavoukian discussed the changing landscape for individual information as software moves to Web-based services from companies such as Google, IBM or Amazon. The 30-page document provides an overview of cloud computing as well as the technological building blocks Cavoukian says are necessary to protect data from those who shouldn’t see it. These building blocks include identity management software based on open standards; federated identity so that registering their information for one service will mean they are recognized elsewhere; audit tools to track what happens to user data; and, policies that stipulate how information will be used in a cloud.
“User-centric private identity management in the Cloud is possible, even when users are no longer in direct possession of their personal data, or no longer in direct contact with the organization(s) that do possess it,” the paper says. “Inevitably, we must also have sufficient trust in those organizations that would supply and accept our identity credentials and our personally identifiable information.”
Cavoukian was presenting the white paper at a conference in Italy Wednesday and was not available for an interview. But cloud computing experts in Canada agreed that privacy and security of personal information is emerging as the most important hurdle vendors must jump in order to attract customers.
“For a lot of these services, especially the free ones, they’ll give you free access to use their environment, but in return you lose all access to what happens to your data,” said Reuven Cohen, principal with IT consulting firm Enomoly in Toronto.
Cohen suggested the term “geopolitical cloud” should be used to describe the kind of jurisdictional quandaries users could face, depending on the services they choose.
“In a lot of ways, you’re limited by the sort of political constraints different countries place on their data,” he said. “The U.S. and their Patriot Act is just one example.”
A number of members who belong to an online cloud computing discussion group were quick to respond to Cavoukian’s white paper when information about it was forwarded to them from ComputerWorld Canada.