Saturday, December 11, 2010

Security and Ethical Impact of Technological Advancement

The advancement in computer technologies provides us with ever changing capabilities such as fast Internet access, larger storage capacity, mobile computing, electronic financial transactions, smaller and faster processors, cloud-based computing and virtualisation. . Those in turn are utilised by the consumers and businesses to expand their operations to previously unattainable domains. For example, in the banking sector computing resources are used for tasks such as calculating risk factors and facilitating monetary transactions. Complex models that once took hours to update can now be modified within seconds, and transactions which used to take days are now instantaneous. Another example is that “Cloud infrastructure can save 40% to 50% in up-front costs, allowing pricing model flexibility, including paying per use, low or no up-front costs, no minimum spent and no long term commitment” (Tisnovsky, Ross 2010).
Cloud computing is one of the faster growing technological and business segments in the IT industry. Both individuals and enterprises are questioning the controls in place to safeguard the information stored outside the “secure” corporate boundaries. Subashini (2010) notes that “security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market.”
Additional concerns are privacy and compliance issues, especially for international enterprises. Different privacy acts and regulations require companies to safeguard their data and restrict its migration to different geographical locations. In addition to that, different countries and regions have different security standard and compliance models such as GLBA, HIPAA, SOX and PCI) which organizations are required to comply with, therefore it is imperative those aspects are reviewed and addressed. According to recent statistic published by Ernst & Young (2009) “Only 34% of polled entities indicated they had an established response and management process in regards to privacy related incidents, while 32% have a documented inventory of assets covered by privacy requirements”.
Furthermore, ownership and control are additional issues, which companies are concerned about when discussing the implementation of Cloud based computing. Legal issue in data ownership and the lack of complete control of access to the stored information cause difficulties to organisations manifesting themselves in a number of security related issues, such as backup and disaster recovery. Ross Tisnovsky (2010) notes that “customers need formal contractual clauses to ensure data remains available if the supplier goes out of business or is acquired and for data redundancy across multiple sites”.
Finally, consistency and accuracy of the information should be considered when migrating sensitive data to the Cloud based infrastructure. For example, Data Protection Act (DPA) 1998 requires entities to review the information stored for accuracy. When factoring in issues discussed previously such as ownership of the information and the control over the information, a process of ensuring accuracy and consistency of the information stored should be considered and, in some cases, be part of contractual obligation with the service provider.
Given the advantages Cloud-based computing offers enterprises to ensure that data and application migration follow best practices and standards of security such as Open Web Application Security Project (OWASP) “Cloud Top 10 Security Risks” and “Security Guidance for Critical Areas of Focus in Cloud Computing” by Cloud Security Alliance (CSA). Understanding security and ethical issues, adoption of security frameworks and periodic risk assessments associated with the use of a particular technology will reduce the negative exposure of the enterprise.


  • Bodde , D. L. 2004 Intentional Entrepreneur: Bringing Technology And Engineering To The Real New Economy, M.E. Sharpe
  • Bublitz, Erich. 2010. "Catching The Cloud: Managing Risk When Utilizing Cloud Computing." National Underwriter / Property & Casualty Risk & Benefits Management 114, no. 39: 12-16. Business Source Premier, EBSCOhost (accessed December 8, 2010).
  • Cloud Security Alliance (2009), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 [online]. Available from: (accessed December 8, 2010).
  • Ernst & Young. (2009). Outpacing change. 12th Annual Global Information Survey [online]. Available from:$FILE/12th_annual_GISS.pdf (accessed December 8, 2010).
  • Farrell, Rhonda. 2010. "Securing the Cloud-Governance, Risk, and Compliance Issues Reign Supreme." Information Security Journal: A Global Perspective 19, no. 6: 310-319. Business Source Premier, EBSCOhost (accessed December 8, 2010).
  • OWASP (2010), Cloud Top 10 Security Risks [online]. Available from: (accessed December 8, 2010).
  • Subashini, S., and V. Kavitha. "A survey on security issues in service delivery models of cloud computing." Journal of Network & Computer Applications 34, no. 1 (January 2011): 1-11. Business Source Premier, EBSCOhost (accessed December 8, 2010).
  • Tisnovsky, Ross. 2010. "Risks Versus Value in Outsourced Cloud Computing." Financial Executive 26, no. 9: 64-65. Business Source Premier, EBSCOhost (accessed December 8, 2010).

No comments:

Post a Comment