Cloud Computing And Data Protection
Cloud computing generally refers to the possibility of storing data on the local computer (as it was at the beginning of computing) but on remote servers or computers linked together most often through the Internet. This has been possible for several years and everyone has already experimented with it, for example by consulting e-mails on the site of its supplier.
There is not a form of computing in the cloud, but very many. In particular, software as a service (SaaS), infrastructure as a service and platform as a service (PAAS) are distinguished. Software as a service is a computer program that can be used directly on the Internet without installing it on its machine. This makes it possible to rent it and the update operations are carried out directly by the supplier. Infrastructure as a service is the provision by the provider of an IT infrastructure such as servers or storage space. Finally, the platform as a service combines the two previous ones since the provider provides the hardware and software.
We can then distinguish a public cloud from a private cloud. In the first one, the data of all the users are not separated and the user has no influence on the location of his data. In the second, the user has a physically delimited space and can, for example, know in which country his data are processed.
Cloud computing primarily limits costs and maintenance operations. The risks are quite similar to those of internal data management. A cloud solution can even reduce the risk of undue loss or access because employees in a company would no longer have data stored on their laptops, for example.
However, certain principles must be respected, in particular, compliance by the supplier with the legal obligations regarding the protection of the user’s data (the provider is a third party), including with regard to data security (protection against unauthorized processing, confidentiality, data integrity), right of access and rectification. In addition, the legal provisions relating to the transmission of data abroad will also apply.
Before using cloud computing, it is essential to choose your provider and to check the guarantees offered. The user is responsible for compliance with the data protection provisions and must take the necessary steps.
In a document entitled “Explanations about cloud computing”, the Federal Data Protection and Transparency Officer (FDPIC) recalls the dangers that cloud computing can pose for the private sphere and gives recommendations as well as links to deepen the subject.Tags: Data Protection