• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

Is user data safe in the cloud?

By
JP Mangalindan
JP Mangalindan
Down Arrow Button Icon
By
JP Mangalindan
JP Mangalindan
Down Arrow Button Icon
September 24, 2010, 3:00 AM ET
Add Fortune on Google for similar content.

Thousands of websites and millions of pieces of private data are increasingly in one big cloud, where some of the old rules of data security are out the window.

Cloud Computing
Image by Kevin Krejci via Flickr

With the rise of cloud computing companies, and the ferocity with which tech’s biggest companies are snatching those firms up, it’s no secret that a good chunk of our user data is already stored in the cloud. Our emails, our documents, our social network profiles and hundreds of thousands of tiny startups already rely on cloud services like SalesForce.com to be more productive and cost-effective. But one concern that remains constant is that of security. By off-loading more data to the cloud, are companies increasingly opening themselves and their users up to hacking, data loss, and privacy compromises?

What’s at risk

Take the example of credit card data. Most of us don’t think twice about saving account numbers and security codes into our online shopping profiles. The Payment Card Industry (or PCI) is a global information security standard established by a consortium including Visa Card, MasterCard, American Express and Discover, that places specific requirements on the operational infrastructure that handles high-risk data like credit card information. If an infrastructure doesn’t conform to any and all PCI regulations, then it’s not PCI compliant. And because cloud infrastructure is so vastly different than that what PCI was written for, most cloud service providers are in fact, not PCI compliant.

How a cloud service provider encrypts client data is also key to security. According to Forrester cloud analyst Chenxi Wang, cloud data encryption can be scattershot. Some services encrypt their data; some don’t. For those that encrypt, it’s worth figuring out whether the encryption is strong enough, whether the physical server that stores your data is entirely encrypted (ie. is all client data encrypted the same way?) or whether the service provider offers applications that encrypt your data separately and with different keys than other stored data.

That last concern stems from a popular cloud practice: some cloud providers store data from multiple clients on the same physical server. So, Client A may be running one “virtual machine” and Client B can be running on another “virtual machine,” but both could be physically running on the same server. If an experienced hacker gains access to Client A via a security hole, it’s not outside of the realm of possibility for the hacker to gain access to Client B’s data as well. Even Client A, if they’re up to no good, could become the culprit.

“The risk of that, depending on how the cloud provider, may be minimal, or it may be quite substantial.” admits Wang. “From the absolute security stance, there is a risk that the other company who happens to rely on the same infrastructure may be able to utilize some covert terminal, or some kind of interface that’s available to actually hack into your part of the infrastructure.”

Another concern is the use of the third-party companies for various components of a cloud service. While Amazon’s cloud services are entirely in-house, other cloud services are relying on third parties more and more.

Wang brings up a recent example where third party usage has gone horribly awry. For back-up purposes, client data is often written to tapes or drives, but after a given period of time, most back-ups need to be destroyed. Recently, an unnamed cloud provider sent their back-up tapes to a data disposal company. Wang says the data disposal company lost all the tapes, and thus all the cloud client data on them.

“The cloud provider was put in a very bad situation because they don’t have any assurance the data was actually destroyed,” says Wang.

Minimizing cloud risks

To reduce the chances of a nightmare scenario like that from happening, potential clients shopping around for a cloud service provider need to do their research.

The only way clients can fully understand and control their data is by learning as much as possible and being firm throughout contract negotiations. In the absence of standards like PCI, it’s not enough to trust providers to protect your data or take their word for it: companies need to get details on how data will be physically stored, how well it will be encrypted on physical servers that share storage space with other client data, whether the provider employs third parties, and what those companies’ operational procedures are. Clients need to be crystal clear in understanding how their data is handled and who within the company or outside the company will have access to it.

In the case of the lost back-up data situation, it almost sounds like a no-brainer that the provider would turn around and notify affected clients about compromised security, but in reality, the company is under no obligation to do so unless their contracts say otherwise. So, requirements for client notification, whether a good or bad situation arises, is a must.

Also worth inquiring about during contract negotiations? “First right of refusal” when hiring third parties, separate physical servers and cabinets, and/or separate data encryption services. Clients won’t necessarily be granted such demands — that depends on their history with the provider and how much they values the business — but the price of not asking and subsequently suffering a security breech could be immensely high. Of course, some of the worst losses of private data over the last few years have come from the “stolen laptop” syndrome, where data that should’ve never been on personal computer ended up in the hands of petty thieves (or perhaps worse).

All of this, of course, is vital for companies who are setting up cloud based businesses and do right by their users. Average users generally have no way of knowing how their data is being treated, outside the boilerplate privacy policies that companies post on their websites. Which is to say that short of creating a total information blockade, we are already living in the cloud.

About the Author
By JP Mangalindan
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Trump’s 927-page disclosure is just a normal Tuesday for direct indexing and crypto wealth managers
InvestingDonald Trump
Trump’s 927-page disclosure is just a normal Tuesday for direct indexing and crypto wealth managers
By Catherina GioinoJuly 1, 2026
2 hours ago
US President Donald Trump sits in silence with his hands folded on top of each other.
CryptoDonald Trump
Inside Trump’s $1.4 billion crypto empire: Altcoins, Bitcoin—and a stake in Michael Saylor’s Strategy
By Camila Grigera NaónJuly 1, 2026
3 hours ago
The 6 Best Exercise Bikes of 2026: Fitness Expert Reviewed
HealthDietary Supplements
The 6 Best Exercise Bikes of 2026: Fitness Expert Reviewed
By Christina SnyderJuly 1, 2026
3 hours ago
Mark Zandi, Moody's chief economist.
EconomyU.S. economy
‘It’s fair to ask whether it was worth it’: The Iran war has cost Americans $1,000 per household—and that’s a conservative estimate, Mark Zandi says
By Tristan BoveJuly 1, 2026
6 hours ago
Melania Trump NFT earnings surge 28x in 2025 as first lady rakes in nearly $17 million in total earnings, filing shows
PoliticsDonald Trump
Melania Trump NFT earnings surge 28x in 2025 as first lady rakes in nearly $17 million in total earnings, filing shows
By Mia OsmonbekovJuly 1, 2026
6 hours ago
Donald Trump sits at his desk in the Oval Office, smiling and with his hands folded in front of him.
PoliticsDonald Trump
Trump got a $78K pension from the Screen Actors Guild in 2025 because he appeared in Home Alone 2 in 1992
By Sasha RogelbergJuly 1, 2026
7 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
17 hours ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
7 days ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
5 days ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
15 hours ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
Current price of oil as of July 1, 2026
Personal Finance
Current price of oil as of July 1, 2026
By Joseph HostetlerJuly 1, 2026
12 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.