Privacy Policy Is Not Main Risk Issue with Cloud Storage

Slide Show

Consumer Privacy Insights and Trends - Q1 2012

Privacy concerns and sentiments of online U.S. adults and the impact on businesses.

Three days out from the grand opening of Google Drive, the search giant's new cloud storage service, and the predictable media ruckus over privacy concerns has begun to die down, at least a bit.

One of the more interesting news bits, at least from the corporate perspective, is a report that The New York Times and other companies advised employees to not use Google Drive for business purposes. More interesting, at least to this blogger, is the fact that the ban also extended to Gmail, which actually took off as an MSN Mail killer in large part because users treated it as a cloud storage service, mailing giant attachments to themselves for pickup later.

Google Drive is garnering all this attention primarily because, well, it's Google. Throw in terms of service wording like this:

When you upload or otherwise submit content to our services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our services), communicate, publish, publicly perform, publicly display and distribute such content.

and you can see why media types are pushing the privacy panic button.

Google (and most reasonable observers) continues to make the point that there's really nothing new here. As we noted earlier this week, Google Drive really is little more than an extension of Google Docs and about a jillion other Google cloud services. Thanks to Calendar, Google knows that I have a phone call with a potential client this afternoon at 2. Oh, the horror.

If you manage compliance or risk for handling confidential data, particularly in a highly regulated environment, we will just assume that you already have data loss prevention or other measures in place to block consumer services like Google Drive. If not, stop reading and get on that, pronto.

For SOHO, SMB and just basic run-of-the-mill daily operations, you simply must weigh the risks of someone getting their hands on your data vs. the benefit of being able to tap into powerful computing resources at little or no cost, aside from annoying ads. It really does not concern me that Google knows my afternoon schedule. Were I sending a competitive analysis or other sensitive document to a client, I'd probably opt to use a private POP mail account I maintain for just such occasions.

Obviously, you want to read the privacy and terms agreements for any service adopted by your users. What you'll find, as pointed out by this informative piece at The Washington Post, is that they are all pretty similar. If you sign up for Microsoft's Skydrive service:

... you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.

Sound familiar?

The reality is that no credible cloud service provider is likely to do anything nefarious with your data. The damage to their own reputation and business would dwarf the benefits of whatever they might find out, unless you have successfully cracked the philosopher stone problem.

The much greater risk in using any cloud service, consumer or dedicated, is that third parties can get their hands on your data, either through bulk attacks against weak authentication or just the courts in weird jurisdictions you didn't know applied to the service. This risk will not be covered in a terms of use statement; researching and quantifying it is the real challenge for risk managers.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.