Privacy and Security in Cloud Computing
1
© Jupiter Images
Privacy and Security in Cloud Computing
Allan A. Friedman and Darrell M. West
EXECUTIVE SUMMARY
loud computing can mean
different things to different
people, and obviously the
privacy and security concerns will
differ between a consumer using a
public cloud application, a
medium-sized enterprise using a
customized suite of business
applications on a cloud platform,
and a government agency with a
private cloud for internal database
sharing (Whitten, 2010). The shift
of each category of user to cloud
systems brings a different package
of benefits and risks.
What remains constant, though,
is the tangible and intangible value that the user seeks to protect. For an individual, the value
at risk can range from loss of civil liberties to the contents of bank accounts. For a business,
the value runs from core trade secrets to continuity of business operations and public
reputation. Much of this is hard to estimate and translate into standard metrics of value (Lev,
2003) The task in this transition is to compare the opportunities of cloud adoption with the
risks. The benefits of cloud have been discussed elsewhere, to the individual to the enterprise,
and to the government (West, 2010a, 2010b).
This document explores how to think about privacy and security on the cloud. It is not
intended to be a catalog of cloud threats (see ENISA (2009) for an example of rigorous
exploration of the risks of cloud adoption to specific groups). We frame the set of concerns
for the cloud and highlight what is new and what is not. We analyze a set of policy issues that
represent systematic concerns deserving the attention of policy-makers. We argue that the
weak link in security generally is the human factor and surrounding institutions and incentives
matter more than the platform itself. As long as we learn the lessons of past breakdowns,
cloud computing has the potential to generate innovation without sacrificing privacy and
Number 3 October 2010
Issues in Technology Innovation
The Center for Technology
Innovation at Brookings has
launched its inaugural
paper series to seek and
analyze public policy
developments in technology
innovation.
The Center for Technology
Innovation
Founded in 2010, the
Center for Technology
Innovation at Brookings is
at the forefront of shaping
public debate on technology
innovation and developing
data-driven scholarship to
enhance understanding of
technology’s legal,
economic, social, and
governance ramifications.
