Businesses are always looking for ways to strengthen their data security and alleviate customer concerns. Many may figure that using a bigger company for data storage and sharing information may be the best way to go, but a recent report by the Electronic Frontier Foundation looked at major companies with cloud computing and storage services being entrusted by businesses and asked what the provider does to keep private information out of the hands of the government.
The "Who Has Your Back?" report looked at many categories and awarded stars for each instance in which the observed company:
– Required a warrant before giving information to the government
– Notified customers when information is requested by authorities
– Published a report about how many government requests it has fulfilled
– Belonged to the Digital Due Process Coalition, a group pushing Congress to rewrite outmoded portions of the Electronic Communications Privacy Act of 1986
– Printed formal guidelines on how it responds to government information requests
– Contested requests for information in court
Only two of the companies, Twitter and Sonic.net, were awarded stars for each of these categories. Dropbox, LinkedIn and SpiderOak only fell short in the category of fighting a request, but InfoWorld said they may have not had a request to fight against.
Google had five stars in this report as well, with its missing star coming from the customer notification policy. The news source said Google's policy notes "We notify users about legal demands when appropriate, unless prohibited by law or court order," with the "when appropriate" likely costing them their sixth star in this report.
"There's a lot to celebrate in this report, but also plenty of room for improvement," said EFF staff attorney Nate Cardozo. "Service providers hold huge amounts of our personal data, and the government shouldn't be able to fish around in this information without good reason and a court making sure there's no abuse. This report should be a wake-up call to Internet users that they need more protection from the companies they trust with their digital communications."
As for the companies that didn't do as hot in this report, Microsoft did not receive a star for the notification to customers or the contesting a request category. The name at the bottom of the list was Apple with only one star, as they are a member of the Digital Due Process coalition.
"Apple and AT&T are members of the Digital Due Process coalition, but don't observe any of the other best practices we're measuring," EFF said. "And this year – as in past years – MySpace and Verizon earned no stars in our report. We remain disappointed by the overall poor showing of ISPs like AT&T and Verizon in our best practice categories."
Be diligent in questioning provider before signing up
No matter which company is used for a venture into the world of cloud computing, storage or security, businesses should be careful to look into the company and figure out how their information will be protected. Joe McKendrick wrote on Forbes that researchers W. Kuan Hon, Christopher Millard and Ian Walden spoke about some major points of discussion companies should have with cloud computing providers.
Issues businesses need to look at before signing a contract include who is going to be liable for damages to the company if service is interrupted, what kind of service level agreement negotiations can be done and whether or not availability extends to data.
"While some will undertake to make the necessary number of backups, most will not warrant data integrity, or accept liability for data loss," the researchers said, according to McKendrick.
Other issues to look into include the physical location of data, which side will maintain compliance and what happens if service needs to be changed.
Data Security News from SimplySecurity.com by Trend Micro.