PQMA Response to Prof. Nelson Lectureson Cloud Computing

Junya (Yvonne) Yuan

CCT 505

November 15, 2011

PQMA Response to Prof. Nelson’ lectureson “Cloud Computing”

Problem:

Novell defines the cloud as “a set of services and technologies that enable the delivery of computing services over the Internet in real-time, allowing end-users instant access to data and applications from any device with Internet access” (Novell). Individuals and firms like Google, Dropbox, Microsoft, Amazon, and Apple provide Internet based email, calendars, file storage, and media programwithcloud; Scientists and institutes share and cooperate with each other on complicated research projects using cloud. Users need only access the Internet for the content they uploaded, edited and stored through the interface on the end devices. For example, Salesforce.com provides internet-based Customer Relationship Management (CRM) software, allowing customers to outsource many of the resources used to run it in exchange for monthly or per user fees (Kundra, 2011). But several major issues emerged along with the fast expansion of the application of cloud, and caused trouble with governmental policies and regulations.

• Data location –The physical data storage vendors may reside in many geographic areas, leaving it vulnerable to various governmental jurisdictions and regional disasters.
• Privacy – A different entity handles potentially sensitive data and its security, and customers depend on an external provider for their data integrity and service continuity – they do not have direct control（e.g. permanently withdraw the data）(Brodkin, 2008).
• Long-term reliability – A cloud provider may go out of business or be acquired, posingrisks to customer data integrity, but no governmental regulation has launched to protect user’s long term right.

Question:

What can the government policy do with the potential risks that posted by the using and development of cloud computing, in order to help the growth of cloud practice with long term health of data security and stability?

Methodand Answers/Analysis:

• First of all, government and related cyber-supervising officemight clearly identify the potential threats that might derive from the use of clouds so as to clearly differentiate the diverseregulating targets. Different level of clouds may have different complexity, but regulation should be constant despite the difference in regional laws.Those sensitive informational databases should be more strictly, carefully regulated than those general usage databases.
• Secondly, standardization is a key step. Government can come up with regulations that require large firms with the capability to building and secure their own clouds contribute their technology to the common social welfare. Like Google, a leading cloud host providingemail, storage, documents, billing, and analytics services can apply part of its technology and structure of system (with reasonable price or other compensate benefit) to help establishing the general standard of national or international clouds, which allow all the clouds to share the same technical support and eventually easier to be supervised and administrated by the carriers and government.
• Furthermore, government may come up with regulation that requires the cloud providers to pass certain qualification inspection in order to get the certificate of running clouds of their own. Certificate can be leveled so that firms and organizations with different capacity will get permit to launch different graded cloudsAnd with a contract, or a legal binding that requires the cloud provider to continuously maintain their service and form a mechanism to securely transfer the database to other ongoing clouds even if the provider shut down its business.

Works Cited:

Brodkin, J. (2008, July 2). Gartner: Seven cloud-computing security risks. InfoWorld .

Kundra, V. (2011, August 30). Tight Budget? Look to the 'Cloud'. The New York Times .

Novell. (n.d.). What is the cloud? Retrieved September 11, 2011, from Novell: