Cloud Computing and Identity Theft

Ever wonder where your email is stored since its not actually stored on your own computer? Chances are that your email is stored by utilizing Cloud Computing. What is Cloud Computing? Without getting overly wordy and technical, it is a collection of utilized software applications that are stored on servers in another location. Anyone using this framework has access to not only the various software devices, but can use the servers to store their own personal data. You can see the benefits to having the use of these third party servers. There is no need to purchase all the different pieces of software you wish to use, also it frees up valuable hard drive space on your own computer. But with this convenience, comes security issues and concerns.

Some recent cases:

* In 2005 ChoicePoint was determined to have allowed 163,000 peoples personal data to be compromised due to poor security practices.
* In 2008 TJX was found to have transfered personal data in "clear text" between their servers which were open to anyone in the network.
* In 2009 Compgeeks.com had a complaint filed against them relating to not using "reasonable security" to protect its clients.

These are small in comparision to an FTC investigation against Google in March of 2009. If you uae Google's Gmail, GoogleDocs, GoogleDesktop, or Google Calender, then you are using Google's Cloud Computing. Your information is stored in different locations on their servers. This information is not encrypted and is therefore vulnerable. The FTC investigation stated that 26 million consumers were using Googles Cloud Computing as of September 2008. This number has only grown. Although Google states that all information is securely stored in an online storage, they also state in their Terms of Service Statement that they are not liable for any negligence on their part. Researchers into Googles practices found instances where email names AND passwords were able to be viewed by outsiders. This vulnerablity "exposed users information to malicious websites". This goes beyond the simple data mining that Google employs in Gmails, but the true threat of Identity Theft.

(If you would like to read the FTC report in full http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf )

Some people may argue that with companies undergoing audits on their security practices, that breaches are slight and rare. As I just showed you this is not the case. Also some companies are refusing to undergo such audits. Cloud Computing has grown in popularity and will continue to do so, however we must keep in mind that when your data is stored elsewhere it is vulnerable.