Cloud Computing Technology: Ethical, Social and Legal Security Concerns (Research Paper Sample)

Cloud Computing Technology: Ethical, Social and Legal Security Concern
Students Name
Institutional Affiliation
Cloud Computing Technology: Ethical, Social and Legal Security Concern
Introduction
Cloud computing is a revolutionary technology that enables convenient, on-demand network access to a number of computing resources such as services, applications, storage, servers and networks. The technology has been adopted by a number of firms owing to multiple advantages such as flexibility in use, reduced costs, rapid deployment, and fast return of investment (Ratten, 2012). Projections indicate that the end user spending on cloud computing will exceed $180 billion by the end of 2015, qualifying cloud computing as the technological choice for majority of businesses (McCue, 2014). Despite its advantages and popularity, the technology has brought about new ethical, legal and social challenges. Cloud computing primarily allows the deployment and procurement of computing resources via the internet. The fact that information is not personalized, but shared and managed by third party organizations brings about multiple concerns such as the professional conduct of the employees of third party cloud service providers, negligence, identity theft, and cyber security (McCue, 2014).Legal, Ethical, Cultural, Social Issues relevant to Cloud Computing
Both Ratten (2012) and Spinello (2010) identify security as the biggest risk associated with cloud computing technology. The considerable security gap between an organization's internal activities and the cloud-based infrastructure has prompted privacy concerns linked to sensitive data processed or stored by the cloud provider. The paper analyzes the existing legal, ethical and social issues relevant with cloud computing technology besides outlining the professional code of conduct that ought to govern cloud computing professionals.
Ethical Concerns
Cloud computing technology brings about a myriad of ethical concerns. Angle (2004) defines ethics as the basic underlying concepts that define the fundamental principles of universally accepted human conduct. Based on the definition, ethical concerns are directly related to security risks. Stamatellos (2007) categorizes ethical concerns as either internal or external. External risks include internet facilitated breaches by hackers and intentional attacks using malware or viruses. Internal attacks includes, carelessness from employees leading to significant security breaches, and intentional breach by malicious or disgruntled insiders leading to unauthorized access to confidential information. Based on the outlined potential ethical risks, guidelines should focus on overseeing the professional conduct of employees hence maintaining confidentiality and taking measures to safeguard client's information (Ratten, 2012).
Cloud service providers must take all measures to safeguard unauthorized access to its clients private information. The uniqueness of clouds results from the fact that their operations is outside the control of individual clients yet sensitive and confidential information are often stored in the cloud (Ratten, 2012). Service providers have complete control over both data and communication between the host company and cloud users. This raises privacy concerns since the information may be used for undesired purposes or accessed without authorization. The providers have the responsibility to employ all reasonable safeguard measures to guarantee information safety. Increased transparency from individual service providers is also necessary so as to prevent illegal usage of private information (Brooks & Dunn, 2010).
Another primary ethical concern with regards to cloud computing is long term sustainability. As technology advances, new ways to compromise data emerges raising critical concerns on the long term safety of data. Ratten (2012) and Stamatellos (2007) recommend a number of solutions to the discussed ethical concerns. Ratten (2012) proposes backing up of data to allow retrieval in cases where they have been corrupted, accidentally deleted or lost over the cloud. They also recommend installing a firewall to limit unauthorized access to a cloud network, authenticating identities of all individuals who access confidential information, encrypting all confidential data and limiting information sharing to what is required, requested or needed. Recommending measures to address the sustainability concerns, Stamatellos (2007) contends that, it is every cloud service provider's responsibility to implement an electronic audit procedure that will monitor and control access to data. The service providers must also create plans and well-defined legal procedures to handle and address any security breaches (Ratten, 2012).Legal concerns
The legal landscape surrounding cloud computing environment remains dynamic since new laws that govern clients and service providers continue to emerge. Since the service provider and the client are two separate legal entities, their relationship must be governed by laws that govern information management in different scenarios. Legal issues and the regulatory framework surrounding data collection, storage and processing in addition to ensuring compliance to the existing state, national and international legislation raises critical concerns. According to Roland and Claudia (2010), cloud customers in the European Union, Canada and the United States are governed by a series of control objectives that governed information sharing. Key legal issues include protection of information, dispute resolution, terms of service, performance management, liability and termination of contract.
Protection of information is a fundamental legal concern governed by Section 95B of the Privacy Act of 1988. Under the legislation, contractual agreements must ensure that service providers does not in any way breach the stipulated Information Privacy Principles (Baase, 2009). The legislation further prohibits providers for using client's private information for personal benefits. Cloud providers must also ensure clients information is adequately protected along the . guidelines of Privacy Act that outlines information disclosure, security and access. The second major legal concern is liability, or who bears responsibility for information loss, damage, or leakage (Ratten, 2012). Liability related issues include limitations on liability and indemnity. Under limitations on liability clause, the cloud service provider bears responsibility for breach of privacy or confidentiality obligations, intellectual property infringement and illegal or unlawful acts of commission or omission. However, the liability does not extend to personal injury, damage to or loss of tangible property and loss due to service interruption.
Performance management legal concerns includes the service levels, response times, flexibility of service, business continuity and disaster recovery (Kinkela, and College, 2012). Since cloud providers are primarily service companies, legal concerns on the level of service provided by the agency arises. Legislations prescribes three elements of effective service provision: The service should be meaningful, measurable, auditable, and incentive-oriented to encourage performance at required levels. There are also legal concerns on the response times that should follow an interruption in part or all of service provided since interruptions may lead to significant losses by the client. With regards to flexibility of service, legal concerns include; pricing models and the range of services offered and covered while business continuity and disaster recovery legal concerns should outline specific guidelines on how the provider responds to interruptions to both communications network and system failure.Social concerns and Professional Code of Ethics
In their article, Huang and Hsieh identifies the sociology of cloud computing as constituted by IT artifacts, organizations and the services offered. Cloud, therefore, is simply a distribution of computers over a virtual network hence any social concerns arise from the individuals within the network. These include employees of individual cloud service providers, employees of cloud clients and hackers. The professional code of ethics governing all technical staff in the cloud fraternity is, therefore, of critical value. All employees are expected to execute their duties with honor, dignity and integrity by using their skills, initiative and judgment to causes that positively affect the society. Employees are also expected to use their skills and knowledge to serve the clients always upholding the highest levels of professionalism at all times.
Social and professional concerns extend to the loyalty between clients, employers and the professionals employed by cloud providers. In most cases, information breach is often linked to employees, whether intentional or planned (Ratten, 2012). As a result, employees should not in any way disclose client's confidential information without permission. Cloud providers and their employees also have the responsibility to keep clients informed of any security breaches or potential conflict of interest. The cloud provider should also uphold honesty by ensuring their clients have a clear knowledge of possible adverse effect of using their services. Hence, cloud service providers should be factual, truthful and free from exaggeration when marketing or advertising their services to clients (Ratten, 2012)....