Cloud security practices during law enforcement investigation

April 27, 2012

As the cloud computing industry continues to evolve, so too do the compliance and watchdog practices of government and other regulators. The Los Angeles Times recently published an article explaining some of the common concerns among cloud service providers, and many risks of which users may not even be aware.

Cloud security has been a top concern of many providers and users, while new software and proven practices regarding implementation and maintenance have made data safer than ever before in the virtual environment. Regulations have been slightly slower, as the process of creating and passing laws lags behind the rapid evolution of the technology.

Non-profit organizations like the Cloud Security Alliance have helped create industry-based watchdogs and practices for providers, though the legal ramifications are yet to solidify.

According to the the LA Times, many users do not have clear expectations of what to expect if their provider is court-ordered to disclose data on its servers. This process is somewhat common, and while most cloud providers will lay out clear privacy protection policies, many do not get into the process of releasing data to law enforcement in the event of an investigation.

"In a situation where it is absolutely necessary to provide access, we would provide notice to the affected customer prior to disclosure (subject to our obligations under the subpoena or court order)," a spokesperson of a leading cloud service provider told the Times.

The provider, when requested by a legal entity, must provide access to whatever information has been subject to subpoena, which could lead to unique data security risks.

Users should be very diligent when choosing a cloud service provider, and be active throughout the professional relationship with the third-party source, ensuring the provider is actively defending data.

-McAfee Cloud Security