Data Integrity and Evidence in the Cloud
Data integrity is a potential challenge in cloud computing, with implications for both operational efficiency and legal evidence. Vendors should consider a standards-based approach to assuring data integrity, and customers should address the issue in due diligence and in contracting.
How does cloud computing affect the risks of lost, incomplete, or altered data? Often, the discussion of this question focuses on the security risks in transmitting data over public networks and storing it in dispersed facilities, sometimes in the control of diverse entities. Less often recognized is the fact that cloud computing, if not properly implemented, may jeopardize data integrity simply in the way that transactions are entered and recorded, and that this may have legal as well as operational consequences.
Consider a traditional business transaction such as recording a customer order or a new hire. Sales or human resources staff, or possibly data entry clerks, type required information into an application hosted on premises. The data may be stored in multiple local databases. For example, the customer screen presented by an ERP (enterprise resource planning) system may automatically populate fields in separate order fulfillment, accounting, and customer relationship management systems, and perhaps in a marketing database as well. The new hire screen may feed relevant data to human resources, accounting, and payroll systems or modules.
The interaction between the data entry system and the multiple databases is normally effected through database APIs (application programming interfaces) designed or tested by the database vendors. The input is also typically monitored on the fly by a database “transactions manager” function designed to ensure, for example, that all required data elements are entered and are within prescribed parameters, and that they are all received by the respective database management systems.
Grid or Cloud or Cloud or Grid or ?
For some reason there, seems to be a lot of confusion with regards to the connection between Grid Computing and Cloud Computing. I often see this question arise in various Cloud-oriented discussion groups, so I thought it might be a good idea to offer a short blog about the question.
As in any topic with anything to do with Cloud Computing, there will be different viewpoints, and various (sometimes contradictory) opinions about definitions, and while this is generally positive, and keeps any one individual or organization skewing a definition to suit a specific agenda, it can be difficult to attempt to provide even the most basic description without caveats. This represents my "best effort."
While the definition of Cloud Computing is over two years old, it is still not universally agreed upon, so for the sake of this discussion I will assume PUBLIC Clouds, where the computing infrastructure (servers, switches, storage etc.) lies outside the firewall, and is paid for on an "as needed basis" out of an Expense budget.
The Cloud is Attacking You
Microsoft has released out-of-band Security Bulletin MS10-002
(http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx) to resolve seven privately reported vulnerabilities and one publicly disclosed vulnerability. This update includes resolution for a recently, reported zero-day vulnerability in Internet Explorer (IE) which is detailed in Microsoft Security Advisory 979352. (http://www.microsoft.com/technet/security/advisory/979352.mspx)