“You can have security and not have privacy, but you cannot have privacy without security.”
A common misconception is that data privacy is a subset of information security. The two are indeed interrelated, but privacy brings a host of concerns all its own. In this chapter, we will discuss these components in the context of cloud computing, and analyze the differences and similarities with traditional computing models.
Particularly in less regulated industries (those other than health care and financial services) responsibility and accountability for privacy is often (erroneously) assigned to IT instead of the business unit that owns the data. In many cases, it is treated as a checkbox to verify among several other burdensome requirements.
As we have seen from our review, infrastructure and data security in public cloud computing is, for many organizations (e.g., large enterprises), likely to be less robust than their own current capabilities. With this likely less-secure, greater-risk security posture, it follows that the risk of a privacy breach is also increased. It should, however, be noted that many small and medium-size businesses (SMBs) have limited IT and dedicated information security resources, and as a result they place limited focus on this area. For these organizations, the security afforded by a public cloud service provider (CSP) can be greater.
Even a seemingly small data breach can have a considerable financial impact (e.g., cost of incident ...