It was recently noted that as part of an investigation into pre-release leaks of Windows 7 and Windows 8, Microsoft decided to scan the Hotmail account of the French blogger who had published these leaks in an effort to find out from whom these leaks had been obtained. This was done without the permission of the owner of the Hotmail account or notifying him at all, which begs the question: should companies who look after our data be allowed anywhere near the information that they are meant to be safeguarding from unauthorised access? Although the checks performed by Microsoft were legal, it will no doubt damage the trust that many have with the company and I wouldn’t be surprised if some people choose to move their email services away from Hotmail, purely because of the privacy concerns.
Encryption in the cloud
Though Microsoft does offer a range of cloud services, with them being able to access Hotmail accounts in the way that they have would suggest that they could just as easily access any other data that anyone has stored on their servers. With this in mind, a company looking to store their data in a secure environment would be recommended to choose a cloud service that can guarantee the encryption of all data that is stored on their systems. Many cloud providers claim that they are unable to access any of the information stored on their systems as it is encrypted using the user’s password, so unless someone access to the account password, they won’t be able to see the contents of the account it will just be a garbled mess.
Developing a private cloud infrastructure for data storage is another measure that can be used to hide information from prying eyes. In a private cloud you will have full control over who has access to the hardware running the environment, allowing you to grant access to authorised individuals only.
Confidentiality agreements
As a user of a consumer service such as Hotmail or Gmail, it is likely that there aren’t any specific confidentiality agreements in place that would prevent such companies from accessing the data. This is also why we see adverts in a Gmail inbox, as Google has scanned the contents of a user’s inbox to detect the subjects of the emails that they have been receiving so that targeted ads based around the user’s current interests can be displayed.
In a situation where you are looking to store critical and private company information external to your office and with a third-party company, it is recommended that you ensure that there are confidentiality agreements in place to prevent any unauthorised individuals from gaining access to your information. It just goes to show that people who can access information is a valid way can just be as dangerous as hackers who may use malicious means to gather data.
I’m of the opinion that when taking the Data Protection Act into account, a company should work to ensure that only its employees are able to access data. Where confidential company information is being stored, a provider with whom they have a good relationship and they know they can trust should be used; this will help to safeguard data because it should also guarantee the use of strict security measures to also deter hackers.
