‘Cloud’ is a metaphor for the net itself. To seize the time, while anyone uses the net
a few are searching for a search engine including Google, however, to receive any completely online-based offer that includes shipping or receiving emails is to use cloud computing. Also, every time one gets access to the same web pages Facebook, and any other social networking sites, you are using the cloud application. Cause of the cloud
computing is the use of the Internet site in any such way one can store statistics and a variety of different types of packages on remote servers equal storage in each computer system. Cloud computing use allows your person to access their information/files on his laptop, at the beginning of the click on the start button of the menu of ‘any computer’ from ‘anywhere’ in the world. Thus the user is facilitated as if he is using his computer or laptop. The result is that one has to draw an absolute pc for everyone from everywhere with the same freedom as we have he works on our laptop in our workplace. The files/facts uploaded to a personal computer are displayed as if loaded on a heavy consumer-pressure
computer, but in fact, they are no longer loaded on that laptop but are downloaded from the cloud to that laptop. According to the National Institute of Standards
and Technology within the US Department of Commerce, cloud how to make a computer:
‘A model to allow for simplicity, which is required the public gets the right to enter the realm of sharing things that can be fixed computer services (e.g. networks, servers,
storage packages, etc) which may occur unexpectedly provided and presented in minimal
an attempt at management or cloud dispenser (i.e. Internet Network provider) communication.
Like most subscription services, customers usually have to sign a contract to use the service, and in this process, they have to deal with legal agreements set by the service provider. In some cases, the customer may be dissatisfied with the legal issues identified by the service contract and may require certain aspects of the contract to be adjusted to meet its specific requirements, or there may be additional terms attached to the contract.[1]
Before entering into any contractual agreement with a service provider, the customer needs to carefully evaluate the contract results before receiving the service. Also, the general terms and conditions of the service provider’s contract may not meet the legal requirements of the customer. Such issues need to be highlighted at the beginning of the process, as they can affect, not only the service costs themselves, but also the ability of service providers to meet the legal requirements of the customer[2].
Research Methodology
This research is purely doctrinal research with the help of Books, Papers, Ph.D. thesis, websites, and articles with my knowledge and understanding of the law. The method for writing this dissertation was: reading Books and articles, its analysis, and after that, I put that in my own words. Some part of the dissertation was fully adapted from the books and papers I have referred with all credit to the author
TYPES OF CLOUDS
There are three main types of cloud computing:
Public Cloud
A public cloud is where the infrastructure and so on combining calculating tools performed
available to the general public online. The community of the cloud is managed by a provider that also sells cloud services without user communication. Yet it is delivered that there is a great risk to data security that anyone registered for the cloud can access it. So
the public cloud shares many features of the tenant environment as the data of one company is stored and other company data in the public cloud.
Private cloud
Where are the secret cloud (internal cloud) infrastructure and accounting services available for a particular company or organization? So, aims to provide services to a limited number of users behind the firewall. The private cloud can be managed either
by the organization/company itself or a third party and possibly hosted within or outside the organization’s data center. The secret cloud reminds us of the internet, with access to it
only for individual employees company/organizations. The secret cloud is often used by a
large company and offers a variety of development applications or reduces resources as needed. You must note that the private cloud does not provide the basic advantage of cloud computing because the user still has to do so incur additional financial costs by creating its secret cloud, but these costs are much lower than the traditional method to have IT infrastructure.
Hybrid Cloud
A mixed cloud is a combination of two or more clouds (private or public) which are separate cloud organizations however sharing specific technologies that allow for collaboration. The hybrid model means companies can grow a private cloud network from a public cloud service provider. Apart from the above three, there are three main types of services the models also aim to provide services. Of course:
- SaaS (Software as a Service)
It is a well-known and widely used method of cloud computing computers. It offers all the complex functions of a traditional application for many customers and often thousands of users but with a Web browser, not a local application. Invalid or missing code Local computer users and applications, in general, are designed to perform specific functions. SaaS is perfect for customer concerns about in-system servers, storage, application development, and related, common concerns of IT. Top examples are Salesforce.com, Google Gmail & Apps, instant messaging from AOL, Yahoo, and Google, and VoIP from Vonage and Skype.
- PaaS (Forum as a Service)
Provides custom servers where customers can work existing applications or new upgrades without the need to worry about keeping apps, server hardware, load balancing, or computing capacity. These vendors provide APIs or development platforms to create them and use cloud applications – e.g. via the Internet. Managed Service Providers with in-app services assigned to IT departments to monitor systems as well
applications below such as scanning viruses in emails they are usually included in this category. Well-known Providers will include Microsoft Azure, Salesforce’s Force.com, Google Maps, ADP Payroll processing, and the US Postal Service Contributions.
- IaaS (Infrastructure as a Service)
It brings computer power, usually as virtual raw servers, which require customers to prepare and manage themselves. Here Cloud Computing offers grids or collections or
virtual servers, networks, storage, and systems software, usually (but not always) in multitenant properties. IaaS is designed to add or replace functions of all data centers. This saves costs (and time costs) for large deliveries but does not reduce the cost of setting up, assembling, or managing and these activities should be performed remotely. Vendors will install Amazon.com (Elastic Compute Cloud [EC2] and Easy Storage), IBM, and other traditional IT vendors.
The legal implications of cloud computing
There is a “critical security” problem in cloud computing technology, as well as a possible legal obligation for cloud security breaches. The company that provides the personal information management service is responsible for ensuring that there is reasonable security to protect confidential information.
Product value that includes cloud computing, goods, and services is growing as companies seek to place themselves in a better position in cloud computing marketing efforts and marketing efforts. So confirming the difference in the trademark with the arrival of the cloud becomes even more difficult. Systems are at risk of injury or disruption resulting from earthquakes, terrorist attacks, floods, fires, etc. Customers should make sure that they are provided with business loss insurance as a result of potential losses.
Cloud computing security issues
Due to its widespread nature, the cloud extends to weak security systems that are easy to access. System security is only as strong as weak user settings. The flow of work of weak password detection, cybercrime, and cybercrime attacks pose a significant security risk. In shared web applications designed by teams, such as Google Apps and any web-based software, any security breach is still distributed to all participants. In computer interactions, the organization’s data is locked and the external company controls it. When you participate in the cloud, you rely on an outside company to make decisions about your data and forums.[3]
Cloud computing comes with the possibility that the server is unavailable and closes the account. When the Internet goes down, access to personal data is cut off. An important security measure that is often overlooked by companies is how long the cloud service provider meets. The client should request reliable supplier reports to determine if it meets the needs of its business. Some monitoring systems are another important area for companies to contact their service providers.
GENERAL LEGAL ISSUES
Although they are far from complete, some of the key legal issues that need to be agreed upon by the customer and service provider are:
Control and Control – Without choice, the service provider will explain that it is binding and governed internally. its country, and that all disputes arising from the contract. Many customers may require that the amendment revoke any legal authorization in their country, and in some cases where the service provider is a large international company, this may be possible. It may also be possible to remove that principle from the agreement and allow the legal debate to determine, at any time[4].
Data Location – Contracts from many service providers explicitly state the right to store customer data on any of their sites, regardless of the source of the data. While some service providers do not address the issue directly, many follow the same policy because it does not explicitly prevent the practice from legalizing it. Although data storage in many areas offers a high level of security, it raises issues related to export controls and needs to be addressed directly within the contract, a law against external storage.[5]
Privacy and Confidentiality – In many cases, data collected for a specific purpose may be used only for that purpose. For example, student information stored on college websites can often be provided to select vendors who have a legitimate interest in data. Contracts that govern the release of data are required to ensure the exclusive use of the required service data, as well as the non-disclosure of data by a third party without authorization. Without explicit disclosure within the contract, lawmakers may be at risk. [6]
End-User Responsibility – Service Provider Agreements may require the customer to ensure that end-users comply with the terms and conditions of use of the Service Providers. Although this is an understandable situation for a service provider – a customer relationship, it also places liability on system usage with the customer. Another would be to enforce an agreement between the third party and the service provider to comply with the terms and conditions of the service providers.[7]
Misuse and Unauthorized Use – Some service providers may be committed to preventing the misuse and unauthorized use of customer service.
JURISDICTION CONFUSION: WHICH LAWS APPLY TO THE DATA IN THE CLOUD?
The amorphous environment for collecting servers, applications, and “cloud” data allows for potential local conflicts. The legal question is important because of what is said in the privacy policy; If a company does not know where its data is, how can it know which rules apply? In the United States, for example, the Patriot Act provides the government with a comprehensive platform to prevent allegations [8]of electronic data from reaching across the country. European and Asian companies have expressed concern about storing their data on U.S. computers under the USA Patriot Act, which allows the United States government to access that information very easily. ”On the other hand, in the European Union, data protection regulations place stricter standards on electronic data collection by the government[9] and any other organization. Because of these differences, cloud computing or SaaS (Software as a service) agreements must specify where the data is available and what rules apply. Another legal barrier to computer shutdown is the United States [10]Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA places significant restrictions on the transmission and disclosure of confidential health information. For example, businesses under this Act must enter into a business-related agreement with cloud providers before providers can keep records containing cloud health information. [11]Given the HIPAA requirements, international organizations need to know where their data is located[12]. This information ensures that they can enter into the necessary agreements with the cloud provider to avoid debt under HIPAA. Cloud computing agreements do more than create global confusion. Privacy Laws also vary from state to state within the United States. For example, Massachusetts law requires that anyone in charge of the personal information of a Massachusetts citizen use a (14) detailed written security plan to protect data[13]. Companies under these rules who want to use cloud computing must determine whether the cloud provider complies with adequate security measures to protect its electronic data. Because Massachusetts citizen data may be combined with the data of many other users in the cloud, it may be difficult for cloud providers to know which country laws apply to such providers. As the business world is rapidly embracing cloud computing solutions, it is only a matter of time before a lawsuit arises over issues related to cloud computing management[14].
LAWS IN INDIA RELATING TO CLOUD COMPUTING
India’s official organization has been at the forefront of a series of challenges in addressing technological advances, as well as the rapid growth of the internet and its global impact. Technology often reduces the need for physical contact in building important legal relationships between the parties. Therefore, it is in the hands of the law to correct the conduct that must be followed by those involved in maintaining such a legal relationship. Until the introduction of the Information Technology Act, of 2000, there was no law regarding the use of computers, computer programs, and computer networks, as well as data and electronic information in India. The main purpose of the Information Technology Act of 2000 [15]is to introduce the legal recognition of online commerce, which includes the use of electronic communications and information systems, and to facilitate the electronic transmission of documents to government agencies. The law has foreign powers and therefore includes offenses committed outside India. IT law deals with a variety of computer-related functions such as digital signatures, electronic administration, electronic records, regulatory authority, registration functions, online laws, appeal court, etc., and provides official electronic document identification. and transactions, electronic data/evidence court approval, electronic criminal fines, and the establishment of an appellate court and an electronic crime advisory committee and regulations relating to electronic record keeping. However, the Act[16] also has many gray areas, i.e. it does not protect from copyright infringement, domain name protection, tax e-transactions, stamp duty, and part of the contract law. However, efforts are being made with many amendments to eliminate this confusion. Information Technology Rules (Reasonable security procedures and procedures as well as sensitive personal data or information) The 2011 Laws were introduced by the Government of India, to protect sensitive personal data or information of individuals or organizations owned, operated or controlled[17]. such data is in a controlled, controlled, or computer system. But various provisions of the Code do not apply to companies that provide services under a contractual obligation to any other third party entity unless that entity guarantees the same level of data protection as set out in the Regulations. So cloud computing 25 companies, before trading in “sensitive personal information” with a link to India, must ensure compliance with the Rules as any non-compliance could result in fines, as well as imprisonment in the event of a breach of contract.[18] obligations under Information Technology Act 2000. Therefore, cloud service companies must ensure that both the terms and conditions of the contract entered into with the customer are complied with.
The IT Act of 2000 [19]obliges a business entity to provide a privacy policy and disclosure of information. Businesses that deal with any “sensitive personal data or information”, and any other personal information, will provide the privacy policy published on their website. The business organization must ensure that such personal data is always available to its customers. When it comes to information security, companies should make sure that they protect that information by using “Sound Protection Practices and Procedures”. This means that the International Standard of “Information Technology – Security Strategies – Information Security Management System – Requirements” has been adopted by the Indian government. Any organization that complies with these standards is required to comply with the applicable security measures and procedures. The law also requires a comprehensive information protection system, general information protection systems that include administrative, technical, and operational security measures, and practical actions that are accompanied by confidential information and compliance with reasonable security procedures and standards. Rule 6 of the said action sets the mode in which the data is disclosed to another person. It asserts that no leaks of any sensitive personal data will be made without the prior contractual agreement between the company and the company. No data will be transmitted to a company by any third party unless that third party has complied with the security requirements outlined in the rules. It stipulates that the government uniform may collect any sensitive information, to verify your identity or prevent, discovery[20], investigation, prosecution, and prosecution of cases. However, any person, by his or her powers provided by the Act who has access to any data and discloses that information without the consent of the person concerned, causing serious injury to that person, is likely to be arrested, to date. two years, or a fine, or both. One of the main advantages of cloud computing services in India is that there is no specific law for having data in the cloud. Service providers usually handle data unless a contract has been agreed upon between the parties. This reflects the client’s knowledge of various risks as such data rights are granted to the cloud provider. Under the Information Technology Act of 2000, a cloud service provider is not liable for any third-party data generated by him or her, if he or she indicates that such violations or offenses were committed without his or her knowledge or use. any due diligence imposed by the Government. In the Information Technology Act, of 2000[21], section 10A is amended to stipulate that an electronic contract will not be considered invalid. However, it is not yet clear whether the electronic contract will be stamped, as the stamp payment process as proposed under the Stamp Act does not apply in the case of electronic contracts unless they are printed. In some cases, the parties to the agreement have the right to choose the law that will govern them in the event of a future disagreement. But this is not the case in all cases. Consequently, applicable law and the jurisdiction of the court are pending as the contract between the parties is not clear on such matters.
Conclusion and suggestion
The main reason why companies prefer cloud computing over any other. The last resort is because the information is stored online, to remove the risk of data loss or corruption. Cloud Computing has many errors that need to be corrected, for example, exist many privacy and security issues related to data retention online. Additionally, there is always the risk of losing internet communications that may interfere with the company’s operations. Experts in this field conclude that using cloud computing is much safest than many traditional ways of storing data such as hard disks, servers, etc. although companies are still at risk of data theft by any outsider access to the cloud protection system. The main reason why companies do not choose to access cloud services is due to a lack of protection or security. Then again, standard storage also refers to existing risks such as servers can be hacked by outsiders and hard disks can crash
into and destroy data. Coming to the Indian aspect, using cloud computing is a new and existing concept no law can govern and a law that is not clear. Questions about legal and operational powers have not been answered. However, companies are replacing traditional storage methods by creating cloud computing due to cost efficiency. The suggestion given to the authors is that cloud computing may not be ideal for all companies due to the various problems presented earlier, but it saves and deserves companies around the world to use it to store data that can be retrieved at any time in any part of the world.
Cloud computing technology is one of the most promising computer technologies for both cloud providers and buyers. But efficient use of cloud computing has a growing need to block existing security holes.
Certainly, the presence of official data protection and information laws will help to increase cloud security, as it will be a dark cloud for providers to fulfill all of these rules in their security operations and policies; but you do not need to have these rules to have data protection in the cloud as the lack of data security will prevent customers from entering the cloud, so even if there are no data protection laws cloud providers still have to apply strictly. information security policies.
The deployment model affects the level of security threats faced by cloud customers, as the company moves from private to public model security holes go up, these holes include common hacking threats, internet, and web browsers, and risks resulting from shared storage. among many employers.
As the customer progresses to the level of cloud computing up to software as a service level, the chances of it being hacked, each layer adds new security holes and potential risks, and strict security policies should be applied by a team of experienced security management. cloud provider.
[1] Winkler, V.J.R., “Securing the Cloud: Cloud Computer Security Techniques and Tactics”, Syngress, 2011, ISBN 978-1-59749-592-9
[2] Marchini, R., “Cloud Computing: A Practical Introduction to the Legal Issues”, BSI Standards, 2010, ISBN 978-0-58070-322-5
[3] Supra
[4] Directorate-General for Internal Policies, “Fighting cybercrime and protecting privacy in the cloud”, Policy Department C, Citizens Rights and Constitutional Affairs, European Parliament., 2012
[5] Hogan Lovells, “Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns”, [online] Available at http://www.cisco.com/web/about/doing_business/legal/privacy_compliance/docs/CloudPrimer.pdf
[6] Pearson, S., and Benameur, A., “Privacy, security, and trust issues arising from cloud computing.” Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on. IEEE, 2010
[7] Gartner, “Seven cloud-computing security risks”, [online] Available at http://www.networkworld.com/news/2008/070208-cloud.html
[8] H. R. Cong. Res. 3162 107 Cong. (2001) (enacted).
[9] European Union Privacy Directive 95/96/EC O.J. (L.281) 31. available at HTTP:// searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive (last visited Mar. 3, 2014)
[10] Health Insurance Portability and Accountability Act of 1996
[11] Lisa J. Sotto “Privacy and Data Security Risks in Cloud Computing”, 15 Electronic Com & L. Rep. (BNA) 186, 187 (2010).
[12] Lin Grimes & Simmons “Where Is the Cloud? Geography, Economics, Environment, and Jurisdiction in Cloud Computing available at http://www.uic.edu/htbin/cgiwrap/bin/ojs/ index.php/fm/article/view/2456/2171. (last visited Mar. 1, 2014)
[13] Mass. Gen. Laws Ann. Ch. 93 H & 2 (West Supp. 2010)
[14] Mark L. Austrian, International Cloud Computing Meets U.S.E-Discovery, available at http://www.kelleydrye.com/publications/client_advisories/0865 (last visited on Mar. 1, 2014).
[15] https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf
[16] Id
[17] Reema Patil, Notification of the Rules concerning Protection of Sensitive Personal Data and Information under the Information Technology Act, 2000, available at http://www.narasappa.com/resources/InformationTechnologyRules.pdf (last modified Jan. 14, 2014).
[18] Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, Gazette of India, part II section 3(1), R.7 (Apr. 11, 2011). 25 Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, Gazette of India, part II section 3(1), R. 3 (Apr. 11, 2011).
[19] Supra
[20] Rahukar, The Information Technology Rules, 2011 CLUB HACK MAGAZINE, http://chmag.in/article/apr2011/information-technology-rules-2011 (last visited Jan. 12, 2014).
[21] www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf
Author: Prathiksha Prabakar
Juris Centre 