Ethical Issues: There are two main ethical theories: the deontological approach claims that actions, regardless of the solution are either right or wrong no middle ground; and, the utilitarian approach focuses on how the end justifies the means. Several ethical issues can arise from the development of cloud computing. At present, IT professionals are producing some decisions related to cloud computing that could have indispensable results in time to come. These professionals make decisions about how to maintain and store the data. However, they must consider ethical concepts when making such decisions. Miller (2010) underlines that to practice ethical methods of utilitarianism concerning cloud computing technology, should be viewed as everyone’s utility. Similarly, IT professionals must be capable of developing new standards, policies and designs considering a user who will make use of cloud computing. Delegating data control to the cloud, contrarily leads to a hike of data compromise, as the data becomes accessible to a large number of users. A number of concerns arise regarding the issue of multitenancy. Multi-tenancy is an architecture in which an instance of a software system serves multiple users which may lead to personal data breach’. Dating back to 19th of January, 2012, the data sharing website titled Megaupload.com was frozen by the United States Department of Justice for allegedly granting its users access to copyrighted documents free of charge. This practice may be deemed one of the biggest criminal copyright cases ever reported by the United States targeting the misuse of a public data storage and distribution site to violate intellectual property right and facilitate intellectual property crime. Intellectual property refers to creative work which can be regarded as an asset or electronic property of a person. Intellectual property (IP) is something unique that one mentally creates, such as music files, e-book, and dramatic work. It could be said that professional artist would oppose the sharing of his or her creative and original work for free without any benefit to him or her. However, web piracy and free digital data sharing are regular practices supported by numerous websites. However, the consequentialist theory will be use to analyse Megaupload’s case. As the name implies, consequentialism relates to the doctrine that the wellbeing of the public is of high preference. It otherwise means that if an individual can make the general public happy, actions should be executed for such purpose. The purpose of Megaupload was to share things the users would benefit from, such as movies, books, and music where knowledge, culture, and entertainment can be derived from.
Social Issues: Cloud computing possesses many benefits, but it has a cost. For instance, if more computer resources such as storage, and network bandwidth are required, they have to be bought. In some cases, however, they could be quite unaffordable for some users. The kind of people that will be deprived of the use of cloud computing would be those who cannot pay for the service. In cloud computing, there is limited control and flexibility. Cloud users have limited control over the capacity and execution of their hosting infrastructure. Cloud provider’s End-user license agreements (EULAs) and management rules might impose limits on what customers can do with their deployments. Cloud users are limited to the control and management of their data, applications, and services. Professional issues: A professional code of conduct is a necessary component of any profession to maintain a standard for the users within that profession to adhere. An example of a code of conduct that governs IT professionals in the UK is the British Computer Society (BCS) code of conduct.
An important issue that needs to be addressed is how cloud computing makes it easy for cloud administrators to access other user’s information and confidential details, without that customer necessarily knowing that their information is being tampered with. Cloud employees also make a profit by selling the information to third-parties. This negligence goes against the BCS Code of Conduct section 2(G) which states “professionals shall reject and will not make any offer of bribery or unethical inducement”. Another typical issue that exists in the running of cloud-based services is the loss of control over data. Data could be compromised by a cloud administrator or another competitive enterprise which are subscribers with the cloud computing providers. Customers are kept in the dark on how, why, when, and where their data is processed. Data stored in the cloud is vulnerable; it might be compromised or breached. The information is distributed to different data centres. Big data centres are always the target of hackers. If there is laxity in the network configuration, an unauthorised person could break in and have access to the data stored on the server.
Legal issues: The Data Protection Act (1998) states that: “Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes”. This law enforces the processing of confidential data adequately and lawfully. The main purpose of this principle is to guide the interests of the individuals whose personal data are being processed and the information is in line with the acceptable expectations of the users concerned. Chris Reeds (2015) states that “cloud users and those whose information is processed by cloud vendors are generally concerned that they may in one way or another lose their legal rights to that information once it gets in the cloud”. According to Agarwal (2010), the current location of the data, the responsibility for the data and intellectual property rights must be considered before subscribing to any cloud computing service. Cloud service providers must always adhere to Data Protection Act when storing information about others.
The Data Protection Act (1998) assures the privacy and integrity of data held on individuals by businesses and other organisations. The law gives the users the assurance that only them have access to their data and can change any detail in it. There are some important legal issues which a subscriber needs to be aware of before having an agreement with some cloud service providers. One of the legal issues which will be discussed in this report is more relevant for business owners who are planning to have their information stored in the cloud. In terms of legal issues, the following possible scenario may be considered. If a dispute arises between parties that belong to different jurisdictions, the place of settlement becomes a dilemma. That is, in a situation whereby conflict occurs between the cloud administrator and the client, which country’s court system will settle the dispute becomes an important issue. Take for instance the situation where a business owner in Japan and the cloud service provider is based in the US. The cloud administrator will definitely address the case in an American court, but as a customer, questions may arise as to whether the users concerned will have the financial capabilities to get the issue settled in a different jurisdiction of another country. This is a typical legal challenge cloud users face.
Summarily, cloud computing bears many benefits, but it also raises several significant issues. When digital assets are stored in a big datacenter around the globe, the data could become a target for unauthorised persons or be misused by cloud employees. The customer or cloud user is entitled to know the current location of the data and where it is being processed, so the client will be aware of the jurisdiction of that particular country regarding cloud service in case there is any privacy breach. Cloud service providers should ensure the safe keeping of stored information, and also have a secured network configuration, to avoid unauthorised persons from gaining access to the stored information. On the other hand, business organisations need to consider information security specialists in the vendor selection process who will check in details how the current security standards will be met.