Skip Navigation

NAID CEO stresses need for control in cloud at Cybersecurity Summit

8 May 2014

Earlier this week, NAID CEO Bob Johnson participated in a panel at the Cybersecurity Summit hosted by the Arizona Technology Council. Other panelists participating in the event included:

  • Bill Shinn, America’s Lead Principal Security Solutions Architect at Amazon Web Services
  • Kristen Rosati, President of the American Health Lawyers Association
  • Chris Bowen, Chief Privacy Officer at ClearData
  • Timothy Casey, Senior Intel Information Risk Analyst
  • Keith Core, Intel Information Security Specialist

When asked about emerging data destruction issues related to cybersecurity and the cloud, Johnson said the two biggest concerns are accountability and data ownership. Johnson pointed out that even though data custodians remain responsible for the security and proper destruction on personal data they store in cyberspace, cloud providers are extremely vague and often uncooperative with customers’ regulatory requirements. Johnson added that he is very concerned about what is characterized as “destruction” in the cloud.

“We get the distinct impression,” said Johnson. “That the large cloud providers simply disconnect the data controller from their data; they do not actually destroy it. This means it could still be subject to hacking or to legal discovery.”

Johnson also said cloud providers are extremely reluctant to recognize their roles as business associates or to take on any data protection-related liability.