Cloud computing – data privacy and compliance

Home » CLOUD COMPUTING » CLOUD SECURITY » Cloud computing – data privacy and compliance

Cloud computing – data privacy and compliance

Often, when the cloud computing discussion takes off, especially in relation to public clouds, one recurring issue soon emerges, namely, the the issue of data privacy and responsibility. It seems clear that different legislations related to data privacy and, especially, cross-border transfer of data is causing a lot of uncertainty and retention by many IT managers considering cloud services. Especially does this relate to certain type of data, e.g. financial information, health records and personal identifiable information. With the global distribution of data centers and the opaque

nature of data location in many cloud services – e.g. do you actually now where your Google Apps information is physically stored? – complicates matters further. Compliance with local regulatory issues can be a thorny and sensitive issue, especially for organizations. There are many questions that arise concerning data privacy, accessibility and administration, such as:

Data seizure due to legal investigation – organizations need to adhere to local legislation
What is the accessibility of local authorities to data under investigation residing in a different jurisdiction
Fear of infringement of data protection rights due to seizure of a server in the host jurisdiction
Data losses caused by cloud provider and unauthorized disclosures in the cloud
The cloud provider goes bankrupt – what happens to my data

If an organization migrates data, application or processes to a cloud provider in another jurisdiction it is still fully responsible for that data and needs to apply to local data protection legislation and regulations when handling personal data. In a public cloud environment this can be difficult as the organization is unlikely to know if and when data is moved, where and how it is stored and, sometimes, who has access to it and what particular security measures are in place. Therefore, it is quite possible that a dispute can arise about who is actually responsible for data protection compliance. Organizations need to be particularly careful when selecting a third-party cloud provider with this in mind and should in all circumstances require a written declaration describing how the provider will address compliance with local legislation and provide assurance in the event of data losses or unauthorized disclosures. Even better, requesting SLAs and certifications of quality and operational control, e.g. equivalent to a SAS 70 Report – Type II (Statement on Auditing Standard 70).

Categories: CLOUD COMPUTING, CLOUD SECURITY

0 comments:

About Me & My Blog

Hello guys I am Sourav Kumar Patel I am pursuing my BE degree from IIT Kanpur in Computer Engineering. One of the top wellknown and reputed colleges of India.

I am interested in how computing is creating new opportunities for enterprises of all sizes and how “Clouds”, or cloud services, in general are truly changing the landscape of traditional IT and telco services, resource and service provisioning.

With this blog, my objective is to create an interesting blog site that contains relatively short posts (articles), explaining some of the key elements related computing, technologies and services as well as to publish related news summaries and, finally, to add my own opinions when appropriate.

Please feel free to add your comments to my posts and I will try to answer any questions the best I can.

Tech Lover 9

Pages