Cloud Computing


Cloud Computing Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to cloud computing.

Featured Resources


Conducting Data Privacy Impact Assessment on Your Cloud Environments

This web conference assesses ways to reduce business risk and maintain compliance through data protection impact assessments when working in cloud environments.
Read More


What’s behind the EU’s new Cloud Code of Conduct?

Samuel Stolton breaks down the new Code of Conduct, including its interplay with the EU General Data Protection Regulation and how it tackles international data transfers.
Read More


Guidance for a cloud migration PIA

In this piece for Privacy Tech, Leizerov offers some guidance for privacy professionals to consider when they conduct their next cloud migration PIA.
Read More


Changing Privacy and Stakeholder Management for a Cloud-First World

This webinar discusses how an increase in hybrid and remote work has blurred the lines between work and personal activities, resulting in more personal data being generated, retained, shared and accessed across a multitude of devices and clouds.
Read More


How to manage global data under CLOUD Act governance

This article explains how companies can manage global data under the CLOUD Act.
Read More


Talking Tech for Privacy Pros

This white paper series explores various sectors of the privacy technology landscape, including computer science, cloud computing and databases.
Read More

Additional News and Resources

VMware CPO leads cloud privacy efforts during a ‘cutting-edge’ time

A "renaissance" field. That’s how VMware Vice President and Chief Privacy Officer Stuart Lee, CIPP/E, CIPP/US, CIPM, FIP, describes the privacy profession. And it’s a particularly “cutting-edge” time, said the multi-cloud service provider’s global privacy operations leader.   “We get to interpret new and exciting technologies and policies into something that can really make a meaningful change for our business and for our stakeholders, and the challenge is you’ve got to be able to think about h... Read More

Cloud Controls Matrix

The Cloud Security Alliance Cloud Controls Matrix is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized ... Read More

Data privacy startup creates data security cloud platform

Data privacy startup Securiti launched its data security cloud platform, DataControls Cloud, while it raised $75 million in Series C funding, TechCrunch reports. The data security cloud is intended to “provide a layer of data protection wherever the data lives,” which could be a major infrastructure provider like AWS or a software-as-a-service application like Salesforce.Full Story... Read More

NIST releases draft reports on cloud security

The U.S. National Institute of Standards and Technology announced its National Cybersecurity Center of Excellence published draft reports examining various aspects of hardware-enabled security for cloud systems. The reports cover techniques and technologies that can improve platform security, an approach for safeguarding container deployments in multi-user cloud systems, and an example solution for leveraging hardware roots of trust to oversee enforcement of security and privacy policies on clou... Read More

Transition to the cloud: Managing your agency's privacy risks

New South Wales Information and Privacy Commissioner Samantha Gavel released a guide to help government agencies implement privacy practices when implementing cloud-based technologies, The Mandarin reports. The guide explains privacy risks and potential impacts, including harm to individuals, and provides a framework and checklist to manage risks, including data and training practices. “Being a part of the digital evolution of New South Wales and making the most of data assets requires the adopt... Read More

Managing data breaches in the cloud

The day-to-day business penetration of cloud services has reached an all-time high and is expected to grow further in 2020. With the adoption of cloud services, the regular data controller and data processor setup is also becoming more obsolete and transforms into a data controller (regular data processor), one or more cloud service provider (sub-processor), or data controller (one or more CSP data processors set up in the EU). This implies the threat landscape and privacy risks data controllers... Read More

Open cloud server exposes 200M user records

CyberNews reports researchers discovered an unsecured Google Cloud database containing the personal information of more than 200 million Americans. The server belonged to an unidentified party and contained full names, email addresses, phone numbers and financial information related to mortgage loans. The data was exposed for an unknown period of time before an unidentified party deleted the information March 3. Meanwhile, U.S. District Court Judge Charles Breyer in San Francisco has granted fin... Read More

Thinking through ACL-aware data processing

Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. Once we step into... Read More