Cloud Computing

Image

Businesses continue to be responsible for protecting their customers’ data, regardless of the cloud services they may engage. Finding the right cloud service provider, creating an appropriate contract and managing the relationship are all integral to taking advantage of all the benefits of cloud computing while protecting organizational data. Organizations need to work closely with cloud service providers to establish clear responsibilities for data protection and create mechanisms to monitor the activities of providers. This topic page offers tools and insight to get you on your way.

Featured Resources

Conducting DPIAs on Cloud Environments

This web conference assesses ways to reduce business risk and maintain compliance through data protection impact assessments when working in cloud environments.
Read More

EU’s new Cloud Code of Conduct

Samuel Stolton breaks down the new Code of Conduct, including its interplay with the EU General Data Protection Regulation and how it tackles international data transfers.
Read More

Guidance for a cloud migration PIA

In this piece for Privacy Tech, Leizerov offers some guidance for privacy professionals to consider when they conduct their next cloud migration PIA.
Read More


Latest News and Resources

VMware CPO leads cloud privacy efforts during a ‘cutting-edge’ time

A "renaissance" field. That’s how VMware Vice President and Chief Privacy Officer Stuart Lee, CIPP/E, CIPP/US, CIPM, FIP, describes the privacy profession. And it’s a particularly “cutting-edge” time, said the multi-cloud service provider’s global privacy operations leader.   “We get to interpret new and exciting technologies and policies into something that can really make a meaningful change for our business and for our stakeholders, and the challenge is you’ve got to be able to think about h... Read More

NIST releases draft reports on cloud security

The U.S. National Institute of Standards and Technology announced its National Cybersecurity Center of Excellence published draft reports examining various aspects of hardware-enabled security for cloud systems. The reports cover techniques and technologies that can improve platform security, an approach for safeguarding container deployments in multi-user cloud systems, and an example solution for leveraging hardware roots of trust to oversee enforcement of security and privacy policies on clou... Read More

Cloud Controls Matrix

The Cloud Security Alliance Cloud Controls Matrix is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized ... Read More

Transition to the cloud: Managing your agency's privacy risks

New South Wales Information and Privacy Commissioner Samantha Gavel released a guide to help government agencies implement privacy practices when implementing cloud-based technologies, The Mandarin reports. The guide explains privacy risks and potential impacts, including harm to individuals, and provides a framework and checklist to manage risks, including data and training practices. “Being a part of the digital evolution of New South Wales and making the most of data assets requires the adopt... Read More

Definitions

Cloud Computing

The provision of information technology services over the Internet. These services may be provided by a company for its internal users in a "private cloud" or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage, and can be subdivided into different types of service models.... Read More

Online Data Storage

Refers to the storage of data by a third-party vendor made accessible through the Internet.(Hosted storage, Internet storage, cloud storage) This is a common data storage alternative to local storage, such as on a hard drive, and portable storage, such as a flash drive. Associated term(s): Cloud Computing... Read More

Contracts

Web Conference: Negotiating and Preparing Cloud Contracts

Tanya Forsheit, CIPP/US, and David Navetta, CIPP/US, explore the RFP, due diligence and contract negotiation processes in cloud computing deals through both a legal and operational lens, and how those processes are crucial in identifying, assessing and addressing your organization’s privacy and data security risks given the current legal landscape. Read More

Compliance

Meeting the Challenges of Privacy, Security and Compliance in the Cloud

The dramatic growth in the use of cloud computing services by enterprises of all sizes and industries has created new challenges for corporate privacy and security officers. The economic and strategic benefits of the cloud are too great to forego. However, entrusting critical applications and sensitive data to third-party services requires careful review of vendor compliance with laws, regulations and standards. Balancing the benefits of the cloud with the fundamental requirements of privacy a... Read More

How to manage global data under CLOUD Act governance

It’s common knowledge that the U.S. government, with a subpoena or warrant, can compel companies to disclose data about companies and individuals. All governments have some type of legal capability to request data from information providers. What is surprising to many, even those of us in IT, is that with the Clarifying Lawful Overseas Use of Data Act, the U.S. government can compel a U.S. company that is hosting data in another country to comply with such information requests. For example, if ... Read More

Cloud Computing Contracting and Compliance: Why All Privacy Pros Need to Get Up-to-Speed

The cloud is going mainstream. Many organisations are embracing cloud computing enthusiastically as a means to improve business processes while, potentially at least, making substantial cost savings along the way. Others, meanwhile, are proceeding at a more measured pace. Cautious adopters include companies that operate in heavily regulated sectors such as financial services and healthcare, as well as many government agencies and other large organisations with substantial investments in legacy IT systems and processes. Whatever sector you work in, however, it is time to get to grips with cloud computing and, in particular, the privacy implications of cloud procurement and deployment arrangements. Read More

Web Conference: EU Cloud Computing Privacy Guidance

Join our expert panel to hear what this paper contains and how it compares to positions taken by regulators in other parts of the world. Specifically, we’ll look at law enforcement access issues including the USA PATRIOT Act. The panel will also cover the complex contractual issues—some unrelated to privacy–that cloud contracts present. Read More

Security

Security Guidance for Critical Areas of Focus in Cloud Computing

This Cloud Security Alliance guidance seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment. Read More

Protecting Data and Privacy in the Cloud

This white paper outlines Microsoft's approach and processes to ensure that customers’ data in their enterprise services remains private. After discussing the issues surrounding privacy in the cloud, they discuss the ways in which they ensure their services protect privacy when building services, to operating the services in the datacenter, to ensuring their customers make informed choices to protect their data privacy in the cloud. Click To View (PDF) ... Read More

Healthcare

Considering the Cloud: How healthcare organizations can navigate the techno-compliance waters and keep ePHI secure

Healthcare in the United States has quickly undergone a significant transformation. With implementation of the HITECH Act of 2009, by the end of 2010 most office-based doctors—57 percent—were using electronic medical records. The Affordable Care Act, passed in March 2010, added another incentive to the market to adopt new technology by encouraging the creation of Accountable Care Organizations (ACO) to organize knowledge, technology and healthcare teams around the needs of the patient. Read More