Checklist Secure Cloud Computing : Part 2

Checklist for secure Cloud Computing is the continuation of previous article which addresses preliminary issues for many available Cloud solutions. Obviously, you will want to read the first article on Checklist for secure Cloud Computing from here. We will discuss three among the remaining points – Privacy, Technical and organizational measures, Transparency and Notification. Rest three fully oriented to data and will be again discussed as the final article of this series – checklist for secure cloud computing.

Checklist Secure Cloud Computing : Privacy and Reliability

In reference to secure cloud computing, experts has formulated the basic principles that have prevailed throughout some parts of the World now. These Nations, in accordance with the Federal Data Protection Act, hire only suppliers those provides a mutually reliable data protection. That is, the data owner knows the person responsible for the Privacy Processors or the processor has his personal obligation to maintain data confidentiality.

Processor performs regular mandatory training courses through valid certificates such as ISO 27001, attest to the reliability of the solution. These certificates should indicate that the operation of the solution is safe and there are no risks for operational usage by the customer. The processor should know the regulatory authority and should make a statement for regulatory privacy requirements exclusively from the reliable vendors to create the conditions for a secure cloud. The processor should only use reliable software solutions to create the conditions for a secure cloud.

Checklist Secure Cloud Computing : Technical and Organizational Measures

Of course, the data owner or client should be interested in the technical and organizational measures (TOM) or the same for the suppliers. These include preventing unauthorized access to data processing equipments, with which personal data are processed or used to deny (access control), to prevent data processing systems by unauthorized persons access control can be used, to ensure that the users data-processing system can access only the authorized data, not personal data during the processing, access control must be used; to ensure that the personal data during electronic transmission on the storage on disk can not be read, copied, modified or removed and can be checked may be during transportation or it can be found out that which bodies transfer personal data by which data communication equipment, so that the later can be checked and determined whether it was accessed at all and by whom it was changed or removed (input control). Ensure that personal data are processed only in accordance with the instructions of the customer (job control). Ensure that the personal data are protected against accidental destruction or loss. Ensure that the data collected for different purposes can be separately processed.

Checklist Secure Cloud Computing : Transparency and Notification

The outsourcing of services is automatically connected to the insourcing of risk. For example, a data loss, the professional cloud provider must ensure that the data owner will be informed immediately. Also, the reporting of critical events is one of the duties and obligation of the Processor.

So, this ends the second part of Checklist Secure Cloud Computing and here is the last and final part.