Special Requirements For Data Security in the Cloud are Realized Primarily by Legislature with the Help of Committees and Working Groups. In the previous article, we have discussed about the Technical Aspects of Data Security in the Cloud. In this article, we will describe the working groups, their goals; as well as standards and certifications in the context of Data Security in the Cloud.
Special Requirements For Data Security in the Cloud : Legislature
In different countries, different ministries are interested in setting standard and regulation for the safety in cloud computing. These usually include the Ministry of Economics and Technology, the Ministry of the Internal Affairs and Ministry of Security in Information Technology.
With the technological competition, Safe Internet Services and Secure cloud computing for the SMEs and the public sector is given prime importance, secure and legally compliant cloud computing solutions continues to be white and blacklisted. Overall, most governments are keen to continue to promote the topic of Cloud Computing. This is true for all high GDP (PPP) countries like India, EU Countries etc. Obviously, US specially is not considered here and economically deprived countries, countries with special rigid or lax laws (like China, Russia) are also excluded.
Special Requirements For Data Security in the Cloud : Standards & Certifications
The goal of standards is to create comparable systems, and it is independent of which provider of the cloud services is selected. Any vendor with the certified standard should therefore be able to guarantee the defined standard protection, defined standard quality or downtime.
Two important standards for cloud services are described in ISO27001 and ISO27002. These standards define the IT Baseline Protection and monitoring guidelines. It is not developed specially for the cloud standards, but only to provide general IT policies.
In terms of cloud systems, standardization is not yet very advanced. The relevant committees and working groups has only reached the consolidation phase, from these the standards will be developed. The aim with regard to standards for cloud systems should include the possibility to combine different cloud service providers to export their services or data to other providers, and include a unified rights management, identities and monitoring.
Adherence to standards and the presenting of certificates allows the CSP easier to convince the end users of its services. The end user can go in reverse from the fact that it is a professional service provider. With standards and certificates can thus be created in a simple way trust between suppliers and end users.