Primary characteristics of cloud computing are IT services on-demand, great flexibility and scalability - often called elasticity. Resources are to some or large extent shared with other users of the same cloud - multi-tenancy.
In principle there is nothing in the way of processing and storage of personal identifiable data in the cloud, but all relevant security rules and guidelines must of course be observed. This is easier to say than to implement. Nature of Personal Data may also be crucial. Both email addresses and disease information may be 'personal', but security requirements for them are different. It is important to note that the european privacy directives are older than any cloud service, and that when the DPA uses the law text on cloud computing services, it generates often a series of questions to both users and suppliers that can be more than difficult to answer.
SPI is an acronym for SaaS, Paas and IaaS, which are respectively "Software as a Service", "Platform as a Service" or "Infrastructure as a Service".
It depends on many factors such as whether you choose SaaS, Paas or IaaS, and whether the cloud is private, public, hybrid or "community"-based. For companies without special IT security competencies, e.g. many small or medium sized businesses without a dedicated IT security function, cloud computing could probably provide better security than they would be able to establish, not least maintain them selves.
Both... but for different reasons. For some large companies the cloud business case are better than what small businesses can achieve. Simultaneously, cloud computing provides small and medium sized businesses economical attractive access to professional IT operations and resources that were previously reserved to companies with much larger IT budgets.
There are plenty of examples all over the world. However, privacy issues and security issues often stand in the way for further cloud computing.
Yes, if the security people do not want to be consulted in the future, just say no to the cloud now.
Yes. Besides the natural differences between Software,
Platform or Infra-Structure as a service, there are also -
sometimes large - differences in the security facilities provided
by different vendors. Neupart has surveyed the security of Google,
Force.com and Microsoft Azure. Download the report
Cloud Security Alliance (CSA) is a "nonprofit" organization, which implements a wide range of initiatives in cloud security. For example, CSA publishes a free guide and instructions on cloud security. Members are a variety of vendors and corporate users of cloud computing, in addition to individuals. That combination gives a good weight behind the association and its initiatives. Other initiatives from CSA includes a GRC stack with a "control matrix". The matrix has a series of "controls" with relevance to cloud security, each mapped up to ISO 27001, PCI, COBIT, NIST and more.
CCSK is a certification issued by Cloud Security Alliance. The abbreviation means Certificate of Cloud Security Knowledge. CSA now works wih approved training providers. Neupart is the first CSA partner in Europe to offer CSA's original CCSK preparation course. In this course, you can enhance your knowledge about cloud security and prepare to take the optional certification test.
EU's security office, ENISA has published an excellent guide on how a business can do risk assessesment of cloud providers.
Neupart, an ISO 27001 certified company, provides an all-in-one IT GRC solution allowing organizations to automate IT Governance, Risk and Compliance management. Whether you need to manage evolving business risks or achieve continuous compliance with PCI DSS, ISO 27001, Sarbanes-Oxley, CSA, ENISA or WLA SCS, Neupart allows you to respond effectively - in the cloud or on the ground. More than 300 organizations worldwide are Neupart customers, including governments, utilities, banks and insurance firms, IT Service providers and lotteries. Learn more ..
Denmark +45 7025 8030
Germany +49 2102 420926