Security and privacy are often mentioned in the same breath, but they are not similar. It is a fact that both of them are important for trustworthiness of a system. However, when it comes to cloud computing, security tends to draw more attention and concern. But that does not mean that privacy can be compromised in anyway. Privacy maintenance in cloud is mainly the responsibility of service providers but consumers should also be conscious about their own privacy while drafting the service-level agreement (SLA).
Regulatory compliance is another issue that has taken a complicated shape in the context of public cloud computing facility. It often becomes difficult to fulfill all legal compliance requirements in a cloud environment where data centers of a service provider are spread across the globe and more often consumers do not know where (in which country or region) their data are being stored. Cloud consumers must be aware about their responsibilities regarding the information privacy and regulatory compliance maintenance, apart from checking service provider's reputation and approach towards maintenance of these issues.
Apart from these, this chapter discusses GRC (governance, risk and compliance) issue as another important concern of any business and how the issue becomes more prominent with adoption of cloud computing services for businesses. Regular auditing of these issues may help identify any violation. Standard audit frameworks exist, which when adopted for auditing cloud services can help build trust among the consumers.
A common misconception is that data privacy is a subset of information security. But, security and privacy do not mean the same.
WHAT IS PRIVACY?
Both security and privacy are interrelated but it is a misconception that privacy is a part of information security. Rather, privacy brings its own set of concerns. Privacy of personal kind of information may be very sensitive and needs special attention.
In line with the concerns about the security of a cloud system, consumers need to be careful about the privacy of their data before they use services or enter into a contract with any cloud vendor. Who owns the data? Who has access to it? How many copies are being maintained? Will the data be erased in the event the customer changes the service provider?
Review the options below to login to check your access.
Log in with your Cambridge Aspire website account to check access.
If you believe you should have access to this content, please contact your institutional librarian or consult our FAQ page for further information about accessing our content.