Discover millions of ebooks, audiobooks, and so much more with a free trial

Only $11.99/month after trial. Cancel anytime.

Data Protection and the Cloud: Are the risks too great?
Data Protection and the Cloud: Are the risks too great?
Data Protection and the Cloud: Are the risks too great?
Ebook82 pages1 hour

Data Protection and the Cloud: Are the risks too great?

Rating: 4 out of 5 stars

4/5

()

Read preview

About this ebook

An expert introduction

More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation’s use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.

Topics covered include:

  • Protecting the confidentiality, integrity and accessibility of personal data
  • Data protection responsibilities
  • The data controller/data processor relationship
  • How to choose Cloud providers
  • Cloud security – including two-factor authentication, data classification and segmentation
  • The increased vulnerability of data in transit
  • The problem of BYOD (bring your own device)
  • Data transfer abroad, US Safe Harbor and EU legislation
  • Relevant legislation, frameworks and guidance, including:

 

  1. the EU General Data Protection Regulation
  2. Cloud computing standards
  3. the international information security standard, ISO 27001
  4. the UK Government’s Cyber Essentials scheme and security framework
  5. CESG’s Cloud security management principles
  6. guidance from the Information Commissioner’s Office and the Open Web Application Security Project (OWASP)

 

Mitigate the security risks

Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA’s eight principles.

LanguageEnglish
Publisheritgovernance
Release dateFeb 9, 2015
ISBN9781849287142
Data Protection and the Cloud: Are the risks too great?
Author

Paul Ticher

Paul Ticher has over 25 years’ experience in the voluntary and public sectors as an information worker and manager, and has served as board member, trustee or governor of various local and national bodies. His data protection experience goes back as far as the Data Protection Act of 1984.

Related to Data Protection and the Cloud

Related ebooks

Computers For You

View More

Related articles

Reviews for Data Protection and the Cloud

Rating: 4 out of 5 stars
4/5

1 rating0 reviews

What did you think?

Tap to rate

Review must be at least 10 words

    Book preview

    Data Protection and the Cloud - Paul Ticher

    Resources

    INTRODUCTION

    This book is intended to be an introduction to the risks involved in cloud sourcing, and to enable managers to ask the right questions. Suggestions are offered for the kind of risks an organisation’s use of the cloud might generate, and the kind of remedial measures that might be taken. These are given as examples only and are not intended to be a substitute for qualified legal or technical advice. Other publications from ITGP, listed at the end of this book, address security in more detail.

    Cloud security has to be a joint effort between the provider and the customer. The customer must select a provider with adequate security and other provisions; many of the topics discussed here will therefore be of equal interest to cloud providers. However, the customer’s responsibilities go further. Without a well-functioning information security process in place, selection of a secure cloud provider is only a half-measure.

    In order to emphasise where the responsibility for data protection compliance normally lies, the customer for cloud services is more-or-less interchangeably referred to in this publication as the Data Controller.

    The Data Protection Act 1998 is generally referred to as ‘the Act’ in this

    Enjoying the preview?
    Page 1 of 1