Checklist for secure Cloud Computing preliminary answers and support the decision makers in reviewing the many traded on the market solutions for collaboration. We need to think about what companies we want to use services of, the compliance policy with data protection and at the many more things.
Introduction to Checklist for secure Cloud Computing
The following Checklist for Secure Cloud Computing is preliminary answers and support decision makers in reviewing the many, trades on the market who delivers Cloud solutions for collaboration. Even in the age of Internet monitoring programs such as “PRISM” that can give a potential threat to the work environment for cross-sectoral collaboration on confidential information and documents which can be affected by the intelligence eavesdroppers. The checklist is based on recommendations of the by the Experts.
Checklist for secure Cloud Computing
Involved Instances
---
First the horses and riders must be named. This means you need to be determined in advance of working with a cloud provider for the privacy side for responsibility. It is about transparency. You have to know who is in the game. The data owner or the controller is called the company, which seeks a solution for secure collaboration in the cloud. Processor is referred as the solution provider of a web-based security platform for the safe and code-compliant exchange of confidential data and documents.
The subcontractors are mandated by the solution provider. This includes the servicer provider, a certified data center, which operates the solution and can give you information on where the data will be saved in our example. The data owner should be the complete list of subcontractors, including all subsidiaries. On cloud computing there are numerous parties involved. An example: In the context of two-factor authentication with password and SMS TAN for access to the platform, an SMS is sent to the mobile phone of the employees from a data center. To clarify the following questions : Who sent this text message in advance and get the mobile number? What about NSA?
Data Categories and Spatial Determinability
This is about the all-important question : What data is in the cloud and then where are these exactly? That may be irrelevant if a company provides only “boring” noncritical data such as company name, address, email and phone number. But as soon the migrated data is with reference to persons in the cloud, for example, information about the health status of an employee, the record or other personal characteristics, it is the noisy (Act) Federal Data Protection Act essentially to store this data in a specific, contractually specified region and the storage at any time to locate. Therefore, providers such as Amazon, Google and Microsoft fall through the cracks for secure cloud computing : You can not find out the location and name fast enough.
Inspection and Audit Rights
Before the law of the data sneaking methods became apparent, cloud had placed the safe working environment itself. Therefore, it stands to reason that the client secures as much as possible themselves before the contract gets as much insight into the requirements and benefits. We distinguish the full live audit in which the Lords looks at the live data and questions the processor and the subcontractor who provides the audit is written self-report, in which up to 20 questions are listed, the answer is the formulation of about 10-20 checkpoints that are typical and essential for a reliable cloud solution and the Audit via remote session, in which the data owner is switched on and gets the solution presented in the online meeting.
