Chapter 6
Protection and Privacy of Information Assets in the Cloud
No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.
—Article 12 of the Declaration of Human Rights, UN, 1948
One of the most significant barriers to entry for the adoption of cloud computing is the impact of security and the protection and privacy of information assets in the cloud.1 Thus, for the security, IT, or business professionals pursuing the adoption of cloud solutions, it is important to understand what differentiates cloud solutions, what is relevant from a data protection and privacy context, what are the potential legal and compliance implications, and how to approach the deployment or creation of cloud solutions.
In fact, there are three scenarios to be considered within the context of the cloud: how an organization consuming cloud-based solutions deals with the privacy and protection of information assets and incorporates this into its due diligence and cost and risk assessment as it adopts cloud-based solutions, how an organization providing cloud solutions deals with the privacy and protection of information assets, including their monitoring and risk management, especially keeping in mind the rapid and ongoing evolution of laws, and how regulatory organizations audit cloud solutions.
