Description
IT Governance Publishing Data Protection and the Cloud Are the Risks Too Great? by Paul Ticher,It Governance Publishing
An expert introductionMore than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.Topics covered include:Protecting the confidentiality, integrity and accessibility of personal dataData protection responsibilitiesThe data controller/data processor relationshipHow to choose Cloud providersCloud security - including two-factor authentication, data classification and segmentationThe increased vulnerability of data in transitThe problem of BYOD (bring your own device)Data transfer abroad, US Safe Harbor and EU legislationRelevant legislation, frameworks and guidance, including:the EU General Data Protection RegulationCloud computing standardsthe international information security standard, ISO 27001the UK Government's Cyber Essentials scheme and security frameworkCESG's Cloud security management principlesguidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)Mitigate the security risksMitigating security risks requires a range of combined measures to be used to provide end-to-end security.Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.