Cloud Data Management Policies: Security and Privacy Checklist

Abstract

Organizations have complex enterprise data policies, as well as legal and statutory constraints, that require compliance. Such policies are today enforced on internal resources that are completely controlled by the organization. On moving to a cloud based solution, the organization has to often hand over this control to the service provider. Hence, acquiring cloud services requires significant human intervention and negotiation -- people have to check whether a provider’s service attributes ensure compliance with their organization’s constraints. It is critical to ensure security and privacy of data on the cloud. In fact security concerns are one of the key adoption barriers of cloud services, especially for public or hybrid cloud deployments. Multi-tenancy related security/isolation issues and cross domain cloud access/authorization are some of the important privacy issues that organizations are concerned about. In this paper we define the critical security and privacy policies that an organization adopting cloud computing must formulate to ensure their enterprise data policies and constraints are addressed by the cloud provider. These policies are part of an essential check list that should be referred to by every organization migrating to the cloud.