Data Protection and the Cloud: Are the risks too great?
By Paul Ticher
4/5
()
About this ebook
An expert introduction
More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation’s use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.
Topics covered include:
- Protecting the confidentiality, integrity and accessibility of personal data
- Data protection responsibilities
- The data controller/data processor relationship
- How to choose Cloud providers
- Cloud security – including two-factor authentication, data classification and segmentation
- The increased vulnerability of data in transit
- The problem of BYOD (bring your own device)
- Data transfer abroad, US Safe Harbor and EU legislation
- Relevant legislation, frameworks and guidance, including:
- the EU General Data Protection Regulation
- Cloud computing standards
- the international information security standard, ISO 27001
- the UK Government’s Cyber Essentials scheme and security framework
- CESG’s Cloud security management principles
- guidance from the Information Commissioner’s Office and the Open Web Application Security Project (OWASP)
Mitigate the security risks
Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA’s eight principles.
Paul Ticher
Paul Ticher has over 25 years’ experience in the voluntary and public sectors as an information worker and manager, and has served as board member, trustee or governor of various local and national bodies. His data protection experience goes back as far as the Data Protection Act of 1984.
Related to Data Protection and the Cloud
Related ebooks
EU GDPR – An international guide to compliance Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Ultimate GDPR Practitioner Guide (2nd Edition): Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsIntro to GDPR: A Plain English Guide to Compliance Rating: 0 out of 5 stars0 ratingsData Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsThe Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5Data Privacy: A runbook for engineers Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsThe California Consumer Privacy Act (CCPA): An implementation guide Rating: 4 out of 5 stars4/5GDPR - Standard Data Protection System In 16 Steps Rating: 0 out of 5 stars0 ratingsCloud Computing: Assessing the risks Rating: 0 out of 5 stars0 ratingsCloud Security and Governance: Who's on your cloud? Rating: 1 out of 5 stars1/5GDPR-standard data protection staff training: What employees & associates need to know by Dr Paweł Mielniczek Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsCSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Security Concepts Rating: 5 out of 5 stars5/5Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsPCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance Rating: 5 out of 5 stars5/5Securing Cloud Services - A pragmatic guide: Second edition Rating: 0 out of 5 stars0 ratingsOutsourcing IT: A governance guide Rating: 3 out of 5 stars3/5
Computers For You
The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Elon Musk Rating: 4 out of 5 stars4/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsSQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsThe Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Alan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5
Reviews for Data Protection and the Cloud
1 rating0 reviews
Book preview
Data Protection and the Cloud - Paul Ticher
Resources
INTRODUCTION
This book is intended to be an introduction to the risks involved in cloud sourcing, and to enable managers to ask the right questions. Suggestions are offered for the kind of risks an organisation’s use of the cloud might generate, and the kind of remedial measures that might be taken. These are given as examples only and are not intended to be a substitute for qualified legal or technical advice. Other publications from ITGP, listed at the end of this book, address security in more detail.
Cloud security has to be a joint effort between the provider and the customer. The customer must select a provider with adequate security and other provisions; many of the topics discussed here will therefore be of equal interest to cloud providers. However, the customer’s responsibilities go further. Without a well-functioning information security process in place, selection of a secure cloud provider is only a half-measure.
In order to emphasise where the responsibility for data protection compliance normally lies, the customer for cloud services is more-or-less interchangeably referred to in this publication as the Data Controller.
The Data Protection Act 1998 is generally referred to as ‘the Act’ in this