How to write security into a cloud contract

Grazed from FierceCIO. Author: Caron Carlson.

Enterprises have been loud and clear about ongoing security concerns regarding cloud computing, but by and large, vendors haven’t responded with robust service level agreements or any other reassuring controls, experts say. Customers should be on the lookout for nine controls that could relieve their concerns, reports Brandon Butler at Network World. One of the most effective security provisions customers should ask for in a cloud contract is a certificate that shows data is deleted when the contract expires. This is not at all common, Butler notes, but it is legally defensible.

Other highly effective provisions would include a disaster recovery clause and a clause that establishes that the provider is responsible for the customer’s losses if a security breach occurs. Unfortunately, these provisions are also non-existent today…

Far more common are provisions that outline reimbursement for downtime and the customer’s right to evaluate a provider’s security measures. However, analysts don’t consider these measures very effective in protecting the security of the customer’s data. The same is true for hacking insurance, which is still rare but becoming more common. A more effective security provision would allow customers to audit the provider on demand, but this isn’t seen very often either…

Read more from the source @ http://www.fiercecio.com/story/how-write-security-cloud-contract/2012-11-28