ICO cloud advice ignores the monster in the shadows

Grazed from CloudPro. Author: Davey Winder.

The Cloud Market Maturity study, a joint effort between the Cloud Security Alliance (CSA) and ISACA, has revealed the major areas where confidence in the cloud is lowest across users in 50 countries. The third biggest concern was international data privacy, followed by legal issues, contractual lock-in and data ownership/custodial responsibility. That I have focused on points three to six in a top ten list is no accident.

For a start, the Corporate Cloud Computing Trends report from The451’s ChangeWave Research, apart from being a mouthful also surveyed more than a thousand business folk and discovered that the most popular use of public cloud services was in the software as a service (SaaS) sector,which should really come as no great surprise, yet it’s exactly this kind of public cloud service usage that could cause problems of across-borders data privacy, legal issues and data ownership…

Another document that has been published recently, much to the amusement of anyone with more than a smidgeon of common sense, was a data protection guide for cloud users from the Information Commissioner’s Office (ICO).

Among the items of genuine lunacy suggested is this gem. The ICO advises businesses that, in order to comply with the Data Protection Act (DPA), businesses should have a written contract with their cloud service provider (CSP) that prevents the terms of this ‘partnership’ from being altered without prior agreement; that way, any potential impact upon DPA provision can be cut off at the pass. Of course, that assumes your CSP caves in to such a contractually-binding agreement – which is about as likely as Jimmy Savile being canonised…

Read more from the source @ http://www.cloudpro.co.uk/cloud-essentials/cloud-security/4791/ico-cloud-advice-ignores-monster-shadows