Abstract
There are a number of risk domains that are relevant for information privacy and security in cloud-based scenarios and alternative deployment models, which require implementation of a number of controls. However, cloud service providers often take a one-size-fits-all approach and want all their customers to accept the same standardized contract, regardless of their particular information security and legal compliance needs. Taking ISO 27001 Information Security Management standard as a guide, we have employed the Delphi method with a group of cloud computing experts from around the world who are subscribed to the "Cloud Computing" group on LinkedIN to identify the most applicable controls in a generic cloud service provider-customer context. Based on these results, we use a sample of cloud computing customer service agreement as a case study to further discuss related contingencies. As a result, this chapter argues that a more balanced approach is needed in service contracts to ensure the maintenance of necessary service levels and the protection of cloud users.
| Original language | English |
|---|---|
| Title of host publication | Delivery and Adoption of Cloud Computing Services in Contemporary Organizations |
| Publisher | IGI Global |
| Pages | 409-434 |
| Number of pages | 26 |
| ISBN (Electronic) | 9781466682115 |
| ISBN (Print) | 1466682108, 9781466682108 |
| Publication status | Published - 31 Mar 2015 |
Bibliographical note
Publisher Copyright:© 2015 by IGI Global. All rights reserved.
Keywords
- Access control
- Information leakage
- Information privacy
- Information security
- Post termination assistance
- Privacy of third parties
- Service contracts
