Management of privacy and security in cloud computing: Contractual controls in service agreements

Deniz Tuncalp*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

There are a number of risk domains that are relevant for information privacy and security in cloud-based scenarios and alternative deployment models, which require implementation of a number of controls. However, cloud service providers often take a one-size-fits-all approach and want all their customers to accept the same standardized contract, regardless of their particular information security and legal compliance needs. Taking ISO 27001 Information Security Management standard as a guide, we have employed the Delphi method with a group of cloud computing experts from around the world who are subscribed to the "Cloud Computing" group on LinkedIN to identify the most applicable controls in a generic cloud service provider - customer context. Based on these results, we use a sample of cloud computing customer service agreement as a case study to further discuss related contingencies. As a result, this chapter argues that a more balanced approach is needed in service contracts to ensure the maintenance of necessary service levels and the protection of cloud users.

Original languageEnglish
Title of host publicationWeb-Based Services
Subtitle of host publicationConcepts, Methodologies, Tools, and Applications
PublisherIGI Global
Pages1585-1610
Number of pages26
ISBN (Electronic)9781466694675
ISBN (Print)1466694661, 9781466694668
DOIs
Publication statusPublished - 9 Nov 2015

Bibliographical note

Publisher Copyright:
© 2016, IGI Global.

Fingerprint

Dive into the research topics of 'Management of privacy and security in cloud computing: Contractual controls in service agreements'. Together they form a unique fingerprint.

Cite this