The European Commission, Germany, and the International Standards Organization (ISO) have all recently released guidelines on the standardization of service level agreements for cloud services providers. The EU Commission guidelines were issued in June 2014 and focus on security and data protection in the cloud, including the availability and reliability of the cloud service, the quality of support services, security levels, and how to better manage data. Germany’s Federal Office for Information Security (BSI) also recently issued its Cloud Computing Safety Guidelines. The BSI is the IT security service for the federal government in Germany, which offers recommendations to private and commercial users of information technology to avoid security threats such as identify theft, misuse of cloud accounts, denial of service attacks, and loss of control over data and applications. The BSI guidelines provide advice on how to contract with a Cloud provider. Finally, ISO published a new security standard for cloud services. The new standard ISO/IEC 27018 applies to all types and sizes of organizations which provide information processing services as PII processors via cloud computing under contract to other organizations. ISO 27018 builds upon the existing security standards in ISO 27001, providing a voluntary standard governing the processing of personal data in the cloud. It establishes a common set of control objectives, controls, and guidelines for implementing measures to protect PII in accordance with the privacy principles for public cloud computing.
TIP: As cloud computing evolves, both customers and providers of cloud computing services should be aware of cloud safety guidance. In particular, customers with an interest in the European market should now review their standard agreements for compliance with these new Cloud Computing industry standards.