INTRODUCTION

This book is intended to be an introduction to the risks involved in Cloud sourcing, to enable managers to ask the right questions. Suggestions are offered for the kind of risks an organisation’s use of the Cloud might generate, and the remedial measures that might be taken. These are given as examples only and are not intended to be a substitute for qualified legal or technical advice. Other publications from ITGP, listed at the end of this book, address security in more detail.

Cloud security has to be a joint effort between the provider and the customer. The customer must select a provider with adequate security and other provisions; many of the topics discussed here will therefore be of equal interest to Cloud providers. However, the customer’s responsibilities go further. Without a well-functioning information security process in place, selection of a secure Cloud provider is only a half measure.

In order to emphasise where the responsibility for data protection compliance normally lies, the Cloud services customer is more or less interchangeably referred to in this publication as the ‘data controller’.

This pocket guide is based on EU legislation, and will therefore be of relevance to any organisation that needs to meet the EU General Data Protection Regulation’s (GDPR) requirements.