Certifications of cloud provider services welcome, but users cannot rely on them

A new online platform that enables prospective users of cloud computing services to assess the security features of registered cloud providers is to be welcomed, the UK's data protection watchdog has said.26 Jul 2012

CSA promotes "the use of best practices for providing security assurance within cloud computing" and that provides "education on the uses of cloud computing to help secure all other forms of computing". Its members include Google, Microsoft and a host of other global businesses.

The use of computers

Cloud computing refers to the use of computers and software on an internet-based network to process information to put it more exactly than the use of local computing resources. It allows internet users to access or store information without owning the software or all of the hardware to do it and many online companies, just as Google, operate huge servers that store the data and deliver it to users.

Earlier this month the EU privacy watchdog the Article 29 Working Party, through which the ICO is represented, said businesses that wish to use cloud services to store and process personal data must use providers that can "guarantee" compliance with EU data protection laws.

The Working Party said firms inherently lack control over personal data they are responsible for when using cloud services, and as well may not have access to detailed information about how information is processed in the cloud. It said that cloud computing as well poses risks to data security, just as "loss of governance, insecure or incomplete data deletion, insufficient audit trails or isolation failures."