This content is part of the Essential Guide: The case for cloud storage: Cloud considerations and strategies
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's most important to know about my cloud privacy policy?

A good cloud provider privacy policy should cover not only physical and logical security, but geographic and personnel constraints as well.

When it comes to choosing a cloud service provider, the first thing you should do is make sure that they do, in fact, have an information privacy policy that is published somewhere you can find it, and that it addresses your concerns. Beyond that, whether it is available online and updated as it needs to be should be of concern. Sometimes policies can even prompt you to think about things that you hadn't before. 

Important areas that the cloud privacy policy should cover focus on physical and logical security. But just as important is identity management and access control -- policies that are specific to people who could gain access to your data.

You should also pay attention to what the policy covers in terms of different geographies. For example, if I have data that can't leave the US, then the provider should have geographic controls and constraints as part of their policy.

It's also important to know how a cloud provider manages their different clients as well as their own employees and contractors who may have logical or physical access to the information. A cloud provider should be able to articulate to you how they have responded or would respond to a security breach. Do they run and hide, do they put up a smoke mirror, or do they step up and explain exactly what happened, why it happened, what they would do in the event that it happened again, and how they plan to prevent it in the future? But most importantly, it's also your responsibility as a user to be sure you fully understand a cloud privacy policy and that it covers areas most important to your business processes.

Next Steps

NSA scandal spurs cloud privacy innovation

What you can expect from a cloud service level agreement

Dig Deeper on Public cloud storage

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What aspect of a cloud provider's privacy policy do you find most important?