In September 2012, the European Commission produced a strategy paper titled “Unleashing the Potential of Cloud Computing in Europe”.
The strategy was quite simple, stating that embracing cloud technology across all industry sectors would lead to significant economic gains across Europe. The paper estimated that 2.5 million new jobs would be created across Europe, adding an estimated €160 billion to the European economy by 2020.
Concerns over privacy and security have acted as a barrier to migrating data to the cloud as the procuring organisation is liable for any data protection breaches. Whilst there are financial savings to be made from cloud computing, there is an expectation that the levels of security control should be commensurate to a non-cloud environment.
UK Regulatory Framework
In August 2014, the British Standards Institute (BSI) published BS ISO/IEC 27018:2014 Information technology – Security techniques – Code of practice for PII protection in public clouds acting as processors of personally identifiable information (PII). The standard is designed to work alongside ISO27001 which security professionals are very familiar with and will also be supported by ISO/IEC 27017 — Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services which is currently in draft and due to be published in 2015.
ISO27018 Standard
ISO27018 sets out a number of cloud provider obligations which will enable organisations to measure and audit a cloud provider against the standard and also create a culture of transparency between both parties. It is also designed to assist both parties on how to enter into a contractual agreement.
The standard is a significant step towards ensuring compliance with the principles in the Data Protection Act but only time will tell if it addresses the key concerns of customers with regards to the use of cloud technology. The standard may well lead to a significant increase in the adoption of cloud technology that could generate the predicted economic benefits across Europe.