Guide for companies on cloud computing: security and privacy implications
Post on 07-Apr-2018
227 Views
Preview:
Transcript
8/3/2019 Guide for companies on cloud computing: security and privacy implications
1/42
Iqfgadju njophcfa~2~anqufwv hcg pufthnv jd nljqg njopqwfci
FCDJUOHWFJC ANQUFWV JE^AUTHWJUV
8/3/2019 Guide for companies on cloud computing: security and privacy implications
2/42
Agfwfjc2 Jnwjeau 5088
Wma %Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci% mh~ eaac gataljpag ev wma
waho jd wma Fcdjuohwfjc ^anqufwv Je~authwjuv jd FCWANJ2
Phelj Puar ^hc/Bj~ -ohchiaoacw&
Nuf~wfch Iqwfuuar Ejuia -njjugfchwfjc&
Agqhugj lthuar Hljc~j
^q~hch ga lh Dqacwa Ujguiqar
Lhquh Ihunh Puar
Wma pua~acw pqelfnhwfjc ealjci~ wj wma Chwfjchl Fc~wfwqwa jd Njooqcfnhwfjc Wanmcjljifa~ -FCWANJ& hcg f~ lfnac~agqcgau Nuahwfta Njoojc~ Hwwufeqwfjc/CjcNjooaunfhl >#0 ^phfc, hcg wmauadjua vjq ohv njpv, gf~wufeqwa hcg wuhc~ofw wmf~yjuk qcgau wma djlljyfci njcgfwfjc~2
Hwwufeqwfjc2 Wma njcwacw jd wmf~ uapjuw ohv ea uapujgqnag fc dqll ju phuwfhllv ev wmfug phuwfa~, nfwfci fw~ ~jquna hcg ohkfcia}pua~~ uadauacna ejwm wj FCWANJ hcg wj fw~ yae~fwa2 yyy#fcwanj#a~# ^qnm hwwufeqwfjc ohv fc cj nh~a ~qiia~w wmhwFCWANJ ~qppjuw~ ~hfg wmfug phuwv ju acgju~a~ wma q~a wmhw fw ohka~ jd mf~ yjuk#
CjcNjooaunfhl Q~a2 Wma jufifchl ohwaufhl hcg wma yjuk~ gauftag ohv ea gf~wufeqwag, njpfag hcg gf~plhvag h~ ljcih~ fw~ q~a f~ cjw dju njooaunfhl pqupj~a~#
Dju hcv uaq~a ju gf~wufeqwfjc, vjq oq~w ohka nlahu wma lfnac~a wauo~ jd wmf~ yjuk# ^joa jd wma~a njcgfwfjc~ ohv cjw hpplv fdpauof~~fjc f~ jewhfcag dujo FCWANJ h~ jycau jd wma njpvufimw# Cjwmfci fc wmf~ lfnac~a gfofcf~ma~ ju ua~wufnw~ wma ojuhl ufimw~jd FCWANJ#mwwp2**nuahwftanjoojc~#jui*lfnac~a~*ev/cn*>#0*a~*
Wma pua~acw gjnqoacw njoplfa~ yfwm wma hnna~~feflfwv njcgfwfjc~ jd PGD -Pjuwhela Gjnqoacw Djuohw Fw f~ h ~wuqnwquag hcglheallag gjnqoacw, pujtfgag yfwm hlwauchwfta~ wj hll cjc/wa}wqhl alaoacw~, ohukqp lhciqhia hcg hppujpufhwa uahgfci jugau#
Dju ojua fcdjuohwfjc jc wma nuahwfjc jd hnna~~fela PGD gjnqoacw~ vjq nhc njc~qlw wma iqfga hthflhela fc wma ~anwfjcHnna~~feflfwv 3 Wuhfcfci 3 Ohcqhl~ hcg Iqfga~ jc wma yae~fwamwwp2**yyy#fcwanj#a~
http://creativecommons.org/licenses/by-nc/3.0/es/http://creativecommons.org/licenses/by-nc/3.0/es/http://creativecommons.org/licenses/by-nc/3.0/es/http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://creativecommons.org/licenses/by-nc/3.0/es/8/3/2019 Guide for companies on cloud computing: security and privacy implications
3/42
Wma Chwfjchl Fc~wfwqwa jd Njooqcfnhwfjc Wanmcjljifa~-FCWANJ&-mwwp2**yyy#fcwanj#a~&, pqelfnnjupjuhwfjc hwwhnmag wj wma Ofcf~wuv jd Fcgq~wuv, Wuhga hcg Wjquf~o wmujqim wma ^whwa Gaphuwoacwdju Walanjooqcfnhwfjc~ hcg dju wma Fcdjuohwfjc ^jnfawv, f~ h plhwdjuo dju gataljpfci wmaKcjylagia ^jnfawv wmujqim pujbanw~ fc wma dfalg jd fccjthwfjc hcg wanmcjljiv# Wma of~~fjc jdFCWANJ f~ wj pujtfga thlqa hcg fccjthwfjc wj fcgftfgqhl~, ^OA~, Pqelfn Hqwmjufwfa~ hcg wmafcdjuohwfjc wanmcjljiv ~anwju ev gataljpfci pujbanw~ ymfnm njcwufeqwa wjyhug~ fcnuah~fcinjcdfgacna fc jqu njqcwuv~ Fcdjuohwfjc ^jnfawv ~autfna~, ymfla hl~j pujojwfci hc fcwauchwfjchl
njqu~a jd phuwfnfphwfjc# Wj wmf~ acg, FCWANJ yfll gataljp hnwfjc~ fc wma djlljyfci huah~2 ^anqufwv,Hnna~~feflfwv, FNW Xqhlfwv hcg Wuhfcfci#
Wma Fcdjuohwfjc ^anqufwv Je~authwjuv -mwwp2**je~authwjufj#fcwanj#a~& dhll~ yfwmfc FCWANJ~~wuhwaifn njqu~a jd hnwfjc njcnaucfci Wanmcjljifnhl ^anqufwv, hcg f~ h chwfjchl hcg fcwauchwfjchlfnjc fc ~autfci ^phcf~m nfwfrac~, njophcfa~ hcg hqwmjufwfa~ fc jugau wj ga~nufea, hchlv~a, h~~a~~hcg ~puahg wma Fcdjuohwfjc ^jnfawv~ nqlwqua jd ~anqufwv hcg wuq~w#
FCWANJ yjqlg lfka wj wmhck wma njllhejuhwfjc jd wma ^phcf~m H~~jnfhwfjc jd PufthnvPujda~~fjchl~ -HPAP& -mwwp2**yyy#hpap#a~& fc wma puaphuhwfjc jd wmf~ iqfga, a~panfhllv fw~pua~fgacw Ufnhug Ohuwcar dju mf~ pau~jchl njcwufeqwfjc2
http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://observatorio.inteco.es/http://observatorio.inteco.es/http://observatorio.inteco.es/http://www.apep.es/http://www.apep.es/http://www.apep.es/http://www.apep.es/http://observatorio.inteco.es/http://www.inteco.es/8/3/2019 Guide for companies on cloud computing: security and privacy implications
4/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 7 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
CGFNA
8 FCWUJGQNWFJC WJ NLJQG NJOPQWFCI ########################################### 48#8 NLJQGNJOPQWFCI H^ ATJLQWFJC JD WANMCJLJIV ############################## 48#5 WMA PLHNA JD NLJQG NJOPQWFCIFC FW GATALJPOACW ########################## =8#> ^AUTFNA LATAL^ ############################################################################################## =8#7 ^AUTFNA GAPLJVOACW OJGAL^ ################################################################# 808#1 WVPA JD PUJTFGAU^ ##################################################################################### 88
5 OHFC DAHWQUA^ JD NLJQG NJOPQWFCI 5####################################### 85#8 QEFXQFWJQ^ HNNA^^ WJ GHWH #################################################################### 855#5 ANJCJOFN H^PANW^ ##################################################################################### 8>5#> ^NHLHEFLFWV HCG DLA]FEFLFWV #################################################################### 8>5#7 UALJNHWFJC JD GHWH HCG PUJNA^^A^ ################################################### 875#1 GAPACGACNA JC WMFUG PHUWFA^ ############################################################### 87
> LAIHL DUHOAYJUK ########################################################################## 81>#8 UAIQLHWFJC JD WMA LJPG ########################################################################## 81>#5 UAIQLHWFJC JD WMA L^^F ############################################################################ 58>#> UAIQLHWFJC JD WMA PACHL NJGA ############################################################# 58>#7 WMA LAIHL ^V^WAO JD GA^WFCHWFJC NJQCWUFA^ ################################## 55
7 UF^K^ JD NLJQG NJOPQWFCI ########################################################## 5>7#8 HEQ^A HCG OHLFNFJQ^ Q^A ######################################################################## 5>7#5 FCWAUCHL FCDJUOHWFJC LAHK^ ################################################################## 5>7#> FC^ANQUA HPF^ ############################################################################################### 5>7#7 FGACWFWV DUHQG ############################################################################################# 577#1 UF^K PUJDFLA FICJUHCNA ########################################################################### 57
Fcga}
8/3/2019 Guide for companies on cloud computing: security and privacy implications
5/42
8/3/2019 Guide for companies on cloud computing: security and privacy implications
6/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 4 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
8 FCWUJGQNWFJC WJ NLJQGNJOPQWFCI
Fc uanacw vahu~ juihcf~hwfjc~ hwwacg yfwm hcwfnfphwfjc wma aoauiacna hcg gataljpoacw jd
nljqg njopqwfciju phuhgfio jd njopqwfci fc wma nljqg -hl~j nhllag %wma nljqg%&, hnnjugfci
wj ymfnm, hll fcdjuohwfjc ua~jquna~ nhc ea ~wjuag jc wmfug phuwv ~autau~ hcg hnna~~felawmujqim wma Fcwaucaw# Pujtfgau~ mhta ghwh pujna~~fci nacwua~ wj ~auta oqlwfpla q~au~# Fc
a}nmhcia, wma nq~wjoau~ uanafta h dla}fela ~qppjuw wj wma caag~ hcg panqlfhufwfa~ jd wmafu
hnwftfwv hw hcv iftac wfoa#
Wmf~ ojgal jddau~ iuahw pj~~feflfwfa~ dju njophcfa~ hcg acwfwfa~, ejwm fc wauo~ jd
fcta~woacw hcg anjcjofa~ jd ~nhla, ualjnhwfjc hcg hnna~~ wj fcdjuohwfjc dujo hcvymaua,
awn# Ymfla wmaua f~ cj njcnlq~fta ghwh jc wma hgjpwfjc jd wma nljqg fc ^phfc, h ~aufa~ jd
dhnwju~8
Wma pua~acw gjnqoacw jddau~ hc hppuj}fohwfjc wj wma nljqg njopqwfciojgal dju hll kfcg~
jd juihcf~hwfjc, ljjkfci nlj~alv hw wma ohfc foplfnhwfjc~ h~ uaihug~ ~anqufwv hcg pufthnv,
wma kav~ wj ac~qufci ~qnna~~ fc wma q~a jd ~autfna~ fc wma nljqg# Wmujqimjqw wma pua~acw
iqfga, wma uahgau yfll dfcg wma choa~ acwfwv, njophcv, juihcf~hwfjc, nlfacw, njcwuhnwju, ju
q~au hnnjugfci wj wma ujla wmav whka fc wma ~panfdfn ~fwqhwfjc qcgau gf~nq~~fjc fc ahnm
~anwfjc#
mhta eaac fgacwfdfag wmhw ohv dhtjqu fw~ a}phc~fjc fc wma pqelfn hcg pufthwa
~anwju~2 gataljpoacw jd wma FNW ~anwju, eq~fca~~ cawyjuk gjofchwag ev wma ^OA,iajiuhpmfnhl lhvjqw jd wma pjpqlhwfjc hcg pjwacwfhl jd wma pqelfn ~anwju, hojci~w jwmau~#
8#8 NLJQGNJOPQWFCI H^ ATJLQWFJC JD WANMCJLJIV
Nljqg njopqwfci, ju njopqwfci %fc wma nljqg%, f~ h wanmcjljiv pujpj~hl ju ojgal wmhw
achela~ wma pujtf~fjc jd njopqwau ~autfna~ wmujqim wma Fcwaucaw fc ymfnm wma ua~jquna~,
~jdwyhua hcg ghwh hua pujtfgag jc gaohcg# Wma jebanwfta jd wmf~ cay ojgal f~ wmhw wma
njophcv ju acg q~au gja~ cjw mhta wj yjuuv hejqw wma wanmcfnhl gawhfl~ hcg wmav nhc q~a
hcv hpplfnhwfjc yfwm wmafu yae eujy~au#
Nljqg njopqwfcif~ wma ~qo jd wma atjlqwfjc jd ~atauhl wanmcjljifa~2
8 Ehckfcwau Djqcghwfjc dju Fccjthwfjc -5080Nljqg Njopqwfci# Lh waunauh jlh ga lh~ Wancjljih~ ga lh Fcdjuohnfc -Wmawmfug yhta jd Fcdjuohwfjc Wanmcjljifa~
8# Fcwujgqnwfjc wj nljqg njopqwfci
8/3/2019 Guide for companies on cloud computing: security and privacy implications
7/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 9 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Fcnuah~a fc pujna~~fci nhphnfwv# ^fcna wma jufifc jd njopqwfci, wma njopqwhwfjc
nhphnfwv jd pau~jchl njopqwau~ mh~ eaac fcnuah~fci guhohwfnhllv#
Fcwaucaw Njccanwfjc# Wma Caw mh~ eanjoa hc hloj~w fcgf~pac~fela wjjl fcpajpla)~ atauvghv lfta~# Fw~ atjlqwfjc fctjlta~ hc fcnuah~a fc wma njccanwfjc ~paag
hcg fc wma cqoeau jd njccanwfjc~ fc mjoa~ hcg fc wma yjukplhna#
Ojefla gatfna~# Wma ofcfhwquf~hwfjc jd njopqwau njopjcacw~ mh~ hlljyag wma
aoauiacna jd ojefla gatfna~ wmhw achela pauohcacw njccanwfjc wj wma Fcwaucaw#
Cjyhghv~, h eq~fca~~ oq~w ea hela wj njccanw wj wma ua~jquna~ jd wma njophcv,
ejwm dujo ga~kwjp njopqwau~ hcg dujo ojefla gatfna~, njctauwfci qefxqfwv hcg
ojeflfwv fcwj mfimlv fopjuwhcw uaxqfuaoacw~#
H~ uaihug~ wma mf~wjuv jd njopqwfci fc wma nljqg, wma djlljyfci atacw~ ~whcg jqw2
Fc 8648, Bjmc OnNhuwmv ~qiia~wag wmhw wma hgthcna~ fc njopqwfci hcg
njooqcfnhwfjc~ yjqlg lahg wj %njopqwhwfjc ohv ~joaghv ea juihcfrag h~ h
pqelfn qwflfwv%, bq~w lfka wma eq~fca~~ ojgal dju yhwau ju alanwufnfwv#
Hw wma acg jd wma 60~, Hohrjc wanmcfnfhc~ uahlf~ag wmhw wmav mhg h lhuia njopqwau
fcduh~wuqnwqua eqw wmhw wmav yaua jclv q~fci 80/81! jd fw~ nhphnfwv# Wmav ~hy wma
pj~~feflfwfa~ jd jddaufci wma~a ~autfna~ wj q~au~ hcg fc 5004 fcwujgqnag Hohrjc 5
Gqufci wma vahu~ 5009 hcg 500=, lhuia njophcfa~ ~qnm h~ Ijjila hcg FEO bjfcag
djuna~ yfwm Cjuwm Hoaufnhc qcftau~fwfa~ wj eaifc lhuia/~nhla ua~ahunm jc nljqg
njopqwfci# H~ h ua~qlw jd wmf~ ua~ahunm, fc Bhcqhuv 5006 Aqnhlvpwq~ aoauiag, hc
jpac ~jquna plhwdjuo wmhw hlljyag wma nuahwfjc jd ~v~wao~ fc wma nljqg njophwfela
yfwm Hohrjc Yae ^autfna~#
Yae ^autfna~5#
Fc njcnlq~fjc, hgthcna~ fc wma wmuaa huah~ oacwfjcag hejta -pujna~~fci nhphnfwv,
Fcwaucaw njccanwfjc hcg ojefla gatfna~& wjiawmau yfwm fopjuwhcw fcta~woacw~ ohga ev wmalhuia njophcfa~ ymj gjofchwa wma yjulg wanmcjljiv ~naca mhta eujqimw hejqw wma uhpfg
atjlqwfjc hcg fcwujgqnwfjc jd nljqg njopqwfci# Qp wj ~qnm h pjfcw wmhw ohcv q~au~ hluahgv
acbjv ~autfna~ fc wma nljqg yfwmjqw atac uahlf~fci fw#
5Hohrjc Yae autfna~-HY^&mwwp2**hy~#hohrjc#njo*
http://aws.amazon.com/http://aws.amazon.com/http://aws.amazon.com/http://aws.amazon.com/8/3/2019 Guide for companies on cloud computing: security and privacy implications
8/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia = jd 75Fcdjuohwfjc anqufwv Je~authwjuv
8#5 WMA PLHNA JD NLJQG NJOPQWFCIFC FW GATALJPOACW
Wma atjlqwfjc jd fcdjuohwfjc wanmcjljiv fc uanacw vahu~ nhc ea ~foplfdfag fc wma djlljyfci
ofla~wjca~2
Ohfcduhoa~# Hw wma ~whuw jd wma 40~, njopqwau~ yaua tauv a}pac~fta gatfna~,
gfddfnqlw wj ohfcwhfc hcg wj q~a# Njophcfa~ mhg lhuia njopqwau~, kcjyc h~
ohfcduhoa~, wj gj wma oj~w nufwfnhl hcg njoplfnhwag wh~k~# Iacauhllv, wma~a yaua
cjw njccanwag wj wma Caw hcg yaua q~ag dju mhcglfci lhuia xqhcwfwfa~ jd ghwh ~qnm
h~ nac~q~a~ ju anjcjofn wuhc~hnwfjc~#
Nlfacw/~autau hunmfwanwqua# Eawyaac wma 90~ hcg =0~, wma q~a jd pau~jchl
njopqwau~ fc wma yjukplhna yh~ iacauhlf~ag, la~~ a}pac~fta hcg pjyaudql, eqw
hlljyag wma paudjuohcna jd eh~fn wh~k~# Fc hggfwfjc wmav mhg h ~aw cqoeau jd ojuapjyaudql njopqwau~ wmhw yaua acwuq~wag yfwm kaapfci wma oj~w ~ac~fwfta ghwh h~
yall h~ wma hpplfnhwfjc~ wmhw caagag ojua ua~jquna~# Wma~a njopqwau~ yfwm
iuahwau pujna~~fci nhphnfwfa~ yaua nhllag ~autau~, ymfla wma ohnmfca~ yfwm ojua
lfofwag ua~jquna~ hw ahnm yjuk~whwfjc yaua nhllag nlfacw~# Nlfacw/~autau hunmfwanwqua
yh~ ejuc#
Njllhejuhwfta hcg gf~wufeqwag hunmfwanwqua~# Wma njopla}fwv jd njopqwau
hpplfnhwfjc~ mh~ eaac fcnuah~fci jtau wfoa, ymfnm mh~ uaxqfuag wma nuahwfjc jd
ojua njopla} ~v~wao~ wj addfnfacwlv ~jlta hll jd wma cay caag~# Dju a}hopla, iufgnjopqwfci q~a~ h thufhela cqoeau jd njopqwau~ yjukfci njllhejuhwftalv wj ~jlta
njopla} pujelao~ dju wmj~a wmhw fcgftfgqhllv gj cjw mhta acjqim ua~jquna~# Jc
wma jwmau mhcg, wma hunmfwanwqua paau/wj/paauju p5p f~ h gf~wufeqwag hunmfwanwqua fc
ymfnm hll wma cjga~ hua ejwm njc~qoau~ hcg ~qpplfau~ jd fcdjuohwfjc# Wma~a
hunmfwanwqua~ hua yfgalv q~ag wjghv#
Wma nljqg njopqwfciojgal gja~ cjw ~qe~wfwqwa wma hejta hunmfwanwqua~, eqw fw ohchia~
wj uhgfnhllv nmhcia wma yhv fc ymfnm njopqwau hpplfnhwfjc~ hua q~ag hcg qcgau~wjjg,
wmhck~ wj wma dhnw wmhw fw hlljy~ vjq wj oh}fof~a wma ~wuaciwm~ jd wma Fcwaucaw, ojeflagatfna~ hcg pau~jchl njopqwau~#
8#> ^AUTFNA LATAL^
Wj qcgau~whcg wma dqcnwfjcfci jd nljqg njopqwfci fw f~ a~~acwfhl wj qcgau~whcg wma wmuaa
latal~ hw ymfnm wma ~autfna ohv ea pujtfgag#
8 Fcduh~wuqnwqua h~ h ^autfna -Fhh^ Wmf~ f~ wma mfima~w ~autfna latal# Fw f~ ua~pjc~fela
dju galftaufci h njoplawa pujna~~fci fcduh~wuqnwqua wj wma q~au jc gaohcg# Wma q~au
mh~ jca ju thufjq~ tfuwqhl ohnmfca~ fc wma nljqg yfwm ymfnm, dju a}hopla, fw nhc
fcnuah~a wma ~fra jd wma mhug gf~k fc h day ofcqwa~, jewhfc iuahwau pujna~~fci ju
8/3/2019 Guide for companies on cloud computing: security and privacy implications
9/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 6 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
ujqwau> nhphnfwv hcg jclv phv dju wma ua~jquna~ wmhw ma q~a~# Wmf~ latal nhc ea ~aac
h~ hc atjlqwfjc jd wma Tfuwqhl Pufthwa ^autau~ nquuacwlv jddauag ev mj~wfci7
5 Plhwdjuo h~ h ^autfna -Phh^ Wmf~ f~ hc fcwauoagfhwa latal, ua~pjc~fela djugalftaufci h njoplawa pujna~~fci plhwdjuo wj wma q~au, dqllv dqcnwfjchl hcg yfwmjqw
mhtfci wj eqv hcg ohfcwhfc wma mhugyhua hcg ~jdwyhua# Dju a}hopla, h yae
gataljpau caag~ h yae ~autau wmhw ~auta~ wmafu phia~, h ghwheh~a ~autau hcg hc
jpauhwfci ~v~wao# Wmf~ latal f~ ua~pjc~fela dju pujtfgfci hll wma~a ~autfna~#
njophcfa~#
> ^jdwyhua h~ h ^autfna -^hh^ Wmf~ latal f~ ua~pjc~fela dju galftaufci ~jdwyhua h~ h
~autfna wmujqim wma Fcwaucaw ymacatau wma q~au gaohcg~ fw# Wmf~ f~ wma ljya~w latal
wmhw hlljy~ hnna~~ wj wma hpplfnhwfjc q~fci h yae eujy~au, yfwmjqw uaxqfufci wma
fc~whllhwfjc jd hggfwfjchl pujiuho~ jc wma njopqwau ju ojefla walapmjca# Jddfnahqwjohwfjc ~qfwa~ ymfnm nhc ea hnna~~ag jclfca hua h ijjg a}hopla jd wmf~ latal#
Fllq~wuhwfjc 82 A}hopla~ jd ~autfna~ galftauag hw ahnm latal jd nljqg njopqwfci
> Ujqwau2 Gatfna wmhw gf~wufeqwa~ wuhddfn eawyaac cawyjuk~#
7Mj~wfci2^autfna jddauag ev njophcfa~ njc~f~wfci jd pujtfgfci hnnjoojghwfjc yfwmfc wmafu ~autau~ wj wma yae phia~ jdjwmau njophcfa~, yfwm wma pqupj~a jd ~wjufci fcdjuohwfjc, tfgaj~, pmjwjiuhpm~ ju hcv wvpa jd ghwh wmhw wmav yf~m wj mhtahnna~~fela jc wma Caw#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
10/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 80 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
8#7 ^AUTFNA GAPLJVOACW OJGAL^
Nljqg njopqwfci~v~wao~ nhc ea iujqpag fcwj wma djlljyfci ohfc nhwaijufa~2
Pqelfn nljqg~ hua wmj~a fc ymfnm hll jd wma njcwujl jd wma
ua~jquna~, pujna~~a~ hcg ghwh f~ fc wma mhcg~ jd wmfug
phuwfa~# Oqlwfpla q~au~ nhc q~a yae ~autfna~ wmhw hua
pujna~~ag fc wma ~hoa ~autau; wmav nhc ~mhua gf~k ~phna
ju ~phna jc jwmau cawyjuk fcduh~wuqnwqua~ yfwm jwmau q~au~#
Pufthwa nljqg~ hua wmj~a nuahwag hcg hgofcf~wuhwag ev h
~fcila acwfwv wmhw ganfga~ ymaua hcg mjy wma pujna~~a~
hua a}anqwag yfwmfc wma nljqg# Fw f~ hc fopujtaoacw fc
wauo~ jd ~anqufwv hcg pufthnv jd wma ghwh hcg pujna~~a~, h~wma ~ac~fwfta ghwh uaohfc~ jc wma njopqwau fcduh~wuqnwqua
jd wma acwfwv, ymauah~ fw njcwujl~ ymfnm q~au hnna~~a~ ahnm
~autfna jd wma nljqg# Mjyatau, wma acwfwv njcwfcqa~ eafci fc
nmhuia jd pqunmh~fci, ohfcwhfcfci hcg hgofcf~wuhwfci wma
acwfua mhugyhua hcg ~jdwyhua fcduh~wuqnwqua dju wma nljqg#
Fc mveufg nljqg~ wma wyj ojgal~ hejta nja}f~w# Dju
a}hopla, h njophcv ohka~ q~a jd jca pqelfn nljqg wj
ohfcwhfc fw~ yae ~autau ymfla fw kaap~ fw~ ghwheh~a ~autaujc fw~ pufthwa nljqg# Fc wmf~ yhv, h njooqcfnhwfjc nmhccal
f~ a~whelf~mag eawyaac wma pqelfn hcg pufthwa nljqg
wmujqim ymfnm wma ~ac~fwfta ghwh uaohfc qcgau ~wufnw njcwujl
ymauah~ wma yae ~autau f~ hgofcf~wuhwag ev h wmfug phuwv#
Wmf~ ~jlqwfjc uagqna~ wma njopla}fwv hcg nj~w jd wma
pufthwa nljqg#
H djquwm ~autfna gapljvoacw ojgal mh~ eanjoa atfgacw,
njooqcfwv nljqg~, ymfnm hua ~mhuag eawyaac thufjq~juihcf~hwfjc~ wmhw djuo h njooqcfwv yfwm ~foflhu pufcnfpla~
-of~~fjc, ~anqufwv uaxqfuaoacw~, pjlfnfa~ hcg uaiqlhwjuv
uaxqfuaoacw~ Fw ohv ea ohchiag ev wma njooqcfwv ju ev
h wmfug phuwv# Wmf~ ojgal nhc ea tfayag h~ h thufhwfjc fc
wma pufthwa nljqgojgal#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
11/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 88 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
8#1 WVPA JD PUJTFGAU^
Wma nquuacw ~naca lahg~ q~au~ wjyhug~ wyj pj~~fela ~jlqwfjc~# Wma dfu~w yjqlg ea wj
njcwuhnw nljqg mj~wfci hcg wma ~anjcg yjqlg ea wj q~a wma ~panfdfn ~autfna~ jd nljqgnjopqwfcijddauag ev lhuia njophcfa~#
8 Nljqg mj~wfci~autfna~ hua ~foflhu wj wma ~autfna~ jddauag ev wuhgfwfjchl mj~wfci
njophcfa~# Wma ohfc gfddauacna f~ wmhw fc h nljqg ~autfna vjq phv dju ymhw vjq q~a
hcg ~v~wao ua~jquna~ nhc ea fcnuah~ag ju uagqnag fc h ohwwau jd ofcqwa~# Fc h
wuhgfwfjchl mj~wfci ~v~wao vjq mhta wj kcjy ymhw nhphnfwv jd pujna~~fci vjq hua
ijfci wj caag hcg atac ymhw tau~fjc jd jpauhwfci ~v~wao vjq hua ijfci wj q~a eadjua
njcwuhnwfci wma ~autfna~#
5 Nljqg njopqwfci~autfna~ jddauag ev wma lhuia njophcfa~ fc wma FW ~anwju achelavjq wj jewhfc iuahwau pau~jchlf~hwfjc fc wma njopqwfci ~jlqwfjc njcwuhnwag# Iftac wmf~
jpwfjc pujtfga~ ojua dqcnwfjchlfwfa~ fw hl~j uaxqfua~ h iuahwau wanmcfnhl kcjylagia jc
wma phuw jd wma njcwuhnwju wj oh}fof~a fw~ dahwqua~#
Wmaua hua wjjl~ hcg dqcnwfjchlfwfa~ jd nljqg njopqwfciwmhw hua jddauag dju duaa jc wma
Caw, ~qnm h~ njllhejuhwfta phia~ hcg plhwdjuo~ fc Yae 5#0#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
12/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 85 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
5 OHFC DAHWQUA^ JD NLJQGNJOPQWFCI
5#8 QEFXQFWJQ^ HNNA^^ WJ GHWH
Wma ohfc dahwqua jd nljqg njopqwfci f~ wma qefxqfwjq~ hnna~~ -dujo hcvymaua& wj
fcdjuohwfjc# Vjq jclv caag h yae eujy~au hcg Fcwaucaw njccanwfjc wj acbjv ~autfna~ fc wma
nljqg, vjq gj cjw caag wj mhta h ~panfdfn jpauhwfci ~v~wao ju fc~whll ~panfdfn ~jdwyhua jc
ahnm nlfacw# Vjq nhc q~a h lhpwjp, ojefla walapmjca ju h ihoa~ njc~jla njccanwag wj wma
Caw wj hnna~~ nljqg hpplfnhwfjc~ hw hcv wfoa#
Hw pua~acw, ojefla wanmcjljifa~ hua hc fopjuwhcw phuw yfwmfc wma eq~fca~~ ojgal jd hnjophcv# Wma njoefchwfjc jd ojefla hcg df}ag gatfna~ nuahwa~ cay jppjuwqcfwfa~ fc wma
gataljpoacw jd eq~fca~~ hnwftfwfa~ hlljyfci dqll jpauhwfjchl nhphnfwv#
Wmf~ dahwqua h~~qoa~ h iuahw hgthcwhia jtau jwmau wanmcjljifa~, hlwmjqim fw f~ fopjuwhcw
wj pjfcw jqw wmhw wmaua hua lfofwhwfjc~2 fw f~ cjw pj~~fela wj q~a nljqg hpplfnhwfjc~ yfwmjqw hc
Fcwaucaw njccanwfjc# Hl~j, wma xqhlfwv hcg ~paag jd wma njccanwfjc oq~w ea mfim wj ea hela
wj q~a wma ~autfna pujpaulv# H~ h iacauhl uqla, ga~kwjp hpplfnhwfjc~ -wmj~a pujiuho~
fc~whllag jc h njopqwau& mhta h mfimau paudjuohcna wmhc yae hpplfnhwfjc~ eanhq~a wmav
nhc ohka eawwau q~a jd hll wma njopqwau ua~jquna~#
Yfwm nljqg njopqwfcinhc vjq yjuk dujo hcvymaua:
Ohfc dahwqua~ jd nljqg njopqwfci5#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
13/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 8> jd 75Fcdjuohwfjc anqufwv Je~authwjuv
5#5 ANJCJOFN H^PANW^
Ymac gapljvfci h cay ~autfna, wma FW ojgal eh~ag jc nljqg njopqwfci hlljy~ dju
uagqnag nj~w~ njophuag wj wma wuhgfwfjchl ojgal ~fcna wma ua~jquna~ wmhw wma acwfwv oq~w
h~~fic hua la~~, ejwm gfuanw -fc wauo~ jd mhugyhua, ohfcwachcna, ~whdd, awn#& hcg fcgfuanw
-dhnflfwfa~, ~qpplfa~, awn#&, fc ~qnm h yhv wmhw phuw jd wma df}ag nj~w~ eanjoa~ thufhela#
Hw wma ~hoa wfoa, acwfwfa~ nhc njcwuhnw h ~autfna fc wma nljqg dju hc hojqcw pau ojcwm hcg
gapacgfci jc mjy wmafu caag~ gataljp, fcnuah~a ju ganuah~a wma pujna~~fci ua~jquna~,kcjyfci wmhw wmav nhc phv dju hnwqhl q~a#
5#> ^NHLHEFLFWV HCG DLA]FEFLFWV
Wma ah~a yfwm ymfnm vjq nhc hgg ju uaojta ua~jquna~ hl~j h~~qoa~ hc hgthcwhia jtauwma wuhgfwfjchl ojgal# Jqw~fga wma nljqg, ymac h ~v~wao hgofcf~wuhwju caag~ wj fc~whll hc
hggfwfjchl mhug gf~k qcfw, ma oq~w nmjj~a wma pujgqnw hcg djlljy h pujwjnjl wj nhuuv jqw wma
pqunmh~a, uanafta, fc~whll hcg njcdfiqua wma axqfpoacw dju fw~ ~awqp# Fd hdwau h wfoa wma
tjlqoa jd q~au~ gujp~ ju ~v~wao dqcnwfjchlfwfa~ nmhcia, vjq yfll cjw ea hela wj ehnkwuhnk#
Gqa wj wma iuahw ~nhlheflfwv hcg dla}feflfwv jd nljqg njopqwfci, hll ~autfna pujtfgau~ jddau wma
pj~~feflfwv jd hggfci ju uaojtfci ua~jquna~ fc h ohwwau jd ofcqwa~, fcnuah~fci wma ~wjuhia
ju wma cqoeau jd pujna~~ju~ yfwmjqw hddanwfci wma hpplfnhwfjc# Vjq gjc)w mhta wj fc~whll
hcvwmfci jc wma jpauhwfci ~v~wao, ju njcdfiqua hggfwfjchl mhugyhua qcfw~# Fc wma ~hoayhv, fd hdwau h ymfla vjq uahlf~a wmhw wma ~autfna fc wma nljqg gja~ cjw uaxqfua ~j oqnm
pujna~~fci nhphnfwv, vjq nhc uagqna wma ua~jquna~ hghpwfci wmao wj wma tjlqoa jd yjuk
uaxqfuag hw hcv wfoa#
Mjy oqnm wfoa gja~ fw whka dujo wma ojoacw vjq uahlf~a vjq caag ojua
ua~jquna~ wj wma ojoacw wmav hua hthflhela:
F~ fw cana~~huv wj ohka h efi fcta~woacw wj fcwujgqna wma ojgal fcwj wma
juihcf~hwfjc:
8/3/2019 Guide for companies on cloud computing: security and privacy implications
14/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 87 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
5#7 UALJNHWFJC JD GHWH HCG PUJNA^^A^
Fc h wuhgfwfjchl ~v~wao, wma ~v~wao hgofcf~wuhwju kcjy~ jc ymhw ohnmfca wma ghwh f~
~wjuag hcg ymfnm ~autau f~ ua~pjc~fela dju ahnm pujna~~# Wma ojgal fc wma nljqg q~a~
gfddauacw tfuwqhl wanmcjljifa~ wj ea hela wj jddau hll wma dqcnwfjchlfwfa~ uaxqfuag, wmauadjua
njcwujl f~ lj~w fc wauo~ jd ljnhwfjc# Wmf~ gja~ cjw oahc wmhw wma ghwh ju pujna~~a~ hua lj~w
jc wma Fcwaucaw h~ wma nlfacw uawhfc~ njcwujl jtau ymj nhc hnna~~ ju ojgfdv wmf~
fcdjuohwfjc#
Wma hgthcwhia f~ wmhw vjq nhc mhta ejwm ghwh hcg pujna~~a~ fc wma oj~w njctacfacwplhna dju wma juihcf~hwfjc# Dju a}hopla, vjq nhc q~a oqlwfpla njpfa~ jd h ~autau hcg
gf~wufeqwa wmao ev ghwh pujna~~ nacwua~ fc thufjq~ phuw~ jd wma yjulg wj fopujta hnna~~
wfoa~ dju q~au~# Dquwmauojua, fw dhnflfwhwa~ wma ohfcwachcna jd ehnkqp cjw jclv jd ghwh eqw
wma acwfua ~autau, jpauhwfci ~v~wao hcg pujiuho~ fc~whllag jc fw#
Wma ljnhwfjc jd wma ghwh nhc mhta h ~ficfdfnhcw addanw jc wma laihl duhoayjuk hpplfnhela
hcg wma njcwuhnw njcgfwfjc~# Fc nauwhfc nh~a~ vjq ohv mhta wj njoplv yfwm wma
uaxqfuaoacw~ pujtfgag dju fcwauchwfjchl wuhc~dau~ jd pau~jchl ghwh#
5#1 GAPACGACNA JC WMFUG PHUWFA^
Ymawmau vjq yjuk fc h pqelfn nljqg ju h mveufg nljqg, wmaua yfll ea h njophcv njcwuhnwag
wj pujtfga wma cana~~huv ~autfna~# Wma eacadfw~ jd ualvfci jc wma~a njophcfa~ f~ wmhw wmav
hua fc nmhuia jd wma ohfcwachcna jd hll mhugyhua, ~panfhlf~ag huah~ dju wma ghwh
pujna~~fci nacwua~, alanwufnfwv hcg Fcwaucaw njccanwftfwv, awn#
Wma ~autfna pujtfgau~ fc wma nljqg cjw jclv mj~w h yae ~autau -h~ mhppac~ fc wuhgfwfjchl
mj~wfci&, eqw hl~j hll wma pujna~~a~ hcg ghwh wmhw hua fc wma nljqg, h~ yall h~ ehnkqp~#
Wmhw f~, wmav ~mhua phuw jd wma njcwujl yfwm wma q~au ju juihcf~hwfjc#
Wma a~whelf~moacw jd hc hppujpufhwa latal jd wuhc~phuacnv fc wma ohukaw hw wma wfoa jd
caijwfhwfci wma wauo~ hcg njcgfwfjc~ fc wma njcwuhnw~ f~ a~~acwfhl wj jdd~aw wma lhnk jd
njcwujl gauftag dujo gapacgfci jc wmfug phuwfa~#
Gja~ wma njophcv lj~a njcwujl jtau fw~ fcdjuohwfjc hcg pujna~~a~:
Gj vjq kcjy wma njophcv ymaua vjqu fcdjuohwfjc f~ ~wjuag:
8/3/2019 Guide for companies on cloud computing: security and privacy implications
15/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 81 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
> LAIHL DUHOAYJUK
Nljqg njopqwfci mh~ fw~ pufcnfphl djqcghwfjc fc wma uaojwa ohchiaoacw jd fcdjuohwfjc#
Juihcf~hwfjc~ wuhc~dau h lhuia xqhcwfwv jd fcdjuohwfjc, fc ~joa nh~a~ ~ac~fwfta, jcwj
~autau~ ealjcifci wj wmfug phuwfa~#
Wmf~ fctjlta~ cqoaujq~ laihl foplfnhwfjc~, ojua ~wfll fc wma nh~a ymaua ghwh f~ mj~wag jc
~autau~ fc hcjwmau njqcwuv, wj wma a}wacw wmhw wyj ju ojua bquf~gfnwfjc~ njctauia hcg wma
caag huf~a~ wj gawauofca h~panw~ ~qnm h~ wma hpplfnhela Lhy, wma njopawacw njquw~ ju wma
njcgfwfjc~ uaxqfuag ~j wmhw wma wuhc~dau jd ghwh wj wma ~v~wao~ jd wma pujtfgau nhc ea
tfhela hcg fc wquc hqwmjuf~ag ev wma chwfjchl hqwmjufwv dju ghwh pujwanwfjc# Jc ~ficfci wma
njuua~pjcgfci njcwuhnw ju wauo~ jd q~a, wma nlfacw ju njcwuhnwju f~ wfag wj hnnapwfci h
~panfdfn bquf~gfnwfjc#
Fc Aqujpa, wma iacauhl duhoayjuk h~ uaihug~ ghwh pujwanwfjc hcg duaa ojtaoacw jd wma
~hoa f~ ~aw ev Gfuanwfta 61*74*AN, mauafchdwau wma Gfuanwfta1
Wmaua hua hl~j Ganf~fjc~ hcg Njooqcfnhwfjc~ dujo wma Aqujpahc Njoof~~fjc hcg
gjnqoacw~ hgjpwag ev wma ohfc plhvau~ hw wma Aqujpahc latal jc wma ~qebanw, ~qnm h~ wma
nh~a jd wma Aqujpahc Cawyjuk hcg Fcdjuohwfjc ^anqufwv Hiacnv -ACF^H&
# Wma chwfjchl wuhc~pj~fwfjc
jpauhwag ev ahnm Oaoeau ^whwa qcgauwhka~ wj whka fcwj hnnjqcw wma chwfjchl Lhy h~ h
iqfgfci nufwaufjc#
4
>#8 UAIQLHWFJC JD WMA LJPG
dujo ymfnm wma
dqcghoacwhl chwqua jd wma hpplfnhela laihl duhoayjuk f~ gagqnag#
Juihcfn Lhy 81*8666 jd 8> Ganaoeau jc wma Pujwanwfjc jd Pau~jchl Ghwh -LJPG&
uaiqlhwa~ wma h~panw~ ualhwfci wj wma pujna~~fci jd pau~jchl ghwh hcg wma duaa ojtaoacw
jd wma ghwh# Wma ^phcf~m Ghwh Pujwanwfjc Hqwmjufwv -HAPG&9f~ wma njcwujl ejgv wmhw f~
ua~pjc~fela dju ac~qufci wma njoplfhcna jd wmf~ uaiqlhwfjc yfwmfc wma ^phcf~m=
Dfu~wlv, ejwm wma ~autfna njcwuhnwfci njophcv njcwuhnwfci hcg wma pujtfgau oq~w whka fcwj
hnnjqcw wma gadfcfwfjc jd pau~jchl ghwh a~whelf~mag fc huwfnla > jd wma LJPG2 pau~jchl ghwh
f~ hcv fcdjuohwfjc njcnaucfci hc fgacwfdfag ju fgacwfdfhela pmv~fnhl pau~jc#
wauufwjuv#
1 Gfuanwfta 61*74*AN jd wma Aqujpahc Phulfhoacw hcg jd wma Njqcnfl, jd 57 Jnwjeau 8661, jc wma pujwanwfjc jd fcgftfgqhl~yfwm uaihug wj wma pujna~~fci jd pau~jchl ghwh hcg jc wma duaa ojtaoacw jd ~qnm ghwh#4 ^jquna2 ACF^H -5088^anqufwv hcg Ua~flfacna fc Ijtaucoacwhl Nljqg~#9 Ojua fcdjuohwfjc2mwwp~2**yyy#hipg#a~*= Jwmau Ghwh Pujwanwfjc Hiacnfa~ a}f~w hqwjcjojq~lv, fc wma Hqwjcjojq~ Njooqcfwfa~ jd Ohgufg, Nhwhljcfh hcg fc wmaEh~xqa Njqcwuv#
># Laihl duhoayjuk
https://www.agpd.es/https://www.agpd.es/https://www.agpd.es/https://www.agpd.es/8/3/2019 Guide for companies on cloud computing: security and privacy implications
16/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 84 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Fd wma ghwh yfwm ymfnm vjq hua ijfci wj yjuk fc wma nljqg ealjci~ wj wmf~ nhwaijuv,
wma njophcv wmhw pujna~~a~ fw oq~w dfu~w njoplv yfwm wma ~aw jd jelfihwfjc~ fcnlqgag
fc wma LJPG2 uaif~wuhwfjc jd dfla~, gqwfa~ ualhwag wj wma njllanwfci jd fcdjuohwfjc, wma
njc~acw hcg wma xqhlfwv jd wma ghwh, iqhuhcwaa jd wma ~j/nhllag HUNJ ufimw~
-Hnna~~, Uanwfdfnhwfjc, Nhcnallhwfjc hcg Jppj~fwfjc& hcg wma hgjpwfjc jd ~anqufwv6
Fd wma ghwh yfwm ymfnm vjq hua ijfci wj yjuk fc wma nljqg hua cjw pau~jchl ghwh
-wmav hua, dju a}hopla, njopla} ohwmaohwfnhl jpauhwfjc~, pmv~fn~ hcg*ju
nmaof~wuv nhlnqlhwfjc~, awn#& vjq nhc pujnaag yfwmjqw wma LJPG fcgfnhwfci hcv
je~whnla#
oah~qua~#
Hl~j, fc wma nh~a jd nljqg njopqwfci fw f~ a~~acwfhl wj uatf~a wma njcgfwfjc~ jd wma njcwuhnwfc jugau wj ac~qua hgaxqhwa pujtf~fjc jd wma f~~qa~ ualhwag wj wma pua~acna jd h ghwh
pujna~~ju hcg*ju hc fcwauchwfjchl wuhc~dau jd pau~jchl ghwh#
>#8#8 Pujtf~fjc jd ~autfna~ ev wmfug phuwfa~ cjw njccanwag wj wma njcwujllau
Fc wma pujtf~fjc jd nljqg njopqwfci ~autfna~ ev wmfug phuwfa~ cjw njccanwag wj wma
njcwujllfci juihcf~hwfjc, ymhw wma LJPG hcg fw~ Foplaoacwfci Uaiqlhwfjc -UGLJPG&80
H ghwh pujna~~ju f~ gadfcag h~ wma chwquhl pau~jc ju laihl acwfwv, pqelfn ju pufthwa, ju
hgofcf~wuhwfta ejgv wmhw, hljca ju bjfcwlv yfwm jwmau~, pujna~~a~ pau~jchl ghwh jc eamhld jd
wma ghwh njcwujllau, gqa wj wma a}f~wacna jd laihl ualhwfjc~ efcgfci wmao hcg galfofwfci wma
~njpa jd mf~ hnwfjc dju wma pujtf~fjc jd h ~autfna -Huwfnla 1 UGLJPG
nhll
h pujna~~fci jugauf~ nuahwag# Wmf~ f~ h pujtf~fjc jd ~autfna~ fc ymfnm wma ghwh f~ wma jebanw
jd ~joa wvpa jd pujna~~fci ev wma lacgau*pujtfgau ymj eanjoa~ wma ghwh pujna~~ju#
Wma djlljyfci whela lf~w~ wma eh~fn pufcnfpla~ ymfnm oq~w ea ~hwf~dfag ev wma njcwuhnwqhl
nlhq~a~ ualhwag wj hnna~~ wj ghwh ev wmfug phuwfa~ hcg wma ~anqufwv jd wma ghwh, h~ yall
h~ wma dfiqua wj ymjo ~hfg nlhq~a f~ hggua~~ag#
6 Ojua fcdjuohwfjc2 phcf~m Ghwh Pujwanwfjc Hqwmjufwv-500= Iqh gal ua~pjc~hela ga dfnmauj~#80 Ujvhl Ganuaa 8950*5009, jd 58 Ganaoeau, ymfnm hppujta~ wma Uaiqlhwfjc foplaoacwfci Juihcfn Lhy 81*8666, jd 8>Ganaoeau, jc wma pujwanwfjc jd pau~jchl ghwh ju ULJPG#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
17/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 89 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
H~panw~ wj
njc~fgau
Huwfnla~
fctjltag Njcwacw jd njcwuhnwqhl nlhq~a~
Hnna~~ wj
ghwh ev
wmfug phuwfa~
Huwfnla 85 LJPG
Huwfnla~ 50, 58
hcg 55 UGLJPG
Wma njcwujllau oq~w2
Jtau~aa wmhw wma pujna~~ju oaaw~ wma iqhuhcwaa~ dju
wma njoplfhcna jd wma pujtf~fjc~ jd wma UGLJPG#
Fcnlqga h ga~nufpwfjc jd wma ~aw jd fc~wuqnwfjc~ wmhw wma
pujna~~ju hpplfa~ dju pujna~~fci wma ghwh#
A~whelf~m wma ~anqufwv oah~qua~ wmhw wma ghwh
pujna~~ju f~ jelfiag wj fcwujgqna#
Wma pujna~~ju oq~w2
Q~a wma ghwh a}nlq~ftalv dju wma njcwuhnwag pqupj~a~#
Jwmauyf~a, vjq eanjoa ua~pjc~fela hcg vjq oq~w ea
hnnjqcwhela dju wma jddac~a njoofwwag#
Gj cjw njooqcfnhwa wmf~ fcdjuohwfjc wj wmfug phuwfa~,
cjw atac dju fw~ njc~authwfjc#
Ea hqwmjuf~ag ev wma njcwujllau wj ~qenjcwuhnw88
Ga~wujv ju uawquc wma pujna~~ag fcdjuohwfjc wj wma
njcwujllau jcna wma njcwuhnw f~ njoplawag# Vjq ~mjqlg
njoplv yfwm wma jelfihwfjc wj uawquc ev ofiuhwfci ghwh
wj h cay pujtfgau#
hcg
njoplv yfwm hll wma uaxqfuaoacw~ jd wma LJPG hcgUGLJPG jc wmf~ ~qebanw#
Ghwh
~anqufwv
Huwfnla 6 LJPG
Wfwla TFFF
UGLJPG
Wma njcwujllau oq~w2
Hgjpw wma wanmcfnhl hcg juihcf~hwfjchl oahc~
cana~~huv wj ac~qua ~anqufwv jd wma dfla~# Htjfg lj~fci fcdjuohwfjc hcg htjfg hnna~~ ju
pujna~~fci ev qchqwmjuf~ag ~whdd#
A~whelf~m puatacwfta oah~qua~ hihfc~w wma thufjq~
uf~k~ wj ymfnm wma ghwh hua ~qebanw, ymawmau dujo
mqohc hnwfjc, wanmcjljiv ju gapacgacw jc wma
pmv~fnhl ju chwquhl actfujcoacw#
88 Hlljy ~qenjcwuhnwfci# Fw f~ cjw njc~fgauag ghwh njooqcfnhwfjc wma hnna~~ jd h wmfug phuwv wj ghwh ymac ~hfg hnna~~ f~cana~~huv dju wma pujtf~fjc jd h ~autfna wj wma ghwh njcwujllau#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
18/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 8= jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Fw oq~w ea whkac fcwj hnnjqcw wmhw wma a}f~wacna jd wma njcwuhnw uaiqlhwag ev huwfnla 85 jd
wma LJPG a}nlqga~ wma hpplfnhwfjc jd wma uaiqlhwfjc pujtfgag dju pau~jchl ghwh
njooqcfnhwfjc~ hcg dhnflfwhwa~, wmauadjua, wma gapljvoacw jd ~autfna~ eh~ag jc nljqg
njopqwfci#
Wma dfiqua jd wma pujna~~ju f~ a}hofcag tauv ~panfdfnhllv ev Wfwla TFFF jd UGLJPG# Fw~
huwfnla =5 pjfcw~ jqw wma caag dju oah~qua~ wj ea df}ag fc wma njcwuhnw hnnquhwalv, whkfci
fcwj hnnjqcw wma chwqua jd wma pujtf~fjc hcg fd wmf~ f~ gataljpag jc wma puaof~a~ jd wma
njcwujllau ju jc wmj~a jd wma pujna~~ju hcg wma ~anqufwv njcgfwfjc~ wmhw hddanw uaojwa
hnna~~#
Wma ~aw jd ~anqufwv oah~qua~ pujtfgag ev wma lhy hcg fw~ uaiqlhwfjc hfo~ wj iqhuhcwaa wma
fcwaiufwv hcg ~anqufwv jd wma dfla~ fc wma pujna~~fci nacwua~, puaof~a~, axqfpoacw hcgpujiuho~ hcg wma hthflheflfwv jd wma fcdjuohwfjc85
#
Wma ~autfna pujtfgau fc wma nljqg f~ ua~pjc~fela dju ohfcwhfcfci ~anqufwv fc fw~ ghwh
pujna~~fci nacwua~# Q~qhllv hc fc~panwfjc jd fw~ ~anqufwv oah~qua~ ev wma nlfacw fcwaua~wag
fc njcwuhnwfci fw~ ~autfna~ yfll cjw ea pj~~fela# Jc wma jwmau mhcg, a}napw fc tauv ~panfdfnnh~a~, njcwuhnwfci yfll ea gjca wmujqim iacauhl njcgfwfjc~, /wmhw f~, q~fci njcwuhnw~ wmhw
ua~pjcg wj h iacauhl ojgal dju h nhwaijuv jd nlfacw~/ hcg hggfwfjchllv pufthnv pjlfnfa~
ohv ea a}panwag# Wmauadjua fw yfll ea a~~acwfhl dju wma nlfacw wj ohka nauwhfc wmhw wma
~autfna pujtfgau qcgauwhka~ wj ua~panw hcg ~hwf~dv wma jelfihwfjc~ njcwhfcag fc wma LJPG
hcg wma Gfuanwfta hcg fc phuwfnqlhu, fc ualhwfjc wj wma ~anqufwv jd ghwh hcg hnna~~ wj ghwh
ev wmfug phuwfa~#
Wma gfddfnqlwv fc wma~a nh~a~ lfa~ fc wmhw fc puhnwfna vjq nhc hnmfata wma ua~qlw actf~hiag
ev laif~lhwfjc ev q~fci h oawmjg gfddauacw dujo wma q~qhl# Fc hnnjughcna yfwm wma Lhy, jc
hnnapwfci wma wauo~ jd q~a wma pujtfgau eanjoa~ wma ghwh pujna~~ju hcg nhc ~jlalv
pujna~~ wmao hnnjugfci wj wma fc~wuqnwfjc~ jd wma ghwh njcwujllau -wma nlfacw&, yfwmjqw
hpplvfci wmao ju q~fci wmao dju h gfddauacw pqupj~a wj wmhw a~whelf~mag, ju njooqcfnhwa
wmao wj jwmau pau~jc~# Mjyatau, iftac wmhw fc uahlfwv wma pujtfgau~ jd wma ~anwju q~a
iacauhl njcgfwfjc~ fw yfll ea cana~~huv wj nmank eadjuamhcg wmhw wma~a hua hghpwag wj wma
pujtf~fjc~ jd wma ^phcf~m Lhy hcg wma gaiuaa jd uaiqlhwfjc jd wma pujtfgau fw~ald wj
fcnjupjuhwa fc wquc hggfwfjchl nlhq~a~, nmjj~fci eawyaac wmj~a jddau~ wmhw iqhuhcwaa wmf~
njoplfhcna#
85 ^aa wma Ghwh ^anqufwv Iqfga -5080& hcg wma wjjl ATHLQH jd wma ^phcf~m Ghwh Pujwanwfjc Hiacnv wmhw achela~fgacwfdfnhwfjc jd wma ~aw jd ~anqufwv oah~qua~ pujtfgag hcg wa~wfci wmafu njoplfhcna#
Mjy gj huwfnla~ 6 hcg 85 jd wma LJPG hddanw nljqg njopqwfci:
8/3/2019 Guide for companies on cloud computing: security and privacy implications
19/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 86 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Jc wma jwmau mhcg, wma hgjpwfjc jd ~anqufwv oah~qua~ hcg wma iqhuhcwaa jd njcdfgacwfhlfwv,
fcwaiufwv hcg hthflheflfwv jd wma ghwh cjw jclv mhta h gfoac~fjc ualhwag wj uaiqlhwjuv
njoplfhcna eqw hl~j wj wma pua~wfia hcg uapqwhwfjc jd wma juihcf~hwfjc# Ymac wma pujtfgau
f~ ~qebanw wj ^phcf~m Lhy fw oq~w iqhuhcwaa uaiqlhwjuv njoplfhcna, wmhw f~ wma UGLJPG
hcg, fc wquc, fd wma nlfacw f~ h pqelfn hgofcf~wuhwfjc wma uaxqfuaoacw~ wmhw gaufta dujo wma
Chwfjchl ^anqufwv8> hcg Fcwaujpauheflfwv87
>#8#5 Nuj~~/ejugau ghwh wuhc~dau
^nmaoa~# Ymac wma pujtfgau f~ cjw ~qebanw wj
^phcf~m uaiqlhwfjc, a}napw ymac fw f~ h njqcwuv ijtaucag ev wma pujtf~fjc~ jd huwfnla 89 jd
wma Gfuanwfta, fw f~ hgtf~hela wj nmank wmhw wma ~anqufwv oah~qua~ pujtfgag ev fw njoplv yfwm
wma pufcnfpla~ hcg jebanwfta~ jd jqu uaiqlhwfjc#
Huwfnla >> hcg Huwfnla >7 jd Wfwla T jd wma LJPG jc Fcwauchwfjchl Ojtaoacw jd Ghwh hcg wma
UGLJPGua~pjcg wj wmf~ xqa~wfjc# Wma nljqg njopqwfci ohukaw f~ iljehl, ~fcna fw f~ q~qhl
wmhw wma ghwh f~ ljnhwag jqw~fga jd ^phfc hcg atac fc ~atauhl gfddauacw njqcwufa~#
Wma fcwauchwfjchl wuhc~dau jd ghwh f~ gadfcag h~ wma pujna~~fci jd ghwh wmhw h~~qoa~ h
wuhc~dau jd wma ~hoa jqw~fga wma wauufwjuv jd wma Aqujpahc Anjcjofn Huah, afwmau fw
njc~wfwqwa~ h wuhc~dau ju njooqcfnhwfjc jd ghwh, ju fw hfo~ wj nhuuv jqw ghwh pujna~~fci jc
eamhld jd wma ghwh njcwujllau a~whelf~mag fc ^phcf~m wauufwjuv#
Fc wma nh~a ymaua wma pujna~~ju f~ a~whelf~mag hcg*ju q~fci oahc~ dju ghwh pujna~~fci fc
h Oaoeau ^whwa, wma njcwujllau oq~w hpplv wma ~anqufwv jelfihwfjc~ ~qnm h~ gadfcag fc wma
laif~lhwfjc jd wma Oaoeau ^whwa jd wma pujna~~ju, fcgapacgacw jd wma hiuaaoacw~ uahnmag
ev ejwm phuwfa~81
Wma fcwauchwfjchl wuhc~dau jd ghwh qcgauwhka~ wj gf~wfciqf~m eawyaac wma njqcwufa~
fcwaiuhwag fc wma Aqujpahc Anjcjofn Huah hcg wmfug phuwv ~whwa~ jqw~fga jd wmf~iajiuhpmfnhl huah# Fc wma dfu~w nh~a, wma ghwh pujna~~ju f~ ijtaucag ev jugfchuv uqla~#
Ymaua wma pujtf~fjc f~ ohga fc njqcwufa~ jqw~fga wma Aqujpahc Anjcjofn Huah, wma
uaifoa a~whelf~mag ev Huwfnla~ >> hcg >7 jd wma LJPG yfll jpauhwa#
#
8> Ujvhl Ganuaa >*5080, jd = Bhcqhuv, ymfnm uaiqlhwa~ wma Chwfjchl anqufwv nmaoa fc wma dfalg jd Alanwujcfn Hgofcf~wuhwfjc#87 Ujvhl Ganuaa 7*5080, jd = Bhcqhuv, ymfnm uaiqlhwa~ wma Chwfjchl Fcwaujpauheflfwv ^nmaoa fc wma dfalg jd AlanwujcfnHgofcf~wuhwfjc#81# Hnnjugfci wj huwfnla 89#> jd Gfuanwfta 61*74*AN -fc ualhwfjc wj huwfnla 7
Ymhw ~mjqlg wma njophcv gj ymac wma ghwh ~wjuag fc wma nljqg f~ ljnhwag fc
hcjwmau njqcwuv:
8/3/2019 Guide for companies on cloud computing: security and privacy implications
20/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 50 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Huwfnla~
fctjltagNjcwacw~ jd Huwfnla
Huwfnla >> LJPG Fw f~ cjw pauofwwag wma waopjuhuv ju pauohcacw wuhc~dau jd pau~jchl
ghwh wj jwmau njqcwufa~ ymj gj cjw jddau h latal jd pujwanwfjc
njophuhela wj wma LJPG#
Huwfnla >7 LJPG
Jc jnnh~fjc wmf~ wuhc~dau f~ pauofwwag yfwm pufju hgofcf~wuhwfta
hqwmjuf~hwfjc jd wma ^phcf~m Ghwh Pujwanwfjc Hqwmjufwv -HAPG&84
^qnm hqwmjuf~hwfjc f~ cjw cana~~huv2
#
Fc wma a}napwfjchl h~~qopwfjc~ jd Huwfnla >7#h hcg >7#b jd wma
LJPG#
Fc wma nh~a jd njqcwufa~ dju ymfnm wma Njoof~~fjc mh~ ~whwag
wmhw fw njc~fgau~ wj mhta hc hppujpufhwa latal jd pujwanwfjc jd
pau~jchl89
ghwh#
Ymac wma~a nfunqo~whcna~ hua cjw iftac fw f~ cana~~huv wj jewhfc hqwmjuf~hwfjc dujo wma
Gfuanwju jd wma HAPG djlljyfci wma pujnagqua a~whelf~mag ev wma ^anwfjc Jca, jd Nmhpwau
T jd Wfwla F] jd wma UGLJPG# Fw f~ tauv fopjuwhcw wj whka fcwj hnnjqcw wmhw ymac wma
njcwuhnw djlljy~ wma df}ag nufwaufh fc wma gfddauacw ojgal~ jd njcwuhnwqhl wvpa nlhq~a~
a~whelf~mag ev Ganf~fjc~ jd wma Aqujpahc8=
84 Hnnjugfci wj wma pujnagqua pujtfgag fc wma Dfu~w ^anwfjc jd Nmhpwau T jd Wfwla F] jd wma UGLJPG#
Njoof~~fjc, Huwfnla 90#5 jd wma UGLJPG
pjfcw~ jqw wmhw wma hgaxqhwa iqhuhcwaa~ ~mhll ea njc~fgauag a~whelf~mag#
89 Wma~a hua2 ^yfwraulhcg, Huiacwfch, Iqauc~av, F~la jd Ohc, Bau~av, Pmhuja F~lhcg~, Hcgjuuh, F~uhal# Wmaua hua wyjnjqcwufa~ yfwm nauwhfc panqlfhufwfa~# Nhchgh fc ymfnm juihcf~hwfjc~ ~qebanw wj Nhchgfhc ghwh pujwanwfjc lhy~ hua njc~fgauag~hda, hcg Qcfwag ^whwa~, uaihugfci njophcfa~ ymj mhta ~qe~nufeag wj %^hda Mhuejqu%, wmhw f~ wma pufcnfpla~ jd ^hda Mhuejqudju wma pujwanwfjc jd wma pufthwa lfda hcg wma njuua~pjcgfci oj~w duaxqacw xqa~wfjc~, pqelf~mag ev wma Gaphuwoacw jd Wuhga jdwma Qcfwag whwa~#8=^panfdfnhllv, wma Ganf~fjc~ jd wma Aqujpahc Njoof~~fjc fc xqa~wfjc hua2
Njoof~~fjc Ganf~fjc 5008*769*AN jd 81 Bqca 5008 jc )^whcghug njcwuhnwqhl nlhq~a~ dju wma wuhc~dau jd pau~jchlghwh wj h wmfug njqcwufa~, qcgau Gfuanwfta 61*74*AN#
Njoof~~fjc Ganf~fjc 5008*769*AN jd 81 Bqca 5008jc )^whcghug njcwuhnwqhl nlhq~a~ dju wma wuhc~dau jd pau~jchlghwh wj wmfug njqcwufa~ qcgau Gfuanwfta 61*74*AN# -f~ uapahlag yfwm addanw dujo 81 Ohv 5080
Njoof~~fjc Ganf~fjc 5080*=9*AQ jd 1 Daeuqhuv 5080 jc ~whcghug njcwuhnwqhl nlhq~a~ dju wma wuhc~dau jd pau~jchlghwh wj pujna~~ju~ a~whelf~mag fc wmfug njqcwufa~ qcgau Gfuanwfta 61*74*AN jd wma Aqujpahc Phulfhoacw hcg jd wmaNjqcnfl#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
21/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 58 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
>#5 UAIQLHWFJC JD WMA L^^F
^autfna pujtfgau~ dujo wma fcdjuohwfjc ~jnfawv -ghwh mj~wfci ~autfna~ fc wma nljqg hcg
hnna~~ wj Fcwaucaw&, oq~w njoplv yfwm wma uaxqfuaoacw~ a~whelf~mag fc Lhy >7*5005, jcwma Fcdjuohwfjc ^jnfawv ^autfna~ hcg Alanwujcfn Njooauna -L^^F&2
^panfdfnhllv, wma ~autfna pujtfgau~ a~whelf~mag fc ^phfc hua jelfiag wj fcdjuo wmafu nlfacw~
pauohcacwlv, ah~flv, gfuanwlv hcg duaalv jc2
Wma wanmcfnhl ua~jquna~ hpplfag wj fcnuah~a ~anqufwv jd wma fcdjuohwfjc -~qnm h~
hcwftfuq~ pujiuho~, hcwf~pvyhua hcg ohfl dflwau~
Wma ~anqufwv oah~qua~ wmhw hpplv fc wma pujtf~fjc jd ~autfna~#
Wma nquuacw wjjl~ dju dflwaufci hcg ua~wufnwfci hnna~~ wj nauwhfc njcwacw hcg ~autfna~
jc wma Fcwaucaw ymfnm f~ qcyhcwag ju pjwacwfhllv mhuodql wj nmflguac hcg vjqci
pajpla#
Fc wma nh~a jd Fcwaucaw hnna~~ pujtfgau~, wmav ~mjqlg hl~j njooqcfnhwa wj q~au~
wma lfheflfwfa~ wmav ohv fcnqu dju qclhydql q~a jd wma Caw#
Fc hggfwfjc wj wmj~a laihl pujtf~fjc~ nfwag Lhy >5*500>, Iacauhl Lhy jc
Walanjooqcfnhwfjc~ hl~j ac~qua~ njoplfhcna jd wma jelfihwfjc~ fc wma ~anuanv jd
njooqcfnhwfjc~ hcg pujwanwfjc jd pau~jchl ghwh, h~ yall h~ wma ufimw~ hcg jelfihwfjc~ jd hpqelfn chwqua lfckag wj alanwujcfn njooqcfnhwfjc~ cawyjuk~ hcg ~autfna~, fopj~fci hw wma
~hoa wfoa wma ualathcw ~hcnwfjc~ dju fw~ cjcnjoplfhcna#
>#> UAIQLHWFJC JD WMA PACHL NJGA
Wma uhcia jd f~~qa~ wmhw huf~a fc h nljqg actfujcoacw nhc ea tauv njopla}, hlwmjqim fc
wmf~ ~anwfjc ya a}hofca fc phuwfnqlhu wma nufoa jd duhqg#
Wma dahwqua~ jd wma nljqg ojgal, ~qnm h~ ualjnhwfjc hcg wuhc~dau jd ghwh hcg pujna~~a~ wj
wmfug phuwfa~, ohv fctfwa pj~~fela njc oac wj nuahwa dhka yae~fwa~ fc wma nljqg wjhppujpufhwa ~ac~fwfta fcdjuohwfjc gqopag ev wma q~au~ ju gf~wufeqwa ohlyhua fc wmf~
actfujcoacw wj nhuuv jqw pmf~mfci hwwhnk~ jclfca#
Wma Pachl Njga uaiqlhwa~ wma nufoa jd duhqg fc Huwfnla 57= -uanacwlv uadjuoag hnnjugfci
wj Juihcfn Lhy 1*5080, jd 55 Bqca& hcg fc phuwfnqlhu fw a~whelf~ma~ wmhw2
8& Wmj~a ymj njoofw duhqg ganafta hcjwmau dju pujdfw, lahgfci wmao wj paudjuofci
hc hnw fc gawufoacw wj wmao~alta~ ju jwmau~#
5& Hl~j gaaoag njc oac hua2
8/3/2019 Guide for companies on cloud computing: security and privacy implications
22/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 55 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
h# Wmj~a ymj, dju pujdfw hcg wmujqim ~joa njopqwau ohcfpqlhwfjc ju ~foflhu,
ohka hc qchqwmjuf~ag wuhc~dau jd hcv h~~aw~ fc gawufoacw jd hcjwmau,
fcnlqgfci wma fcdjuohwfjc fc wmf~ nhwaijuv#
e# Wmj~a ymj ohcqdhnwqua, fcwujgqna, jyc ju pujtfga njopqwau pujiuho~
~panfdfnhllv hfoag hw njoofwwfci duhqg#
n# Wmj~a ymj q~a nuagfw ju gaefw nhug~, ju wuhtallau)~ nmaxqa~, ju ghwh
hppahufci fc hcv jd wma~a wj nhuuv jqw jpauhwfjc~ jd hcv kfcg fc gawufoacw
jd wmafu jycau ju jd h wmfug phuwv#
Gapacgfci jc wma hojqcw gaduhqgag, wma dfchcnfhl lj~~ nhq~ag wj wma tfnwfo, wma
ualhwfjc~mfp eawyaac wma tfnwfo hcg wma gaduhqgau, wma oahc~ aopljvag ev mfo hcg jwmau
pj~~fela nfunqo~whcna~ wmhw ~auta wj h~~a~~ wma fcnfgacw, gfddauacw ~hcnwfjc~ hua fopj~ag
jc wma njc ohc, ~qnm h~ njcwhfcag fc ~hfg laihl wa}w
>#7 WMA LAIHL ^V^WAO JD GA^WFCHWFJC NJQCWUFA^
Wma nmjfna jd njqcwuv jd ga~wfchwfjc jd wma ghwh wmhw hua wma jebanw jd h pujtf~fjc eh~ag jc
nljqg njopqwfci oq~w cjw jclv whka fcwj hnnjqcw wma ~whcghug~ wmhw uaiqlhwa wma
fcdjuohwfjc hcg njooqcfnhwfjc~ wanmcjljifa~, eqw wma ymjla jd wma Laihl ^v~wao# Wma
^phcf~m Njc~wfwqwfjc hcg wma Wuahwfa~ jd wma Aqujpahc Qcfjc hua fc kaapfci yfwm h
njc~wfwqwfjchl wuhgfwfjc wmhw ~hdaiqhug~ wma dqcghoacwhl ufimw~ jd fcgftfgqhl~#
Wmauadjua, ljnhwfci ghwh fc h njqcwuv fc ymfnm wma~a ufimw~ hua cjw iqhuhcwaag tfjlhwa~ fc
~joa yhv wma ~pfufw jd wma ^phcf~m njc~wfwqwfjchl ojgal hcg h yhv jd njcnaftfci mqohc
ufimw~# Puanf~alv dju wmf~, Huwfnla >9#8#d hcg Huwfnla 90#> UGLJPG achela~ wma waopjuhuflv
uadq~a ju ~q~pacg h wuhc~dau ymac wma ~fwqhwfjc jd wma pujwanwfjc jd wma dqcghoacwhl
ufimw~ hcg pqelfn lfeauwfa~ fc wma ga~wfchwfjc njqcwuv fw~ laif~lhwfjc puatacw~ wma iqhuhcwaa
jd wma njoplawa paudjuohcna jd wma njcwuhnw hcg wma a}aunf~a ev ghwh ~qebanw~ jd wma
ufimw~ iqhuhcwaag ev wma njcwuhnw#
Jc wma jwmau mhcg, ~joawfoa~ wma ga~wfchwfjc njqcwufa~ ohv njcdau a}wuhjugfchuv pjyau~jc fw~ fcwallfiacna ~autfna~, ju jc fw~ ~anqufwv djuna~ hcg hiacnfa~, dju hnna~~ wj
fcdjuohwfjc njcwhfcag jc ~autau~ qcgau wmafu bquf~gfnwfjc#
Ga~pfwa wma dhnw wmhw jc wma ohbjufwv jd jnnh~fjc~ vjq hua pujehelv gahlfci yfwm paudanwlv
uaiqlhwag oah~qua~ ymfnm njcdjuo wj jqu njc~wfwqwfjchl thlqa~, wma pj~~fela fcwac~fwv jd
wma ~hoa ~mjqlg ea a}hofcag fc wma uf~k hchlv~f~ pufju wj wma ljnhwfjc cjw jclv jd
pau~jchl ghwh, eqw hl~j jd wmhw fcdjuohwfjc hcg ua~jquna~ wmhw wma juihcf~hwfjc
yf~ma~ wj ~hdaiqhug hihfc~w hcv a}wauchl hnna~~ -^aa ~anwfjc 1#5 ^anqufwv jc wma phuw
jd wma nlfacw
8/3/2019 Guide for companies on cloud computing: security and privacy implications
23/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 5> jd 75Fcdjuohwfjc anqufwv Je~authwjuv
7 UF K^ JD NLJQG NJOPQWFCI
H~ yfwm hll wanmcjljiv, nljqg njopqwfci f~ cjw a}aopw dujo uf~k~# Wma ojua njopla} wma
njopqwfci fcduh~wuqnwqua q~ag, wma ojua pjwacwfhl tqlcauheflfwfa~ hppahu# Ealjy hua
ga~nufeag wma ohfc ~anqufwv hcg pufthnv uf~k~ wmhw ohv mhta hc fophnw jc ua~jquna~ fc wmanljqg86
7#8 HEQ^A HCG OHLFNFJQ^ Q^A
2
Nljqg njopqwfci jddau~ h iuahw cqoeau jd hgthcwhia~ hcg jppjuwqcfwfa~ wmhw hua hl~j
eafci a}pljfwag ev njopqwau pfuhwa~# Hwwhnk~ ~qnm h~ ph~~yjug50 wmadw, ~pho ohfl,
nhpwnmh~58 dhuo~ ju gf~wufeqwag gacfhl/jd/~autfna hwwhnk~55
Nveau galfcxqacw~ nhc plhc wmafu hwwhnk~ njcwuhnwfci ~autfna~ fc wma nljqg wj lhwau a}anqwawmao fc h ohwwau jd mjqu~# Dquwmauojua, wma ua~jquna~ q~ag yfll ea yfwmguhyc jcna wma
hwwhnk f~ dfcf~mag, wmq~ ohkfci wmafu pqu~qfw gfddfnqlw#
eanjoa oqnm ~foplau hcg
nmahpau#
^foflhulv, wmav nhc njcwuhnw ~wjuhia ~autfna~ fc wma nljqg wj kaap ohlfnfjq~ ju ~wjlac ghwh#
Fc wmf~ yhv, wmav ohka fw gfddfnqlw dju wma hqwmjufwfa~ wj hnna~~ wmf~ fcdjuohwfjc -gqa wj wma
njopla}fwv fw fctjlta~& wj hnw hihfc~w wma hwwhnkau~#
7#5 FCWAUCHL FCDJUOHWFJC LAHK^
Wma wmuahw nhc hl~j njoa dujo wma njophcv fw~ald, wmujqim mqohc auuju ju galfeauhwahnwfjc~ jd nljqgq~au~# Wma~a fcnfgacw~ wufiiau lj~~ jd fcdjuohwfjc, yfwm ua~qlwfci ghohia
wj wma njophcv fohia hcg wma pjwacwfhl laihl njc~axqacna~# Wj htjfg wma~a ~fwqhwfjc~,
wma juihcf~hwfjc~ q~a oah~qua~ ~qnm h~ wma fcnjupjuhwfjc jd njcdfgacwfhlfwv nlhq~a~ fc
aopljvoacw njcwuhnw~ ju wma a~whelf~moacw jd ~anqufwv pjlfnfa~#
7#> FC^ANQUA HPF^
HPF5>
Ahnm ~autfna pujtfgau fc wma nljqg jddau~ wmafu jyc njccanwfjc HPF~ wmhw hlljy dujo ~whuw ju
~wjp wma ~autfna~ fc wma nljqg wj fcnuah~a ju ganuah~a wma ua~jquna~ jd wma ~hoa#
f~ wma ~fcila pjfcw jd fcwauhnwfjc yfwm wma pujiuho~ wmhw hua uqccfci fc wma nljqg# H~
wma ihwayhv wj nljqg ~autfna~, wmav eanjoa h nufwfnhl pjfcw jd ~v~wao ~anqufwv hcg pufthnv#
86 ^jquna2 Ehcaih~, O# -Waladcfnh A~phh Iuhcga~ Nlfacwa~& Pua~acwhwfjc ^anqufwv fc Nljqg Njopqwfci# ACF^A 7 -50802 Ph~~yjug nuhnkfci f~ h njopqwau pujna~~ wmhw njc~f~w~ jd ganfpmaufci wma ph~~yjug jd nauwhfc hpplfnhwfjc~ wj jewhfcqchqwmjuf~ag hnna~~#58 Nhpwnmh f~ wma hnujcvo jd Njoplawalv Hqwjohwag Pqelfn Wqcfci wa~w wj wall Njopqwau~ hcg Mqohc~ Hphuw Fw f~ hnmhllacia/ua~pjc~a wa~w q~ag fc njopqwfci wj gawauofca ymawmau wma q~au f~ mqohc ju cjw#55 Gf~wufeqwag Gacfhl jd ^autfna -GGJ^ Wma gf~wufeqwag gacfhl jd ~autfna njc~f~w~ jd hwwhnkfci h njopqwau ~v~wao wjnjc~qoa hll fw~ ua~jquna~ -dju a}hopla, wma ehcgyfgwm& puatacwfci hnna~~ wj laifwfohwa q~au~#5> Hpplfnhwfjc Pujiuhoofci Fcwaudhna# Hc hpplfnhwfjc pujiuhoofci fcwaudhna f~ wma ~aw jd dqcnwfjc~ hcg pujnagqua~ wmhwlfeuhufa~ jddau wj ea q~ag ev jwmau ~jdwyhua ~qnm h~ hc he~wuhnwfjc lhvau#
7# Uf~k~ jd nljqg njopqwfci
8/3/2019 Guide for companies on cloud computing: security and privacy implications
24/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 57 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Yfwmjqw h pujpau ~anqufwv pjlfnv, HPF~ ohv qcgauij ohlyhua hwwhnk~ ~j wmhw wmav nhuuv jqw
hggfwfjchl hnwfjc~ ju wmj~a gfddauacw dujo wma hnwfjc~ jufifchllv pujiuhooag# Yfwm wmf~, wma
hwwhnkau~ pqu~qa wma wmadw hcg*ju hnna~~ wj fcdjuohwfjc jd wma tfnwfo#
7#7 FGACWFWV DUHQG
Fgacwfwv duhqg f~ h nquuacw uf~k ejwm fc wuhgfwfjchl njopqwfci ~v~wao~ hcg fc wma nljqg
njopqwfciojgal# Mjyatau, fw mh~ h ~panfhl ualathcna fc wma lhwwau#
Fc wma ohbjufwv jd njopqwau ~v~wao~ vjq oq~w fgacwfdv vjqu~ald eadjua paudjuofci hcv wh~k#
Q~qhllv, wmf~ fgacwfdfnhwfjc f~ wmujqim wma njoefchwfjc jd q~au choa hcg ~anuaw njga ju
ph~~yjug#
Gapacgfci jc mjy vjq hua q~fci nljqg njopqwfci, wmf~ wuhgfwfjchl njoefchwfjc jd q~au hcgph~~yjug ohv cjw ea ~qddfnfacwlv ujeq~w# Vjq mhta wj fcta~wfihwa jwmau oqnm ojua ~anqua
~v~wao~ wj htjfg fgacwfwv duhqg jc wma Caw#
Jca ~jlqwfjc wj fcnuah~a ~anqufwv f~ wma q~a jd hc alanwujcfn GCF h~ h oahc~ jd fgacwfwv h~
fw fcnlqga~ nuvpwjiuhpmfn oah~qua~ hcg efjoawufn~ h~ h njoplaoacw wj wma wuhgfwfjchl
~anqufwv oah~qua~#
Fllq~wuhwfjc 52 Alanwujcfn GCF fohia
7#1 UF^K PUJDFLA FICJUHCNA
^anqufwv ohchiaoacw fc wuhgfwfjchl njopqwau actfujcoacw~ mh~ eaac ~wqgfag dju h ljci
wfoa# Fw f~ ualhwftalv ~fopla wj hpplv njopqwfci ~jlqwfjc~ wj fcnuah~a wma ~anqufwv, ohkfci
qchqwmjuf~ag acwufa~ gfddfnqlw ju uagqnfci ~v~wao tqlcauheflfwfa~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
25/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 51 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Mjyatau, nljqg njopqwfci fctjlta~ h puatfjq~lv qckcjyc atjlqwfjc# Fw jddau~ cay
dqcnwfjchlfwfa~ hcg fcnuah~a~ eq~fca~~ jppjuwqcfwfa~, eqw fc wquc fw f~ h ojgal wmhw nhc ea
a}pljfwag ev cay wmuahw~ jc wma Caw#
Wmf~ gja~ cjw oahc wmhw fw f~ la~~ ~hda wmhc puatfjq~ ojgal~, ~foplv wmhw wmaua f~ la~~
a}paufacna jd hwwhnk~ hcg ~anqufwv a}pauw~ hua ~wqgvfci wma cay ojgq~ jpauhcgfjd wma
ohlfnfjq~ q~au~ hw wma ~hoa wfoa h~ pjwacwfhl ga~fic auuju~#
Hojci wma~a njcnauc~, a}pauw~ ~wua~~ wma q~a jd ~mhuag57
57 ^jquna2 FCWANJ/NAUW -5088 Ufa~ij~ v hoachrh~ ac nljqg njopqwfci# -Uf~k~ hcg wmuahw~ fc nljqg njopqwfci&
wanmcjljifa~, a~panfhllv fc
ualhwfjc yfwm wma cana~~huv f~jlhwfjc jd fcdjuohwfjc jd gfddauacw q~au~ fc wma ~hoa
fcduh~wuqnwqua# Fc tfay jd wmf~, nljqg~autfna pujtfgau~ oq~w ohfcwhfc wmafu addjuw~ wj ac~qua
h ~autfna yfwmjqw nuhnk~ ymaua ahnm q~au mh~ hnna~~ ~jlalv wj wmafu jyc fcdjuohwfjc#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
26/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 54 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
1 ^ANQUFWV FC WMA NLJQG
Q~fci ~autfna~ fc wma nljqg fctjlta~ h nmhcia fc wma yhv ya qcgau~whcg fcdjuohwfjc
~anqufwv# Wma wuhgfwfjchl fohia nah~a~ wj a}f~w fc ymfnm hll njophcv ~autfna~ hua fc wma
eh~aoacw jd wma eqflgfci ymaua jclv wma njopqwau hgofcf~wuhwju~ nhc ihfc hnna~~# Ymacq~fci nljqg njopqwfcihc fopjuwhcw phuw jd wma ~anqufwv ~v~wao dhll~ jc wma njophcv ymj
pujtfga~ wma ~autfna~ fc wma nljqg#
Wj qcgau~whcg wma fcdjuohwfjc ~anqufwv ojgal hpplfag fc wmf~ ojgal fw f~ cana~~huv wj kcjy
wma gfddauacw plhvau~ fctjltag2
^autfna pujtfgau fc wma nljqg2 njophcv wmhw mh~ wma fcdjuohwfjc fcduh~wuqnwqua
cana~~huv dju mj~wfci wma pujiuho~ djlljyfci wma nljqg njopqwfciojgal#
Nlfacw2 pau~jc, juihcf~hwfjc ju njophcv wmhw njcwuhnw~ ~autfna~ fc wma nljqg# Wma
nlfacw phv~ h nauwhfc hojqcw jd ojcav wj acbjv wma eacadfw~ jd nljqg njopqwfci#
Wma acg q~au, ju pau~jc ju iujqp jd pau~jc~ ymj q~a wma pujiuho ohv ea
gfddauacw wj wma nlfacw# Dju a}hopla, h njophcv ohv njcwuhnw ~autfna~ fc wma nljqg
wj mj~w h yae ~autau wj ea hnna~~ag ev fw~ aopljvaa~, h~ ~mjyc fc wma fohia
ealjy#
Fllq~wuhwfjc >2 A}hopla jd phuwfnfphcw~ fc nljqg njopqwfci
Wma ~anqufwv oanmhcf~o~ wmhw nhc ea hpplfag wj pujwanw wma ghwh mj~wag fc wma nljqg oq~wea njc~fgauag h~ njllhejuhwfta yjuk eawyaac wma wyj phuwfa~ -~autfna pujtfgau fc wma
nljqg hcg nlfacw&, h~ ejwm oq~w h~~qoa ~joa ua~pjc~feflfwfa~# Wma paudjuohcna jd bjfcw
~anqufwv hqgfw~ f~ h ea~w puhnwfna wj nmank wmhw wma ymjla ~v~wao f~ pujwanwag hihfc~w
pjwacwfhl wmuahw~#
1#8 ^ANQUFWV JC WMA PHUW JD WMA NLJQG NJOPQWFCI PUJTFGAU
Wma nljqg ~autfna pujtfgau f~ ua~pjc~fela dju ac~qufci wma pmv~fnhl ~anqufwv fc fw~ ghwh
pujna~~fci nacwua~# Wmav ~mjqlg puatacw qchqwmjuf~ag pau~jc~ dujo acwaufci ~hfgeqflgfci~ wj, dju a}hopla, ~wahl wmafu axqfpoacw# ^foflhulv, wmav ~mjqlg kaap wmafu
1#^anqufwv fc wma nljqg
8/3/2019 Guide for companies on cloud computing: security and privacy implications
27/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 59 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
axqfpoacw qpghwag, ejwm mhugyhua hcg ~jdwyhua, wj gahl yfwm
wmuahw~ a}f~wfci jc wma Fcwaucaw#
Wma pujtfgau q~a~ oanmhcf~o~ ~qnm h~ tfuwqhlf~hwfjc hcg~aioacwhwfjc jd ghwh wj ~wuaciwmac wma ~anqufwv jd wmafu
~autfna~ fc wma nljqg#
Tfuwqhlf~hwfjc nhc ea ~aac h~ h djuo jd fcnuah~fci wma
~anqufwv jd wma pujna~~a~ wmhw hua nhuufag jqw fc wma nljqg# ^atauhl tfuwqhl
ohnmfca~ nhc ea uqc jc h ~fcila ~autau eqw ahnm tfuwqhl ohnmfca uqc~ hc jpauhwfci
~v~wao fc f~jlhwfjc# Oaojuv hcg gf~k ~phna hua njcwujllag ev h mvpautf~ju 51
Wma ohbju uf~k ymfnm wma ~autfna pujtfgau oq~w dhna h~ uaihug~ wmf~ oanmhcf~o f~
wma njcwujl hcg uaojthl jd ohlfnfjq~ ~jdwyhua wmhw wufa~ wj athga wma pujwanwfjc~ jd
wma mvpautf~ju wj ihfc hnna~~ wj jwmau tfuwqhl ohnmfca~ hcg atac wma mj~w ~v~wao#
wmhw
puatacw~ pujna~~a~ uqccfci jc gfddauacw tfuwqhl ohnmfca~ dujo fcwauhnwfci yfwm
ahnm jwmau#
Wma ualjnhwfjc jd wma ghwh f~ h dahwqua wmhw ohv hl~j ea a}pljfwag h~ h ~anqufwv
oanmhcf~o fw~ald# Wma ~aioacwhwfjc jd ghwh hlljy~ wma nlfacw ghwh wj ua~fga jc
gfddauacw ~autau~, atac fc gfddauacw ghwh nacwua~# Fc wmf~ yhv ~hfg ghwh f~ pujwanwag
hihfc~w h mvpjwmawfnhl wmadw jc wma puaof~a~ jd wma ~autfna pujtfgau#
Hl~j, ymac kaapfci wma ghwh fc ~atauhl plhna~ ~foqlwhcajq~lv, wmaua f~ h ehnkqp
~v~wao puhnwfnhllv fc uahl wfoa# Wmq~, dhnag yfwm ~anqufwv auuju~, vjq nhc uanjtau
wma hnwftfwv uhpfglv, hlljyfci njcwfcqfwv jd eq~fca~~#
51 Mvpautf~ju2 tfuwqhlf~hwfjc plhwdjuo wmhw hlljy~ vjq wj q~a gfddauacw jpauhwfci ~v~wao~ hw wma ~hoa wfoa#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
28/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 5= jd 75Fcdjuohwfjc anqufwv Je~authwjuv
1#5 ^ANQUFWV JC WMA PHUW JD WMA NLFACW
Dju wmafu phuw, wma nlfacw f~ ua~pjc~fela dju kaapfci wma jpauhwfci
~v~wao qpghwag hcg fc~whllfci wma ~anqufwv phwnma~ wmhw hppahu#Fw f~ hl~j cana~~huv wj ohfcwhfc wuhgfwfjchl ~anqufwv pjlfnfa~ ~qnm
h~ q~au njcwujl, galawfjc jd q~au hnnjqcw~ wmhw hua cj ljciau
q~ag, ju wma uatfay jd ~jdwyhua wj nmank wmhw wmaua hua cj
tqlcauheflfwfa~, hojci~w jwmau~#
Wma ~panfdfn oanmhcf~o~ wmhw wma nlfacw ohv hgjpw wj ~wuaciwmac
~anqufwv fc wma nljqg fcnlqga paufoawau njcwujl, nuvpwjiuhpmv hcg wma ohchiaoacw jd
atacw lji dfla~#
Jc wma phuw jd wma nlfacw, jca jd wma pfllhu~ jd fcdjuohwfjc ~anqufwv f~ paufoawaunjcwujl# Wj hnnjoplf~m wmf~, ya hgtf~a fc~whllfci hcg njcdfiqufci h dfuayhll, h
njopqwau hpplfnhwfjc wmhw f~ fc nmhuia jd ojcfwjufci hll njooqcfnhwfjc~ wmhw hua
ohga wj hcg dujo vjqu njopqwau ju cawyjuk hcg ganfga~ ymawmau wmav hua
pauofwwag gapacgfci jc wma uqla~ a~whelf~mag ev wma ~v~wao hgofcf~wuhwju#
Wj hgg hcjwmau latal jd cawyjuk ~anqufwv, ya hl~j uanjooacg fc~whllfci hcg
njcdfiqufci hc Fcwuq~fjc Gawanwfjc ^v~wao ju FG^ 54
Nuvpwjiuhpmv f~ hcjwmau jd wma oanmhcf~o~ wmhw f~ ijfci wj plhv h lahgfci ujla fc
wma q~a jd nljqg ~autfna~# Nuvpwjiuhpmv pujtfga~ h mfim latal jd ~anqufwv fc wmuaa
ohfc h~panw~2
# Hc FG^ f~ h njopqwau
hpplfnhwfjc wmhw cjw jclv eljnk~ ju pauofw~ njccanwfjc~ eqw wmhw hchlv~a~ wma~a
njccanwfjc~ wj gawanw ymawmau hcv jd wmao f~ nhuuvfci njcwacw ymfnm ohv eamhuodql dju wma njopqwau ju cawyjuk# Fc hggfwfjc fw f~ nhphela jd nhwaijuf~fci wma
gfddauacw wmuahw~ hcg fcdjuofci wma ~v~wao hgofcf~wuhwju djlljyfci h lf~w jd uqla~ hcg
maquf~wfn~#
j Pujwanwfjc jd Fcwaucaw njccanwfjc~ eawyaac q~au~ hcg hpplfnhwfjc~ fc
wma nljqg# Wma q~a jd ^anqua ^jnkaw~ Lhvau-^^L&59 hcg Wuhc~pjuw Lhvau^anqufwv-WL^&5=
54Fcwuq~fjc Gawanwfjc v~wao#
ac~qua~ wmhw hll ghwh wmhw wuhtal~ dujo wma nljqg ~autau wj
wma q~au f~ acnuvpwag puatacwfci hnna~~ wj wmfug phuwfa~ atac ymac hc
qc~anqua Yf/Df cawyjuk f~ q~ag#
59^anqua jnkaw~ Lhvau2 ^L pujwjnjl# Pujtfga~ hqwmacwfnhwfjc hcg pufthnv jd fcdjuohwfjc eawyaac a}wuaoa~ jc wma Fcwaucawwmujqim wma q~a jd nuvpwjiuhpmv#5=Wuhc~pjuw Lhvau ^anqufwv2 WL^# Njc~f~w~ jd h nuvpwjiuhpmfn pujwjnjl wmhw pujtfga~ ~anqua njooqcfnhwfjc~ wmujqim wma
Fcwaucaw# WL^ f~ hc fcgapacgacw pujwjnjl wmhw hlljy~ wma pujwjnjl~ jd h mfimau latal wj hnw jc wjp jd fw wuhc~phuacwlv# Eh~agjc ^^L dujo Caw~nhpa >#0# WL^ h~~qoa~ wma atjlqwfjc jd fw~ puagana~~ju, hlwmjqim wmav hua cjw fcwaujpauhela#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
29/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 56 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Fllq~wuhwfjc 72 Hohrjc#njo ^^L Nauwfdfnhwa
j Pujwanwfjc jd njccanwfjc~ eawyaac wma ~v~wao hgofcf~wuhwju~ hcg
nljqg ~autfna~# Fc wmf~ nh~a, wma q~a jd ^anqua ^mall -^^M&56 hcg Tfuwqhl
Pufthwa Cawyjuk -TPC&>0 yfll hlljy wma ~v~wao hgofcf~wuhwju~ ju hpplfnhwfjc
gataljpau~ wj ohfcwhfc h ~hda nmhccal jd njooqcfnhwfjc yfwm wma nljqg
~v~wao~#
Fllq~wuhwfjc 12 Pujwanwfjc jd nljqg njopqwfci njccanwfjc~
56^anqua ^mall2 Fcwaupuawau jd ~anqua jugau~# Wma choa jd h pujwjnjl hcg wma pujiuho wmhw foplaoacw~ fw, hcg ~auta~ wjhnna~~ uaojwa ohnmfca~ wmujqim h cawyjuk#>0Tfuwqhl Pufthwa Cawyjuk2 TPL H cawyjuk wanmcjljiv wmhw hlljy~ hc a}wac~fjc wj wma cawyjuk jc h pqelfn ju cjc/njcwujllagcawyjuk, ~qnm h~ dju a}hopla wma Fcwaucaw#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
30/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >0 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
j Ghwh pujwanwfjc q~fci nuvpwjiuhpmv# Fd vjq q~a wma nljqg h~ h ghwh
~wjuhia ~v~wao ya uanjooacg wmhw vjq q~a hc hppujpufhwa acnuvpwfjc
latal dju wmj~a ~ac~fwfta ghwh wmhw hua ijfci wj ea plhnag wmaua# Fc wmf~ yhv,
fd hcv qchqwmjuf~ag q~au fcwaunapw~ wma ghwh ju mh~ hnna~~ wj wma dfla
~v~wao fc wma nljqg, wmf~ q~au yfll cjw ea hela wj uahg wma njcwacw plhnag
wmaua yfwmjqw kcjyfci wma acnuvpwfjc njga#
Fllq~wuhwfjc 42 Q~a jd acnuvpwag hunmfta~ fc Qeqcwq Jca
Wma jclv yhv wj nmank njopqwau hnwftfwv, gawanw fcnfgacw~ hcg djuoqlhwa h plhc jd
hnwfjc wj puatacw h uajnnquuacna fc wma dqwqua f~ wj ohchia wma ~v~wao lji~>8
Ya hl~j hgtf~a ohkfci duaxqacw ehnkqp~ jd wma~a lji~ hcg atac ~wjufci wmao jc h
gfddauacw ohnmfca eanhq~a fd hc hwwhnkau whka~ njcwujl jd wma ~v~wao fc wma nljqg fw
njqlg ga~wujv wma lji dfla~ wmq~ auh~fci wmafu djjwpufcw~#
#
Hlwmjqim fw f~ lfkalv wmhw vjq yfll cjw mhta hnna~~ wj hll wma fcdjuohwfjc hejqw
~v~wao atacw~, wma nlfacw oq~w ~wjua hcg uatfay hll wma lji~ wmhw hua qcgau wmafu
ua~pjc~feflfwv# Dju a}hopla, wma lji jd q~au~ ymj hnna~~ wma hpplfnhwfjc,
ohcfpqlhwa ju galawa dfla~ jc wma tfuwqhl ohnmfca, ju wma lji jd pjwacwfhllv mhuodql
njccanwfjc~ gawanwag ev wma FG^ hcg ev wma dfuayhll#
>8 Lji2 wa}w dfla ymfnm ihwmau~ hll wma hnwftfwv wmhw whka~ plhna jc h nauwhfc njopqwau, hlljyfci dju nauwhfc pujiuho~ wmhw fw~jycau ju hgofcf~wuhwju hqwmjuf~a~ wj gawanw fllaihl hnwftfwfa~ hcg fgacwfdv, q~fci wmafu FP hggua~~, wma njuua~pjcgfci q~au#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
31/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >8 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
4 PUFTHNV FC WMA NLJQG
Fcdjuohwfjc f~ wma oj~w fopjuwhcw h~~aw jd juihcf~hwfjc~# Ac~qufci wma pufthnv jd
fcdjuohwfjc gqufci fw~ lfda nvnla f~ nuqnfhl ymac q~fci nljqg njopqwfci~autfna~#
4#8 GHWH PUJWANWFJC
Wma lfda nvnla wmhw wma ghwh pujna~~ag fc wma nljqg djlljy~ f~ ga~nufeag ealjy2
Wma ghwh f~ puaphuag wj ea hela wj hghpw wj wma nljqg njctauwfci fw~ djuohw hcg
nuahwfci h dfla wmhw njcwhfc~ hll wma cana~~huv fcdjuohwfjc#
Wma ghwh %wuhtal~% wj wma nljqg wmujqim hc Fcwaucaw njccanwfjc, tfh aohfl,
wmujqim h ~panfdfn hpplfnhwfjc wj fopjuw fw ju ev wuhc~dauufci wj wma nljqg wma ehnkqp
jewhfcag dujo h ~autau fc wma juihcf~hwfjc#
Wma ghwh f~ pujna~~ag fc wma nljqg, dujo fw~ ~wjuhia wj wma nhlnqlhwfjc jd
njopla} ohwmaohwfnhl jpauhwfjc~# Fw f~ fopjuwhcw wj oacwfjc wmhw wma ghwh f~ ~wjuag
fc ehnkqp~ jc wma nljqg wj dhnflfwhwa dqwqua hnna~~#
Wma dfchl ghwh %wuhtal~% ehnk wj wma q~au# Jcna pujna~~fci f~ njoplawa, wma acg
ua~qlw ~mjqlg uawquc wj wma q~au yfwm wma hggag thlqa jd wma fcdjuohwfjc iacauhwag
fc wma nljqg#
Wma oaua dhnw wmhw wma ghwh lahta~ wma juihcfrhwfjc nhc njc~wfwqwa h uf~k dujo wma pjfcw jdtfay jd pufthnv2 h ohlfnfjq~ q~au njqlg fcwaunapw wma ghwh ymfla fw f~ eafci wuhc~dauuag jtau
wma Fcwaucaw# Atac fd fw f~ cjw fcwaunapwag, wma ghwh f~ eafci ~wjuag hcg pujna~~ag fc
njopqwau fcduh~wuqnwqua eavjcg wma q~au)~ njcwujl#
Wma oanmhcf~o~ wj ofcfof~a wma~a pufthnv uf~k~ hua tauv ~fopla# Eadjua ofiuhwfci wj
pujna~~a~ fc wma nljqg ya hgtf~a h~kfci vjqu~ald2 %F~ fw uahllv cana~~huv dju wma acwfua
juihcf~hwfjc)~ ghwh wj ea fc wma nljqg:% Wma djlljyfci a}hopla nlhufdfa~ wmf~ xqa~wfjc#
Wma oaua dhnw wmhw wma ghwh lahta~ wma juihcfrhwfjc nhc njc~wfwqwa h uf~k dujo
wma pjfcw jd tfay jd pufthnv
4# Pufthnv fc wma nljqg
8/3/2019 Guide for companies on cloud computing: security and privacy implications
32/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >5 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
H njophcv fc nmhuia jd pujna~~fci aopljvaa phv~lfp~ ganfga~ wj q~a nljqg ~autfna~# Wmf~
njophcv mh~ ghwheh~a~ jd wmjq~hcg~ jd yjukau~ yfwm GCF, choa, pj~whl hggua~~, iuj~~
fcnjoa, yjukplhna, yfwmmjlgfci paunacwhia, cqoeau jd mjqu~ yjukag, awn# Wma
ohwmaohwfnhl jpauhwfjc wmhw wmf~ njophcv yf~ma~ wj ohka fc wma nljqg f~ wma nhlnqlhwfjc jd
wma caw fcnjoa wmhw oq~w ea iftac wj ahnm aopljvaa hw wma acg jd wma ojcwm# F~ fw
cana~~huv dju hll aopljvaa ghwh wj ea ofiuhwag wj wma nljqg: Gj vjq uahllv caag hc
aopljvaa)~ GCF wj gagqnw wma paunacwhia jd fcnjoa wh}:
H ~hda ~jlqwfjc f~ wj ~acg wj wma nljqg jclv wma ghwh caagag wj nhuuv jqw wma nhlnqlhwfjc jd
wma fcnjoa, f#a# wma iuj~~ fcnjoa hcg wma yfwmmjlgfci paunacwhia# Fc~wahg jd ~acgfci wj
wma nljqg wma choa ju wma GCF wj fgacwfdv wma yjukau, vjq nuahwa h cay fgacwfdfau -dju
a}hopla, h cqoeau& wmhw hlljy~ vjq wj njuuanwlv h~~fic wma cay thlqa wj ahnm yjukau# Fc
wmf~ yhv, fw puatacw~ h pj~~fela hwwhnkau dujo fcwaunapwfci wma njooqcfnhwfjc~ wj wuhc~lhwawmf~ ghwh# Dquwmauojua, wma ~autfna pujtfgau fc wma nljqg ~mjqlg catau mhta ~ac~fwfta ghwh
jc fw~ ~v~wao~; wmav ~mjqlg jclv njcwhfc ohwmaohwfnhl thlqa~ yfwmjqw kcjyfci ymj wmav
ealjci wj ju ymhw wmav njcwhfc#
4#5 FCWAIUFWV
Wj ohfcwhfc wma pujpau fcwaiufwv jd wma ghwh oahc~ wmhw wma~a uaohfc wma ~hoa gqufci
wuhc~dau, ~wjuhia hcg uanjtauv jpauhwfjc~# Fc wma dfalg jd nljqg njopqwfci, fcwaiufwv jd wma
ghwh f~ a~panfhllv nufwfnhl2 wma ghwh f~ njc~whcwlv eafci wuhc~dauuag eawyaac wma nljqg
~autfna~ hcg wma gfddauacw q~au~ ymj hnna~~ wmao#
Gqa wj wma dahwqua~ jd nljqg njopqwhwfjc, ~atauhl q~au~
nhc ea hnna~~fci hcg nmhcifci nauwhfc fcdjuohwfjc hw wma
~hoa wfoa# Wmauadjua oanmhcf~o~ oq~w ea foplaoacwag
wmhw ac~qua wma pujpau fcwaiufwv jd wma ghwh#
Wma ohbju wmuahw dju ghwh fcwaiufwv fc wma nljqg f~ wmhw wma
ghwh eanjoa~ njuuqpwag gqa wj auuju~ fc fw~ mhcglfci# Fd
vjq gj cjw gawanw wmhw wmaua mh~ eaac h pujelao gqufciwuhc~dau hcg wma ghwh f~ ~wjuag auujcajq~lv, wma ca}w wfoa wma q~au yf~ma~ wj hnna~~ wmf~
ghwh ma yfll cjw ea hela wj q~a fw#
Wj htjfg h ~fwqhwfjc ymauaev ghwh fc wma nljqg nhccjw ea q~ag ju wmhw fw f~ cjw hthflhela
wmuaa pufcnfphl oanmhcf~o~ hua q~ag2 fcwaiufwv njcwujl, nmhcia ohchiaoacw hcg ehnkqp~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
33/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >> jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Fcwaiufwv njcwujl q~a~ ohwmaohwfnhl dqcnwfjc~ -~qoohuv dqcnwfjc ju mh~m& wj
nmank wmhw wma ghwh mh~ cjw qcgauijca ojgfdfnhwfjc~ gqufci fw~ wuhc~dau# Wma
pujna~~ njc~f~w~ jd jewhfcfci h thlqa dju wma mh~mdqcnwfjc eadjua ojtfci wma ghwh
hcg hcjwmau ymac ojtfci f~ dfcf~mag# Fd wma~a thlqa~ gj cjw ohwnm fw f~ eanhq~a
wmaua mh~ eaac h pujelao fc wma wuhc~hnwfjc hcg fw oq~w ea uapahwag# Fc wma nh~a jd
nljqg njopqwfci ~qoohuv dqcnwfjc~ hua cjw jclv q~ag dju dfla~ eqw hl~j dju
njoplawa tfuwqhl ohnmfca~ ju dju ehnkqp~#
Nmhcia ohchiaoacw ohfcwhfc~ h uanjug jd nmhcia~ wj ghwh ju dfla~ ~wjuag fc wma
nljqg# Ahnm nmhcia f~ h~~jnfhwag wj h ghwa ~whop hcg wma q~au ymj pujgqnag fw# Fd
fw gawanw~ wmhw ~atauhl q~au~ mhta ojgfdfag wma ua~jquna hw wma ~hoa wfoa fw nhc
hchlv~a wma ghwa ~whop wj nmank ymfnm tau~fjc f~ thlfg# ^foflhulv, fd hc fcwaiufwv
auuju f~ gawanwag fc wma ua~jquna vjq nhc uawquc wj h puatfjq~ tau~fjc wmhw f~njuuanw#
Ehnkqp~ hua wma lh~w lfca jd gadacna wj ac~qua wma fcwaiufwv jd wma ghwh# Ohkfci
hgaxqhwa q~a jd wma wjjl~ fc wma nljqg vjq nhc ~nmagqla ehnkqp~ dujo wfoa wj
wfoa# Fd hc fcwaiufwv dhflqua f~ gawanwag hw h iacauhl latal, wma jclv yhv jd ~jltfci fw
f~ wj uatauw wj h puatfjq~ tau~fjc jd wma ~v~wao ~wjuag h~ h ehnkqp#
4#> HNNA^^ NJCWUJL
Bq~w h~ mhppac~ yfwm wuhgfwfjchl hunmfwanwqua~, hnna~~ njcwujl hl~j plhv~ hc fopjuwhcw ujlafc nljqg njopqwfci# Hlwmjqim wmf~ wanmcjljiv f~ fcdjuohllv uapua~acwag h~ h nljqg ymfnm
njccanw~ atauvjca dujo wmafu njopqwau~ -ejwm df}ag hcg ojefla gatfna~&, fw gja~ cjw oahc
wmhw hcv pau~jc nhc hnna~~ hcv ghwh ju pujna~~ fc wma
nljqg#
Vjq oq~w gf~wfciqf~m nlahulv eawyaac wma ~autfna~ wmhw
hua jddauag duaalv hcg dju duaa fc wma nljqg hcg wma q~a
jd ua~jquna~ fc wma nljqg dju pau~jchl ju eq~fca~~ q~a#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
34/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >7 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Vjq nhc q~a aohfl ~v~wao~ fc wma nljqg, ~qnm h~ Iohfl ju O^C Mjwohfl, hcg wmf~ gja~
cjw oahc wmhw hcv pau~jc nhc uahg wma aohfl jd hcjwmau duaalv# Hlwmjqim ohvea wma oj~w
njoplawa a}hopla wj whlk hejqw hnna~~ njcwujl fc wma nljqg f~ Pfnh~h# Pfnh~h f~ h duaa
~wjuhia hcg juihcf~hwfjc ~v~wao dju pmjwj~ fc wma nljqg# Ymac vjq nuahwfci h cay hleqo
dju hll, wma q~au mh~ wma jpwfjc jd ymawmau wma~a pmjwj~ hua pqelfn hcg tf~fela wj atauvjca,
wj ea ~aac jclv ev h ~aw jd pau~jc~ ju fd fw f~ h pufthwa ihllauv wj ymfnm jclv wma q~au mh~
hnna~~# Fc wmf~ ~panfdfn nh~a, fw f~ wma q~au jd Pfnh~h ymj a~whelf~ma~ wma hnna~~ njcwujl
pjlfnv q~fci wma ~v~wao h~ hc a}mfefwju jd fohia~ dju atauvjca ju h~ h pufthwa ehnkqp
~v~wao jd pmjwj~#
A}wacgfci wma puatfjq~ a}hopla, ymac h njophcv ju acwfwv q~a~ nljqg njopqwhwfjc
nhpheflfwfa~, wma ~v~wao hgofcf~wuhwju oq~w a~whelf~m pujpau hnna~~ njcwujl wj ac~qua wmhw
q~au~ jclv q~a wma ghwh ju pujna~~a~ dju ymfnm wmav hua hqwmjuf~ag#
4#7 LJ^^ PUATACWFJC
Jca jd wma efiia~w uf~k~ hcv fcdjuohwfjc ~v~wao mh~ wj gahl yfwm f~ wma lj~~ jd ghwh,
ymawmau fw f~ eanhq~a h q~au mh~ hnnfgacwhllv galawag fcdjuohwfjc, gqa wj mhugyhua dhflqua
ju eanhq~a jd h njopqwau hwwhnk# Lj~fci ghwh cjw jclv oahc~ mhtfci wj uagj phuw jd wma
yjuk gjca, eqw fc ohcv nh~a~ fw nhc oahc ~qe~whcwfhl anjcjofn lj~~a~# Wma ~jlqwfjc wj
wmf~ pujelao f~ hppujhnmag dujo wyj ohfc pjfcw~ jd tfay#
Jc wma jca mhcg, h pujpau ~anqufwv pjlfnv ua~wufnw~ wma duaagjo jd q~au~ wj galawaphuw~ jd wma ~v~wao, pujwanw~ wma axqfpoacw fc tfay jd h ohlfnfjq~ ~jdwyhua hwwhnk
hcg hl~j puatacw~ pau~jc~ jqw~fga jd wma juihcf~hwfjc dujo hnna~~fci ju njuuqpwfci
wma ghwh# Wma ~autfna pujtfgau f~ ua~pjc~fela dju ~jltfci hcv jd wma pujelao~
ualhwag wj alanwujcfn njopjcacw~# Fd hc auuju f~ gawanwag fc hcv jd wma axqfpoacw
yfwmfc fw~ puaof~a~, fw f~ hqwjohwfnhllv f~jlhwag hcg hll wma pujna~~a~ uqc jc fw hua
ojtag wj hcjwmau ohnmfca wmhw mh~ cj pujelao~# Wmf~ pujna~~ ohv lh~w jclv h day
ofcqwa~ hcg nhc atac ea paudjuoag yfwmjqw nqwwfci wma ~autfna, hlljyfci
qcfcwauuqpwag hthflheflfwv jd nljqg ~autfna~#
Jc wma jwmau mhcg, h pujpau ehnkqp pjlfnv hlljy~ wma uanjtauv jd ghwh atac ymac
hll ~anqufwv oah~qua~ mhta dhflag ju ymac wmaua f~ h euahkgjyc fc ~joa mhugyhua
njopjcacw# Hll ~autfna pujtfgau~ fc wma nljqg jddau ehnkqp ~v~wao~ njoplawalv
wuhc~phuacw wj wma q~au# Vjq jclv mhta wj nmjj~a wma h~~aw~ wmhw vjq yhcw wj
pujwanw hcg wma duaxqacnv yfwm ymfnm vjq yhcw wma~a njpfa~# Uanjtauv hihfc~w hc
hwwhnk nhc ea h~ ~fopla h~ ua~wjufci h puatfjq~ ~chp~mjwjd wma tfuwqhl ohnmfca#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
35/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >1 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Wma dahwqua~ ga~nufeag hejta hlljy vjq wj mhta h ujeq~w ~v~wao puaphuag dju nhuuvfci jqw
pujpau uanjtauv hihfc~w gf~h~wau~, wmhw f~, h~~qufci eq~fca~~ njcwfcqfwv#
Lh~wlv, wmaua f~ hcjwmau hgthcwhia ualhwag wj ojeflagatfna~, q~ag ojua hcg ojua fc njophcfa~ hcg dujo
ymfnm vjq hnna~~ wma juihcf~hwfjc)~ fcdjuohwfjc2
lhpwjp~, Q^E~, ojefla~, awn# Wma~a gatfna~ nhc ea
~wjlac ju lj~w a}pj~fci lhuia hojqcw~ jd njoplawalv
pau~jchl ghwh jqw~fga jd wma juihcf~hwfjc# Fd nljqg
~v~wao~ hua q~ag, atac fd vjq lj~a h ojefla ju ~joajca
~wahl~ h lhpwjp, wma fcdjuohwfjc yfll uaohfc fchnna~~fela
wj wmfug phuwfa~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
36/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >4 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
9 ^WAP^ DJU ACWAUFCI WMA NLJQG
Jcna vjq mhta qcgau~wjjg mjy nljqg njopqwfciyjuk~ hcg wma gfddauacw pj~~feflfwfa~ wmhw
fw jddau~, fw f~ wfoa wj wmfck hejqw ymawmau wma njophcv ju acwfwv nhc eacadfw dujo wmao# H
pj~~fela gfhiuho dju ohkfci ganf~fjc~ f~ wma djlljyfci>52
Fllq~wuhwfjc 92 Ganf~fjc ohkfci gfhiuho
Wma djlljyfci ~anwfjc~ fcnlqga wma gfddauacw ~wap~ wmhw oq~w ea djlljyag dju %bqopfci% fcwj
wma nljqg2
9#8 HCHLV^F^ JD CAAG^ HCG JPPJUWQCFWFA^
Dfu~wlv, wma njophcv ju acwfwv oq~w a}hofca2
Wma nmhuhnwauf~wfn~ jd fw~ hnwftfwv2
j Eq~fca~~ huah~ ~qfwhela dju ofiuhwfjc#
j ^aw jd q~au~ ymj yfll whka hgthcwhia jd wma jppjuwqcfwfa~ jd nljqg
njopqwfci# Dju a}hopla, pajpla ymj yjuk uaojwalv ju q~au~ ymj wuhtal h
ljw# Vjq oq~w whka fcwj hnnjqcw wma caag~ jd wmf~ iujqp jd q~au~ hcg wma
pj~~feflfwv wmhw wmav hua yall ~qfwag wj wma ~jlqwfjc~ eh~ag fc wma nljqg#
>5 ^aa djjwcjwa 1#
9#^wap~ dju acwaufci wma nljqg
8/3/2019 Guide for companies on cloud computing: security and privacy implications
37/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >9 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
j Eqgiaw2 q~fci nljqg hpplfnhwfjc~ nhc ~hta vjq h lhuia hojqcw jd ojcav fc
wma pqunmh~fci jd ~jdwyhua lfnac~a~# Wmauadjua, h ijjg ~whuwfci pjfcw yjqlg
ea wj q~a jddfna ~qfwa~ fc wma nljqg fc~wahg jd eqvfci hcg fc~whllfci hc jddfna
~qfwa dju ahnm jd wma juihcf~hwfjc)~ njopqwau~#
Fllq~wuhwfjc =2 A}hopla jd hc athlqhwfjc jd jpauhwfci thufhela~
Wma ~anqufwv hcg dhflqua wjlauhcna phuhoawau~ wmhw ahnm juihcf~hwfjc oq~w
gadfca fc fw~ fgahl ojgal jd nljqg njopqwfcihua juihcf~ag fcwj djqu nhwaijufa~2
j Puaphufci wma juihcf~hwfjc wj pujtfga hc hnnapwhela latal jd ~autfna ymfla
pujwanwfci wma njcdfgacwfhlfwv hcg fcwaiufwv jd wma fcdjuohwfjc#
j Galftauv jd wma ~autfna2 heflfwv jd wma ~v~wao~ wj pujtfga wma ~autfna~ fc
hnnjughcna yfwm wma uaxqfuaoacw~ a~whelf~mag fc wma ~autfna hiuaaoacw#
j Ua~pjc~a hcg uanjtauv2 nufwaufh wj oah~qua wma nhphnfwv jd wma ~v~wao wj
ua~wjua fw~ald fc nh~a jd fcnfgacw~ ju dhflqua~#
j ^panfdfn laihl hcg uaiqlhwjuv njoplfhcna#
^autfna latal~ hcg gapljvoacw ojgal~# Eh~ag jc ~anwfjc~ 8#> ^autfna latal~
hcg 8#7 ^autfna gapljvoacw ojgal~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
38/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >= jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Eh~ag jc wma phuhoawau~ a~whelf~mag, nhuuv jqw h ^YJW hchlv~f~ wj fgacwfdv wma
~wuaciwm~, yahkca~~a~, jppjuwqcfwfa~ hcg wmuahw~ jd ahnm nljqg ojgal dju wma
juihcf~hwfjc# Wmf~ hchlv~f~ ~mjqlg ea h ofcfoqo wmhw wma acwfwv nhc njoplaoacw yfwm
ojua njopuamac~fta oawmjg~, ~qnm h~ uf~k hchlv~f~#
Yfwm wmf~ hchlv~f~, wma juihcf~hwfjc oq~w jewhfc wma fcdjuohwfjc dju fgacwfdvfci wma
oj~w ~qfwhela nljqg ojgal dju ahnm nfunqo~whcna#
9#5 JDDAU JD ^AUTFNA^ FC WMA NLJQG
Fd vjq ganfga wmhw wma nmhuhnwauf~wfn~ jd wma eq~fca~~ ju acwfwv uaxqfua h ~jlqwfjc eh~ag jc
nljqg njopqwfci, wma ca}w ohcghwjuv ~wap f~ wj nhuadqllv a}hofca wma gfddauacw jpwfjc~
a}f~wfci fc wma ohukaw#
Wmaua hua ohcv njophcfa~ ~panfhlf~ag fc nljqg njopqwfci~autfna~ wmhw mhta ea yjukfci
yfwm wmf~ wanmcjljiv dju vahu~ ymfla wmaua hua wuhgfwfjc mj~wfcinjophcfa~ ymj hua ~whuwfci
wj jddau gfddauacw phnkhia~ jd dqcnwfjc~ fc wma nljqg# Jc wma jwmau mhcg, lhuia ~jdwyhua
oqlwfchwfjchl~ ~qnm h~ Ofnuj~jdw, Hohrjc hcg Ijjila mhta h yfga uhcia jd ~autfna~ fc
wma nljqg wmhw nhc ea xqfnklv hpplfag wj wma ~panfdfn caag~ jd wma nlfacw#
9#> LFHEFLFWV HCG WAUO^ JD Q^A
H~ fc hcv eq~fca~~ hiuaaoacw, wma ualhwfjc~mfp eawyaac wma ~autfna pujtfgau fc wma nljqg
hcg wma nlfacw -fc wmf~ nh~a, wma njcwuhnwju& oq~w ea uaiqlhwag ev h njcwuhnw# Wmf~ njcwuhnw~mjqlg nlahulv gadfca wma pj~fwfjc jd ahnm jd wma phuwfa~ h~ yall h~ wmafu ua~pjc~feflfwfa~ hcg
jelfihwfjc~#
Wma wauo~ jd q~a hua ua~pjc~fela dju gadfcfci wma oj~w fopjuwhcw wanmcfnhl ~panfdfnhwfjc~
ualhwag wj wma galftauv hcg xqhlfwv jd wma ~autfna# Wma lhwwau a~whelf~m wma paudjuohcna
latal~ hcg hthflheflfwv iqhuhcwaag ev wma pujtfgau#
Fw f~ fopjuwhcw wj pjfcw jqw wmhw fc jwmau wvpa~ jd njooaunfhl hiuaaoacw~, wma njcwuhnw~ hua
hlyhv~ caijwfhwag# Fc wma nh~a jd nljqg ~autfna pujtfgau~ cj ~qnm uhppujnmaoacw jd
pj~fwfjc~ a}f~w~# Wma~a njophcfa~ nlahulv gf~plhv wma njcgfwfjc~ qcgau ymfnm wmav pujtfgavjqu ~autfna hcg fw f~ wma nlfacw ymj oq~w nhuadqllv ~wqgv ahnm jd wmao qcwfl ma dfcg~
ymfnm jca oj~w ~hwf~dfa~ mf~ caag~#
Wma phuw~ jd wma njcwuhnw jc ymfnm wma nlfacw oq~w djnq~ mf~ hwwacwfjc hua wma djlljyfci2
^autfna Latal Hiuaaoacw~ -^LH~& yfwm wmafu njuua~pjcgfci paufjg uapjuw~#
Njcdfgacwfhlfwv2 pufcnfphllv fc wma jpauhwfjc~ jd ghwh wuhc~dau hcg ~wjuhia jc
~autau~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
39/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia >6 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
Hthflheflfwv# Wmf~ nlhq~a ~panfdfa~ wma latal jd hthflheflfwv wmhw wma ~autfna pujtfgau
qcgauwhka~ wj ohfcwhfc# Q~qhllv hll ~autfna pujtfgau~ ohfcwhfc h latal jd hthflheflfwv
nlj~a wj 800!, hlwmjqim fw f~ lfkalv wmhw ~joa yfll gf~plhv wmf~ fc mjqu~ pau ojcwm#
Paudjuohcna# Wmf~ ~anwfjc h~~qua~ wmhw vjq hnmfata wma pjyau iacauhwfci
nhphnfwv, ~wjuhia hcg ehcgyfgwm latal~ njcwuhnwag yfwm ahnm ~autfna pujtfgau#
^anqufwv# Wma ~autfna pujtfgau qcgauwhka~ wj ohfcwhfc h ~qddfnfacw latal jd ~anqufwv
jc fw~ puaof~a~ wj mj~w vjqu ghwh hcg pujna~~a~, wmauadjua fw oq~w ifta wma nlfacw h
lf~w jd ~anqufwv oah~qua~ eafci foplaoacwag fc fw~ ~v~wao~# Wma nlfacw oq~w phv
~panfhl hwwacwfjc wj wmf~ ~anwfjc eanhq~a fw wacg~ wj ea xqfwa thiqa jc wma phuw jd
wma ~autfna pujtfgau~, eqw fw oq~w njcwhfc h Pjlfnv jc ehnkqp ohchiaoacw hcg
Fcnfgacw Ohchiaoacw# Fw f~ hgtf~hela wmhw wma pujtfgau mh~ hc jpauhwfjchl hcgqpghwag Eq~fca~~ Njcwfcqfwv hcg Gf~h~wau Uanjtauv Plhc#
Phvoacw# Wmf~ ~anwfjc njcwhfc~ gawhfl~ jc wma phvoacw~ wmhw oq~w ea ohga ev wma
nlfacw wj acbjv wma njcwuhnwag ~autfna~# Fw ~mjqlg nlahulv fcnlqga wma hojqcw hcg
duaxqacnv jd ~qnm phvoacw~#
^q~pac~fjc jd ~autfna# Wmf~ nlhq~a f~ ojua ualhwag wj njcwuhnw~ ymaua wmaua f~
jclv jca ~autau# Fc wma nh~a jd nljqg njopqwfci fw njqlg ea uaojtag, eqw lhuia
njophcfa~ kaap fw fc wj fcgfnhwa wj wma nlfacw wmhw fw ohv waopjuhuflv ~q~pacg wma
~autfna gqa wj qpghwa~ fc wmafu fcdjuohwfjc fcduh~wuqnwqua#
^qppjuw ~autfna~# Wmf~ ~anwfjc yfll njcwhfc wma njoofwoacw~ jd wma ~autfna
pujtfgau h~ uaihug~ nlfacw ~qppjuw# Fw f~ fopjuwhcw wmhw wma njcwuhnw ~panfdfa~ wma
wfoa wmhw wma pujtfgau uaxqfua~ wj uanjtau wma ~v~wao ymac hc auuju jnnqu~#
Nhcnalhwfjc ju ojgfdfnhwfjc# Wma dahwqua~ jd nljqg njopqwfci hlljy iuahw
dla}feflfwv ymac ojgfdvfci wma ~autfna~ wmhw wma nlfacw caag~# Wma laihl hiuaaoacw
~mjqlg nlahulv ~whwa wma jpwfjc~ jd njcwuhnw ojgfdfnhwfjc ju wauofchwfjc jd wma ~hoa,
hejta hll fc ualhwfjc wj uanjtauv hcg galawfjc jd wma fcdjuohwfjc#
Pufthnv hcg uaiqlhwjuv njoplfhcna# Wmf~ nlhq~a gadfca~ wma latal jd njoofwoacw
dujo wma ~autfna pujtfgau jd wma acdjunaoacw jd wma lhy~ fc fw~ jyc wauufwjuv hcg wj
njoplv yfwm wma uaiqlhwfjc~ fc djuna yfwmfc wma ^phcf~m ju Aqujpahc wauufwjuv, fc
phuwfnqlhu wmj~a ualhwfci wj pufthnv hcg ghwh pujwanwfjc# Fc hcv nh~a, wma njcwacw~
jd wma njcwuhnw oq~w pauofw vjq wj hnnquhwalv a~whelf~m wma njoofwoacw~ jd
uaiqlhwjuv njoplfhcna h~~qoag ev wma pujtfgau#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
40/42
Iqfga dju njophcfa~2 ~anqufwv hcg pufthnv jd nljqg njopqwfci Phia 70 jd 75Fcdjuohwfjc anqufwv Je~authwjuv
9#7 Q^A JD OFIUHWFJC OANMHCF^O^
Wma oj~w fopjuwhcw wmfci ymac q~fci nljqg ~autfna~ f~ wj ea hyhua wmhw phuw jd wma FW
h~~aw~ yfll ea wuhc~dauuag# Wmauadjua, ya uanjooacg nhuuvfcijqw ua~ahunm fcwj wma foplfnhwfjc~ jd ofiuhwfci hll jd vjqu ghwh
hcg pujna~~a~ wj wma nljqg# Fc wmf~ ~wqgv vjq oq~w yafim qp
wma hojqcw hcg ~ac~fwftfwv jd wma ghwh mhcglag# Vjq oq~w
hlyhv~ wuv wj ac~qua wmhw wma oj~w ~ac~fwfta ghwh f~ ~qebanw wj
wma ~wufnwa~w njcwujl~ wj puatacw fw dujo eafci hnna~~ag ev
pau~jc~ yfwmjqw wma pujpau hqwmjuf~hwfjc#
Wma pujna~~ jd ofiuhwfjc ohv ea ~axqacwfhl2
Gqufci wma ahulv ~whia~ jd nljqg njopqwfci, ya hgtf~awmhw vjq gj cjw ofiuhwa wj wma nljqg wma oj~w ~ac~fwfta ghwh ju pujna~~a~,
ymfla wma mahtfa~w hpplfnhwfjc~ hua wuhc~dauuag wj wma nljqg# Dju a}hopla, vjq
njqlg fc~whll wma yae ~autau hcg ohfl jc wma nljqg eqw kaap wma ghwheh~a ~autau jc
wma puaof~a~#
Jcna vjq mhta wa~wag ymawmau wma djuoqlh dqcnwfjc~ vjq nhc paudjuo h njoplawa
ofiuhwfjc wj wma nljqg, q~fci wma ~qppjuw wjjl~ pujtfgag ev wma ~autfna pujtfgau~
hcg wmauaev ~ficfdfnhcwlv uagqnfci wma njopla}fwv jd wma wh~k# Ahnm jd wma nljqg
~autfna pujtfgau~ mh~ fw~ jyc ofiuhwfjc ~v~wao# Fc ~joa fw f~ acjqim wj ~acg hcaohfl wj h ~panfdfn hggua~~ yfwm wma ghwh wmhw vjq yf~m wj ofiuhwa ~j wmhw
atauvwmfci yjuk~ pujpaulv ymfla fc jwmau nh~a~ wmaua f~ h yae fcwaudhna jc ymfnm
vjq nhc nhuuv jqw wma njcdfiquhwfjc#
Wj hlljy dju pujpau eq~fca~~ njcwfcqfwv fw f~ tauv fopjuwhcw wj kaap h njoplawa
njpv jd wma ~v~wao fc wma wuhgfwfjchl ojgal dju h ymfla# Fc nh~a pujelao~ hua
gawanwag hdwau paudjuofci wma ofiuhwfjc wj wma nljqg, vjq nhc uawquc wj wma
wuhgfwfjchl ojgal# Fc wmf~ yhv, vjq nhc yjuk jc wma pujpau fcwaiuhwfjc jd wma
hpplfnhwfjc fc wma cay ojgal wuhc~phuacwlv dju wma q~au~#
8/3/2019 Guide for companies on cloud computing: security and privacy implications
41/42
Djlljy q~2
Yae mwwp2**je~authwjufj#fcwanj#a~
Je~authFCWANJ~ Dhnaejjk pujdfla
mwwp2**yyy#dhnaejjk#njo*Je~authFCWANJ
Je~authFCWANJ~ Wyfwwau pujdfla
mwwp2**yyy#wyfwwau#njo*Je~authFCWANJ
Je~authFCWANJ~ ^nufeg pujdfla
mwwp2**yyy#~nufeg#njo*Je~authFCWANJ
Je~authFCWANJ~ Vjqwqea pujdfla
mwwp2**yyy#vjqwqea#njo*Je~authFCWANJ
Elji jd wma Fcdjuohwfjc ^anqufwv Je~authwjuv
mwwp2**yyy#fcwanj#a~*elji~*fcwanj*^aiqufghg*Elji^aiqufghg
^acg vjqu gjqew~ hcg njooacw~ wj2
je~authwjufj@fcwanj#a~
http://observatorio.inteco.es/http://www.facebook.com/ObservaINTECOhttp://www.twitter.com/ObservaINTECOhttp://www.scribd.com/ObservaINTECOhttp://www.youtube.com/ObservaINTECOhttp://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadhttp://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadmailto:observatorio@inteco.esmailto:observatorio@inteco.eshttp://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadhttp://www.youtube.com/ObservaINTECOhttp://www.scribd.com/ObservaINTECOhttp://www.twitter.com/ObservaINTECOhttp://www.facebook.com/ObservaINTECOhttp://observatorio.inteco.es/8/3/2019 Guide for companies on cloud computing: security and privacy implications
42/42
Fc~wfwqwjChnfjchlgaWancjljih~galhNjoqcfnhnfc
top related