Sergey Nivens - Fotolia

Can the Cloud Security Alliance help with comparing cloud providers?

The Cloud Security Alliance published its Privacy Level Agreement for Europe v2 to help consumers compare cloud providers. Expert Dan Sullivan explains how it can help U.S. companies as well.

What's the purpose of the CSA's Privacy Level Agreement for Europe v2, and what impact does it have (if any) on U.S. companies, both providers and cloud customers?

The Cloud Security Alliance (CSA) has worked with European officials to support implementation of the Union's privacy and related data use laws and regulations.

The CSA's Privacy Level Agreement for Europe v2 describes compliance requirements in several areas, including data use, data transfer, monitoring, security controls, data breach notification and data retention. The goal of this policy is to provide a standard set of practices for comparing cloud provider services and understanding the roles and obligations of cloud providers with regards to security measures and communications with customers. For example, the agreement requires the description of measures taken to ensure confidentiality, integrity, availability and transparency of personal data. It also requires details about data retention policies, as well as procedures for responding to requests for disclosure of personal information.

While security concerns have long been an impediment to cloud adoption, the CSA's Privacy Level Agreement for Europe v2 and other such standards can mitigate some of those concerns by promoting security best practices on the part of cloud providers. Because it also documents specific responsibilities for communication with customers -- such as how customers will be contacted and in what timeframe -- cloud users can be confident about the level of communications they will receive in the event of the breach.

Ask the Expert!
Want to ask Dan Sullivan a question about cloud security? Submit your questions now via email! (All questions are anonymous.)

Next Steps

Get more help evaluating cloud providers.

Don't miss SearchCloudSecurity's guide on cloud service providers.

Dig Deeper on Evaluating Cloud Computing Providers