Guidelines for cloud service customer data security
|Publication Date:||1 September 2016|
This Recommendation provides guidelines for cloud service customer (CSC) data security in cloud computing, for those cases where the cloud service provider (CSP) is responsible for ensuring that the data is handled with proper security. This is not always the case, since for some cloud services the security of the data is the responsibility of CSCs themselves. In other cases, the responsibility may be mixed.
For example, in some cases the CSP may be responsible for restricting access to the data, while the CSC remains responsible for deciding which cloud service users (CSUs) should have access to it, and the behaviour of any scripts or applications with which the CSU processes the data.
This Recommendation identifies security controls for CSC data that can be used in different stages of the full data lifecycle. These security controls can differ when the security level of the CSC data changes. Therefore, this Recommendation provides guidelines on when each control should be used for best security practice.