Cloud custodianship is a concept that has become increasingly important in recent years, as businesses and individuals alike have begun to utilize cloud services to store and protect their data. While cloud custodianship is a relatively new concept, there are several different models that have been developed to ensure that data stored in the cloud is kept secure and compliant with applicable laws and regulations.
The most common model for cloud custodianship is the Service Provider Interface (SPI) model, the three-tier approach to data protection. In this model, the customer provides the data, the service provider stores and secures the data, and the third-party cloud custodian acts as a gatekeeper, ensuring that the data is being stored and secured in accordance with applicable laws and regulations. This third-party cloud custodian is responsible for monitoring the service provider's activities and ensuring that the customer's data is being stored and accessed securely. The SPI model is the most widely used model for cloud custodianship, but it is not the only model available. Although, the chances that the provider and the custodian are one and the same entity is very real, and depending on his own governance policies, who does ultimately own the data?
No matter which model is used for cloud custodianship, it is important to ensure that the data is being stored and accessed in compliance with applicable laws and regulations. For example, the General Data Protection Regulation (GDPR) requires that personal data be securely stored and processed. In addition, the California Consumer Privacy Act (CCPA) requires that businesses that collect and store personal information must have a reasonable security program in place to protect the data. Data might include checksums, even cryptographic checksums, for integrity verification, but backups and redundancies must be available to restore the data to its correct state.
In order to ensure compliance with applicable laws and regulations, businesses should select a cloud custodian that is knowledgeable about the specific laws and regulations that apply to their particular industry. They should also make sure that the cloud custodian is committed to ongoing monitoring and compliance enforcement. Additionally, businesses should check that the cloud custodian has the necessary resources to respond quickly to data breaches or other security incidents. The security implications for multi-tenancy shared responsibility and new ways of processing data using the provider's services, all need to be addressed with management, operational and technical controls.
By choosing the right cloud custodian and ensuring that the data is stored and accessed in compliance with applicable laws and regulations, businesses can protect their data and their customers' data while still taking advantage of the numerous benefits of cloud storage. In doing so, they can ensure that they are in compliance with all applicable laws and regulations, while also providing their customers with the peace of mind that their data is safe and secure.
------------------------------
João Ferreira
------------------------------