Journals Proceedings

Abstract

Increasingly governments are using cloud technology to host data and services. However, there is reluctance to place sensitive data in public clouds because of security and privacy concerns. These concerns are related to governance in the public cloud and compliance with laws. When sensitive data is stored in a public cloud, governments lose a certain amount of control. There are two suggested solutions to this problem. Firstly, the use of technology, e.g. encryption; however, this will cancel many benefits associated with the public cloud making it no longer a viable option. Secondly, through the relationship between the government as a customer and the cloud provider; this involves the service level agreements (SLA) which are often standard. Unfortunately, the standards, frameworks and certification schemes that include guidance on the governance of this relationship do not consider the specific needs of government in public cloud use and difficult to customize. Although there is willingness by governments to use the public cloud for sensitive data, unless above issues are resolved, advancement in this area will be slow. Through critical analysis of existing standards, this study proposes a new approach to the governance of the government-cloud provider relationship towards increasing confidence in placing sensitive data in the public cloud. The study focuses on standards that already consider the public cloud and sensitive data such as the Cloud control Matrix and CSA Guidance.