Implementation of Cloud Services in a Business Environment
56
7.1.6
User Access Control
Whenever cloud services should extent the internal integrated system in a company,
there are similar requirements for user access rights. Although most cloud service
providers allow an allocation of user rights to specific persons, groups or an entity
(
e.g. marketing department), a problem can arise when the cloud services are
mainly employed for collaboration purposes involving people from outside the
company. In this case it is necessary to define what information needs to be shared,
and what services must be collaborative. (Mather, Kumaraswamy, & Latif, 2009, p.
125).
7.1.7
Threat Management
Threat Management deals with questions regarding incident and problem
management. As security threats can have harmful consequences to the business,
it should be evaluated what procedures the service provider implemented for
identifying and coping with security threats. In case of a security breach, the cloud
service provider is requested to take over the responsibility to take actions regarding
remedial and corrective steps. In the Service Level Agreement it should be
stipulated that the provider meets certain demanded requirements for security
issues (Hugos & Hulitzky, 2010, p. 78) & (Harding, 2011, p. 96).
7.2
Compliance with Regulations
There are several legal areas that regulate and limit the use of cloud services to a
certain extent, depending on the country and/or industry. The EU Data Protection
Directive 95/46 published by the European Parliament and the European Council,
for example, imposes clear restrictions on the processing and storage of personal
data (1995). Other not solely legal issues regarding the usage of cloud services
include confidentiality agreements, or trade secrets.
