Cloud Storage Security Compliance: An Analysis of Standards and Regulations
Keywords:
Cloud Storage, Standards and RegulationsAbstract
The are many modern storage and sharing solutions integrated in the market and in which cloud storage has become one of the common now in the market. On the other hand, the security level of the cloud storage has still remained as a critical concern at organizational level and even individuals given that sensitive data are stored on it. To ensure that data integrity, compliance with security standards and regulations is crucial for the cloud service providers. This paper illustrates an analysis of different security standards and regulations that the cloud storage providers must comply to which includes ISO 27001, SOC 2, HIPAA and GDPR. The analysis covers the main requirements of each standard and regulation related to cloud storage security. In addition, the paper covers the challenges of fulfilling the compliance requirements and the potential consequences of non-compliance. The analysis summarizes that complying to security standards and regulations is the key driver of maintaining the security and privacy of user data.
Downloads
Metrics
References or Bibliography
Cloud Security Alliance. (2016). Cloud Controls Matrix (CCM) Version 3.0.1. Retrieved from https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/
Federal Risk and Authorization Management Program. (n.d.). About FedRAMP. Retrieved from https://www.fedramp.gov/about-fedramp/
Federal Information Security Management Act of 2002, Pub. L. No. 107-347, 116 Stat. 2899 (2002).
General Data Protection Regulation, Regulation (EU) 2016/679, 2016 O.J. (L 119) 1.
Health Insurance Portability and Accountability Act Security Rule, 45 C.F.R. Parts 160, 162, and 164.
International Organization for Standardization/International Electrotechnical Commission. (2013). ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements.
National Institute of Standards and Technology. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53 Revision 5). Retrieved from https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Payment Card Industry Security Standards Council. (2018). Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.1. Retrieved from https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
SANS Institute. (2014). CIS Critical Security Controls: Version 6.0. Retrieved from https://www.cisecurity.org/controls/cis-controls-listing/
Security, Trust, and Assurance Registry (STAR) Program. (n.d.). STAR Program. Retrieved from https://cloudsecurityalliance.org/star/
Published
How to Cite
Issue
Section
Copyright (c) 2023 Muhammad Khuram Khalil, Marwa Al Jahdhami; Vishal Dattana
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright holder(s) granted JSR a perpetual, non-exclusive license to distriute & display this article.