ESDS Knowledge Base


Cloud Computing: Looking At The Quality Of The Ombudsman

Today there is not the slightest chance of stopping the advance of cloud computing. The vision is that by 2014, 40% of all applications in the world will be based on Virtualized servers. Thus, it is expected that 25% of all existing workload on IT should happen on servers hosted in the cloud.

In the vacuum transfer, the discussion comes on security and data integrity of application and infrastructure. It is up to all IT professionals who plan the direction of the cloud, raise essential information on safety and operation services in all instances.

Based predominantly technical, this first set of questions does not address legal issues such as liability, confidentiality agreements, conditions and times of availability and SLA (service level agreement). Factors also include to think about the choice and should not be forgotten.

Here are some points that are recommended to be addressed with the provider of Cloud Computing Solutions before choosing:

Interoperability and documentation:

  • How the security restrictions can influence application functionality?
  • How is the access from the client?
  • What is the plan for data backup in case of loss by disasters?
  • In case of contract termination, which is the format and delivery of data through the company’s customer?


  • The provider’s facilities are monitored 24/7?
  • How are the passwords of customer stored?
  • There is abundant documentation about generating passwords, access policies, protocols and connection models of data access?
  • Passwords are transmitted using encrypted connections?
  • How is monitoring against unauthorized access attempts?
  • The transactions are encrypted with 128-bit keys?

Transactions on the network:

  • There is certification?
  • The Firewall’s follow a parameter and are constantly monitored? – How does the record of logins are allowed and denied?


  • The data of individuals are stored to meet the regulations of the country where the service is provided from the client company?
  • The access settings and verification processes user identity correspond to the level of confidentiality required by the information accessed?
  • There is a record containing information relating to the last access / modification of data from individuals?
  • The provider offers the option of filtering to separate processing personal data?

Leave a Reply