Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Business
Clive Gringras

Cloud control: setting the international standard in data privacy

Laptop with padlock
Frequent high-profile data breaches have made customers nervous about using new technology such as cloud computing. Photograph: Lasse Kristensen / Alamy/Alamy

How do you know your water-resistant to 30 meters labelled watch really will not leak at that depth? When it doesn’t meet the international standard (ISO 22810:2010) that defines what water-resistant means. Published by the International Organisation for Standardisation, the standard allow us to buy a water-resistant watch anywhere in the world from any maker and to know that we can safely dive and swim without the seal breaking.

And it isn’t just watches whose features are standardised: international standards seemingly regulate every aspect of our lives. From what is semi-skimmed milk to the symbol for an oil change in a car, even the dimensions for ski bindings, there are currently more than 19,500 standards in existence.

Falling short

Yet when it comes to standards relating to cloud computing, which might one day be responsible for all of the world’s data, there are just a handful: the standards system is playing catch-up, and so confidence in the sector is far from universal.

Cloud services can provide the answer to the growing data-storage needs of individuals and businesses – such as in financial services and the public sector – but frequent high-profile data breaches makes customers nervous about using the new technology.

These customers are concerned to know: what are cloud service providers actually providing by way of security and protection for personal data, and is it good enough? That’s a very complicated question to answer unless you have a common standard against which to benchmark services.

That’s all about to change, thanks to the first international standard for privacy in the cloud. Produced in consultation with the industry and published by the International Organisation for Standardisation, ISO 27018 strengthens data privacy by ensuring a consistent level of protection for sensitive customer information stored in the cloud.

Now, when customers sign up to an ISO 27018-compliant cloud services provider, they can feel secure in the knowledge that their personal data will be subject to a minimum level of protection that is the same wherever they or their provider are in the world.

And with an industry-wide, internationally-agreed definition of what is meant by the protection of personally sensitive data stored in the cloud, providers can instead compete on all of the things they should be competing on: price, extra features and quality of service.

A long time coming

Until now, each provider of cloud services has spoken in different languages, with each using countless different privacy standards.

That has made it difficult for customers to compare and contrast the levels of data protection they’re getting – or even to know whether those standards of protection are any good. This uncertainty has created confusion for customers, who often end up choosing the wrong service and coming away with negative impressions of the cloud services industry.

The lack of common privacy standards has also cost providers time and money: for each new enterprise customer contract, lawyers must draw up bespoke definitions of what their particular privacy promises cover.

As businesses become more familiar with cloud services, they don’t want to repeat the negotiation over things that are, ultimately, non-contentious. They just want to know what it is that they’re buying. ISO 27018 means that providers and customers no longer have to start each conversation from scratch.

Adoption of the standard is voluntary, but customer demand for suppliers they can trust is likely to drive providers towards compliance. Those that don’t adopt the standard will miss out on business.

Additional benefits

One common standard allows employees, auditors and regulators to move seamlessly between providers without having to re-learn different types of privacy standards. That, ultimately, means a seamless service for customers.

And if providers are able to focus on complying with ISO 27018, they are likely to get better at meeting and beating the tests, which will improve their protection against hackers.

As well as making the purchase of cloud services faster and easier, ISO 27018 will help customers to spot the more questionable providers hiding amongst the good guys, and avoid them.

Trust regained

The cloud services sector needs to get to a place where people start arguing about the important things, such as features, price and quality. That gives regulators great confidence to start a conversation from the second step up rather than from the bottom one, every single time.

It also helps strengthen the trust that customers need when they are choosing to transfer their data to a cloud provider.

Clive Gringras is a partner and head of technology at Olswang

This advertisement feature is provided by Olswang, sponsors of the Guardian Media Network’s Changing business hub

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
‘People Do Indeed Ask’: Katt Williams Drops Claims About What He Saw When People Hit Up Diddy’s Parties
Katt Williams bring his perspective.
Cinemablend
Cinemablend
Florida man picks up cold blooded iguana from under a tree and then makes tacos with its meat
TikTok user @gray.davis has a habit of making a meal out of everything, but no one was prepared for this one. Exactly a week ago, he uploaded a video on his profile in which he picked up an iguana from under a tree and used its meat to make tacos,…
The Mary Sue
The Mary Sue
‘They were disgusted that I was even talking’: Nashville dad takes kids to McDonald’s, ends up realizing they don’t want him there at all
Remember the golden age of McDonald’s? Bright red booths, a dedicated cashier who actually smiled, and a self-serve soda fountain that felt like a sanctuary of free refills. According to one Nashville father, those days are officially buried under a pile of sterile kiosks and gray paint. 
The Mary Sue
The Mary Sue
Miami woman brought a family heirloom to Chicago airport and loses it to the TSA. But why is nobody feeling bad for her?
We’ve all had those mask-off moments at the TSA. The frantic realization that your expensive moisturizer is 4 ounces instead of 3.4, or the internal panic when you forget a stray water bottle in your bag. But one traveler just lived through a tragedy that has the internet screaming at…
The Mary Sue
The Mary Sue
8 Household Items That Are Secretly Making You Tired (The Toxic Home List)
Do you ever wake up feeling like you haven’t slept a wink, despite getting a full eight hours? We often blame our busy schedules, our age, or our stress levels for our chronic fatigue. However, the culprit might hide in plain sight within your four walls. A hidden system of…
Budget and the Bees
Budget and the Bees
"He says, 'Everyone knows what ****er means there. You can't show that in England. They'll edit it out.'" A wrestling legend shares how Ozzy Osbourne was "the voice of reason" when he appeared on WWE RAW
Trust Ozzy Osbourne to give American broadcasters a lesson in British swearing
Metal Hammer
Metal Hammer
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play