Businesses and government agencies should ensure their cloud suppliers have clear policies to apply litigation holds and preserve data, U.S. government officials said in a report Friday.
The 81-page report, Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology, explains the technology’s definitions, network architectures, and current issues. It’s free, and is authored by Lee Badger, Tim Grance, and Jeff Voas, all of NIST’s computer security division, and Robert Patt-Corner, principal systems architect at government IT consultancy Global Tech.
Among legal aspects, “Consumers should investigate whether a provider can support ad-hoc legal requests,” the report states. It also discusses data governance, in explaining that electronic information should be designed to interoperate with industry standards, stored securely and separately from other customers, regularly tested for readability, and permanently backed up or deleted on request. Such recommendations can prevent disaster when cloud providers fail.
Buyers should also understand the methods of transferring data to and from a cloud, whether the cloud company will take financial responsibility for data loss, and which employees of the cloud company perform which jobs. Incident response procedures, software licensing, and maintenance issues are also vital, the authors stated. <READ MORE>