Tian Wang (University of Illinois at Urbana-Champaign) and Masooda Bashir (University of Illinois at Urbana-Champaign)
As a major evolution of computer technology, cloud computing has become a dominant model for delivering information technology (IT) infrastructure, components, and applications. While it offers tremendous benefits, it also creates challenges on data protections for both users and providers. To maintain user trust and meet compliance, cloud certifications and standards have been implemented to demonstrate service providers’ compliance with privacy principles and regulations. Currently, there are initiatives from governments, organizations, and cloud service providers developing different strategies to leverage cloud certifications for organizations to better comply with data protection and emphasize privacy in this era. In this report, we conducted a focused investigation of Cisco’s newly published Cloud Controls Framework (CCF) to evaluate its performance, specifically on privacy protections, by comparing it with four existing cloud certifications and standards. Overall, CCF provides a comprehensive, detailed guideline for business and organization to meet data protection requirements. In future updates, we would suggest that CCF develops more privacy controls regarding user’s control over their personal data so that it could address individual’s rights on privacy from the user’s perspective.