You are going to get the question. Are you ready for it?
The question will be: What about the privacy of my data? What kind of security/encryption/privacy/protection will I get for data I store with that cloud provider?
At the Wearable Tech Conference, Adidas was asked where the data from its MICOACH smart run wristwatch is stored? Who has access to that data? How long is it stored? Then what happens to it?
The new HIPAA/HITECH rules require vendors to supply compliance documents. How HIPAA compliant are you if the NSA is reading your data?
Obviously, the privacy and protection of a private cloud will be different than a public cloud, but even a private cloud outsourced to a vendor will put up a firewall between your data and the police authorities who want to view that data.
The question of data integrity used to be about how well the data is stored and backed up. Now data integrity is about privacy and security protection. You will need to have answers to these questions.
Likely, you will need a compliance document from the vendor. It would be the first thing that I would ask for when selling SaaS (News - Alert). Even in IaaS and PaaS systems, the prospect will still likely want (or need) a privacy or compliance document.
We see carriers like Netwolves and EarthLink packaging up compliance like PCI (News - Alert) and HIPAA. Soon vendors will need to package up privacy. For those selling globally, Europe has more stringent data privacy concerns and laws than the US. Be aware of them. Ask your vendors for documentation about these (very real) concerns.
As we have seen in the last few years with compliance – GLBA, SOX, HIPAA, PCI – companies will be asking for clarification or written policies about data protection. It will be sooner for global customers as well as for publicly traded companies. The best way to be ready is to start asking these questions yourselves now. Be the customer advocate in this arena.
Edited by Stefania Viscusi