As cloud computing becomes more prevalent there needs to be better protection for customers using cloud services. New Zealand is taking a lead in developing a code of practice for Cloud providers, designed to keep their customers informed and more secure than they might otherwise be.
The Code of Practice is in draft format currently and its being consulted on by a number of top people from across related industries (including yours truly).
The full “draft structure and approach document” is here as a PDF. Personally I think you’d do better reading the Privacy Commissioner’s “Guide to Privacy and Cloud Computing“. It makes a good reading in a way most people can understand. (Thanks @MiramarMike for providing the link).
I think the most important part for users of cloud services is disclosure. The Code of Practice highlights 10 areas. These areas form a good list of questions you should be asking your cloud-service provider anyway:
Corporate Identity – who is the company behind this service?
Ownership of Data – do I actually own the data I store with them?
Security – is my data encrypted in transmission to and from the provider and when it’s stored?
Data Location – where is the server? Different geographical territories have different legal obligations so how will that affect you?
Data Access – can I export my data to another service, or for backup? What happens if the service provider goes bust?
Backup and Maintenance – whose responsiblity is it to keep my data backed up? Them or me?
Geographic Diversity – which countries does my service run out of and what are the implications?
SLA and Support – details of your rights in terms of up time, support, notification of outages.
Competency Warranty – the provider declares to you that they are capable of providing services according to their terms and conditions.
You can read more about the Cloud Code of Practice at www.nzcloudcode.org.nz