There is, however, a key difference between
the problem of data protection as it is performed
today and that in the Cloud. While the former
usually involves two parties, (i.e., the company
and the employee), the latter adds a third party in
the form of the Cloud provider. This new problem
is similar in nature to the problem of sharing
information with another company. Once data
is passed to another company, transparency and
control of it is mostly lost. In short, a company
simply has to “believe” that the other company
is handling the data appropriately. Recognizing
this, existing Cloud providers are having
themselves audited by a third-party institution as
in the SAS-70 Type II and ISO 27001 certification
systems much as ordinary companies do with the
aim of gaining the “trust” of their customers.