Cloud Storage Security Compliance: An Analysis of Standards and Regulations

Authors

  • Muhammad Khuram Khalil Middle East College
  • Marwa Al Jahdhami
  • Vishal Dattana

Keywords:

Cloud Storage, Standards and Regulations

Abstract

The are many modern storage and sharing solutions integrated in the market and in which cloud storage has become one of the common now in the market. On the other hand, the security level of the cloud storage has still remained as a critical concern at organizational level and even individuals given that sensitive data are stored on it. To ensure that data integrity, compliance with security standards and regulations is crucial for the cloud service providers. This paper illustrates an analysis of different security standards and regulations that the cloud storage providers must comply to which includes ISO 27001, SOC 2, HIPAA and GDPR. The analysis covers the main requirements of each standard and regulation related to cloud storage security. In addition, the paper covers the challenges of fulfilling the compliance requirements and the potential consequences of non-compliance. The analysis summarizes that complying to security standards and regulations is the key driver of maintaining the security and privacy of user data. 

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References or Bibliography

Cloud Security Alliance. (2016). Cloud Controls Matrix (CCM) Version 3.0.1. Retrieved from https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/

Federal Risk and Authorization Management Program. (n.d.). About FedRAMP. Retrieved from https://www.fedramp.gov/about-fedramp/

Federal Information Security Management Act of 2002, Pub. L. No. 107-347, 116 Stat. 2899 (2002).

General Data Protection Regulation, Regulation (EU) 2016/679, 2016 O.J. (L 119) 1.

Health Insurance Portability and Accountability Act Security Rule, 45 C.F.R. Parts 160, 162, and 164.

International Organization for Standardization/International Electrotechnical Commission. (2013). ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements.

National Institute of Standards and Technology. (2020). Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53 Revision 5). Retrieved from https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Payment Card Industry Security Standards Council. (2018). Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.1. Retrieved from https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

SANS Institute. (2014). CIS Critical Security Controls: Version 6.0. Retrieved from https://www.cisecurity.org/controls/cis-controls-listing/

Security, Trust, and Assurance Registry (STAR) Program. (n.d.). STAR Program. Retrieved from https://cloudsecurityalliance.org/star/

Published

05-31-2023

How to Cite

Khalil, M. K., Al Jahdhami, M. ., & Dattana, V. . (2023). Cloud Storage Security Compliance: An Analysis of Standards and Regulations. Journal of Student Research. Retrieved from https://www.jsr.org/index.php/path/article/view/2261

Issue

Sixth Middle East College Student Research Conference

Section

MEC Articles

Copyright (c) 2023 Muhammad Khuram Khalil, Marwa Al Jahdhami; Vishal Dattana

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright holder(s) granted JSR a perpetual, non-exclusive license to distriute & display this article.