Date Added: Aug 2009
The Cloud is a relatively new concept and so it is unsurprising that the information assurance, data protection, network security and privacy concerns have yet to be fully addressed. This paper seeks to begin the process of designing data protection controls into clouds from the outset so as to avoid the costs associated with bolting on security as an afterthought. The approach is firstly to consider cloud maturity from an enterprise level perspective, describing a novel capability maturity model. The author uses this model to explore privacy maturity within an enterprise cloud deployment, and explore where there may be opportunities to design in data protection controls as exploitation of the Cloud matures.