This questionnaire is prepared in order to aid me in my graduation assignment for the study of Information Sciences. The goal of my graduation assignment is to provide an insight as to how privacy laws and regulations affect the implementation of Cloud Computing and how the implementation of Cloud Computing affects privacy laws and regulations. Due to the scope of the research the number of privacy laws and regulations is limited.
The answers provided to this questionnaire will be kept confidential. The answers will not be shared with external parties unless explicitly approved by the respondent.
This questionnaire consists of 38 questions. Please be as elaborate as possible when answering the questions. Selecting the text boxes is the easiest when clicking in the upper right corner of the boxes.
If any questions arise please contact me at [email protected]
Thank you for your time
Kind regards, Joep Ruiter
1. Please provide the following details:
2. Can you give an estimate as to the size of your organization, e.g. the number of clients, revenue or market share?
In my research, I use the following definition of Cloud Computing as stated by Vaquero et al. (2009):
“Clouds are a large pool of easily usable and accessible virtualized resources (such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization.”
In my research I also state 3 types of Cloud Services and distinguish 4 types of Cloud Computing initiatives. The Cloud Services are Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
The types of Cloud Computing initiatives are public clouds, private external clouds, private internal clouds and hybrid clouds. In public clouds organizations consume their Cloud Service from a Cloud Service Provider (CSP). The CSP uses thesame physical hardware to host many cloud computing initiatives from different clients. In private, external clouds the cloud service is also provided by a CSP. In private, external clouds the CSP uses dedicated hardware for each client. Private, internal clouds are hosted on hardware physically located in the organizations datacenter. Hybrid clouds are a combination of internal and external clouds.
3. What type of Cloud Service is provided?
4. What is the definition of Cloud Computing according to your organization?
5. What are the main reasons for clients to use Cloud Computing?
Public and Private Cloud Computing
6. Is your organization able to provide the Cloud Service on dedicated hardware(a private, external Cloud?
7. Please indicate the percentage of clients asking for a private cloud
8. What are the main reasons for clients to ask for a private cloud?
9. When clients use private clouds, is the data stored on multiple locations?
10. Are the provided services described in a Service Level Agreement (SLA)?
11. If are no SLA’s in place, how are clients provided with guarantees wrt. privacy and security of the Cloud Service?
12. Can clients choose between predefined or customized SLAs
13. Which types of data are stored, transmitted and processed within the Cloud Service?
14. Can clients inquire about the physical location in which their data is stored and processed?
15. Can clients specify the location in which their data is stored and processed?
16. Is client data outsourced to external parties, e.g. a different CSP?
17. Is your organization compliant with the Gramm-Leach-Bliley act?
18. Is your organization compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
19. Is your organization compliant with the Fair Credit Reporting act?
20. Is your organization compliant with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (The Data Protection Directive)?
20a. Is any of the following solutions used?
21. Is your organization compliant with Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 (The E-Privacy Directive)?
22. Is your organization compliant with the Payment Card Industry Data Security Standards?
23. Is your organization compliant with the FTC Fair Information Principles?
24. Is your organization compliant with the USA-PATRIOT Act?
24A. Does your organization hand over data to authorities?
25. What are the compliance differentiating factors wrt. privacy regulations of your organization compared to other Cloud Service Providers
26. In your organization's view, how do privacy regulations affect the adoption and implementation of Cloud Computing?
27. Do you think governments will impose Cloud Computing specific privacy legislation in the future?
28. How will your organization cope with changing legislation?
29. Which types of security solutions are provided in the Cloud Service?
30. How are authentication and access control handled within the Cloud Service?
31. Are clients recommended or required to use encryption within the Cloud Service?
32. Do clients require encryption?
33. What types of encryption mechanisms are provided?
34. Does your organization have a disaster recovery plan
35. Is your organization able to implement client security requirements into the Cloud Service?
36. How is the design of security solutions influenced by privacy laws and regulations
37. Are clients allowed to audit the Cloud Service?
38. If clients are not allowed to audit the Cloud Service, how are customers assured of the level of security and privacy in the Cloud Service?
I would like to thank you very much for your time by filling in this questionnaire. If you have any comments on the questionnaire, please post them in the comments box below or send them to [email protected]
Best regards, Joep Ruiter
|