Chapter 4 – Security and privacy in public cloud computing

This chapter introduces security and privacy challenges and concerns of federal agencies when using public clouds. Privacy concepts are discussed with a focus on the federal government’s legislative responsibility in protecting personally identifiable information (PII) and how security supports privacy. The National Institute of Standards and Technology (NIST) privacy controls are presented with the focus on how the federal government’s privacy protections and practices might need to be extended to a public cloud environment. PII is defined to scope the discussion on data breaches, and the organizational impact and consequences that could affect the federal government, including the specific federal requirements to respond and report incidents.