A legal and technical perspective on secure cloud storage

Public cloud infrastructures represent alluring storage platforms supporting easy and flexible, location-independent access to the hosted information without any hassle for maintaining own infrastructures. Already widely established and utilized by end-users as well as by institutions, the hosting of data on untrusted platforms, containing private and confidential information, generates concerns about the security. Technical measures establishing security rely thereby on the technical applicability. As a consequence, legal regulations must be applied to cover those measures even beyond this technical applicability. This paper provides an evaluation of technical measures combined with legal as- pects representing a guideline for secure cloud storage for end-users as well as for institutions. Based upon current approaches providing secure data storage on a tech- nical level, german laws are applied and discussed to give an overview about correct treatment of even confidential data stored securely in the cloud. As a result, a set of technical possibilities applied on fixed defined security require- ments is presented and discussed. These technical measures are extended by legal aspects which must be provided from the site of the hosting Cloud Service Provider. The presented combination of the technical and the legal perspective on secure cloud storage enables end-users as well as hosting institutions to store their data se- curely in the cloud in an accountable and transparent way.