Protection of Personal Information in the South African Cloud Computing environment: A framework for Cloud Computing adoption

Abstract

Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organizations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organizations are hesitant to adopt Cloud solutions due to a variety of inhibiting factors and concerns that lead to the mistrust in Cloud Computing. One of the major concerns identified is information security within the Cloud Computing environment. The approaching commencement of new information security legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related concerns and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. Cloud providers who can demonstrate that they protect personal information may be more trustworthy and therefore more attractive to potential Cloud users. This paper discusses a proposed Framework for Cloud Computing Adoption which could assist South African Cloud providers in approaching compliance with the POPI Act, providing transparency and accountability to potential Cloud users, fostering a trust relationship and ultimately promoting the adoption of Cloud Computing in South Africa.