How can organization monitor their CSP and provide assurance to relevant stake holders that privacy requirement are met when their PII( personally identifiable information) in the cloud?
An alternative approach is to not trust the Cloud Provider at all and use techniques like data de-identification via encryption or tokenization (an intro is in the second link) to protect data. With this approach, no visible PII is stored in the Cloud. Companies like Perspecsys (first link) can do this automatically with data coming in and out of an organization.
http://perspecsys.com/
Article Enhancing Cloud Security Using Data Anonymization
An organization can monitor their CSP using adding a Firewall within the organization that monitor the each outgoing and incoming packet easily.
You may want to read our work on the matter.
Article CamFlow: Managed Data-sharing for Cloud Services
Article Data Flow Management and Compliance in Cloud Computing
- Badges
- Science method