ISO 27018 And Personal Information In The Cloud: First Year Scorecard

Getting on for a year after it was published, ISO 27018 - the first international standard focusing on the protection of personal data in the public cloud - continues, unobtrusively and out of the spotlight, to move centre stage as the battle for Cloud pre-eminence hots up.

At the highest level, this is a competitive field for those with the longest investment horizons and the deepest pockets - think million square foot data centres with 100,000+ servers using enough energy to power a city. According to research firm Synergy, the Cloud infrastructure services market - Infrastructure as a Service (Iaas), Platform as a Services (PaaS) and Private and Hybrid Cloud - was worth $16bn in 2014, up 50% on 2013, and is predicted to grow 30% to over $21bn in 2015. Synergy estimated that the four largest players accounted for 50% of this market, with Amazon at 28%, Microsoft at 11%, IBM at 7% and Google at 5%. Of these, Microsoft's 2014 revenues almost doubled over 2013, whilst Amazon's and IBM's were each up by around half. Global SaaS (Software as a Service) revenues were estimated by Forrester Research at $72bn in 2014 and are predicted to grow by 20% to $87bn in 2015. Equally significantly, the proportion of computing sourced from the Cloud compared to on-premise is set to rise steeply: enterprise applications in the Cloud accounted for one fifth of the total in 2014 and this is predicted to increase to one third by 2018.

This growth represents a huge increase year on year in the amount of personal data (PII or personally identifiable information) going into the Cloud and the number of Cloud customers contracting for the various and growing types of Cloud services on offer. But as the...