Checklist to verify that a Cloud Computing Service Level Agreement (SLA) signed by an PYME in Ecuador guarantees data security and protection

Abstract

Data security and protection in the contracting of cloud services carried out by Ecuadorian (SMEs), requires knowing a series of necessary parameters that allow the user to identify a suitable provider in order to minimize the risks involved in storing information outside their own infrastructure, so as a result of this study, Ecuadorian SMEs are provided with a Checklist to verify the Levels of Service Agreements in such a way that the provider guarantees the security and protection of their data without implying explicit technical knowledge. To prepare the checklist, aspects such as: Types of cloud services, analysis of the main risks to which Ecuadorian companies have been exposed when contracting cloud services, and mapping of current Ecuadorian regulations have been analyzed vs. the main security risks identified (availability, access control, architecture, compliance with the standard) and finally, different international standards related to information security have been analyzed, focusing on the recommended controls in general information security as well as the information security of the cloud computing service.