Seite 106 - Cloud Migration Version 2012 english

106 
transferred, this also means that they are functional. Above all, to 
determine complete functionality, deletion should be delayed until after 
completing a trial period with the new Cloud service provider. 
But after all the data and applications have been successfully transferred, 
and their functionality has been ensured, deletion of the remaining copies 
can occur. One option for handling this process quickly and, from the 
customer's point of view, securely, is to ensure in the course of the 
migration, where possible, all copies are stored centrally by the main 
contractor and that other copies with subcontractors are deleted. This 
prevents various active distribution and backup policies on the part of the 
subcontractor leading to new copies being created, which then need to be 
painstakingly located and deleted after the event. 
Proof of deletion basically relies on a certain amount of trust in the original 
provider. Although the data can be found and proof of deletion can also be 
provided using corresponding protocols, there is always the question as to 
whether the protocols are complete and up‐to‐date. 
Also note the fact that deletion in the sense of removing the data record 
from a table is not a genuine deletion. This only frees up space on hard disk 
or other data and allows the space to be overwritten. Genuine confirmation 
of deletion is only possible through confirmation by the main or 
subcontractor, that the released hard disk sectors on which the data were 
stored have been overwritten. The easiest way of achieving this is to 
overwrite the user’s own data with randomly generated data immediately 
after deletion. The securest way of deleting data would be to destroy the 
hard disk on which they were stored. However this is totally impractical in 
the case of Cloud computing.  
3.3.9
Warranty and liability 
On‐going operations need to be assured during the migration, too. This 
makes it essential to extend the warranty and liability provisions to the 
migration. 
Source code regulations 
If one intends to set up a Cloud application to handle the creation and 
assignment of the individual software, one should agree fiduciary keeping of 
the source code with the Cloud service provider, allowing steps to be taken 
to ensure that access to the data and any programs (SaaS) as well as their 
full functionality, will continue to be possible. Updates on the source code 
need to be incorporated on an on‐going basis.