106
transferred, this also means that they are functional. Above all, to
determine complete functionality, deletion should be delayed until after
completing a trial period with the new Cloud service provider.
But after all the data and applications have been successfully transferred,
and their functionality has been ensured, deletion of the remaining copies
can occur. One option for handling this process quickly and, from the
customer's point of view, securely, is to ensure in the course of the
migration, where possible, all copies are stored centrally by the main
contractor and that other copies with subcontractors are deleted. This
prevents various active distribution and backup policies on the part of the
subcontractor leading to new copies being created, which then need to be
painstakingly located and deleted after the event.
Proof of deletion basically relies on a certain amount of trust in the original
provider. Although the data can be found and proof of deletion can also be
provided using corresponding protocols, there is always the question as to
whether the protocols are complete and up‐to‐date.
Also note the fact that deletion in the sense of removing the data record
from a table is not a genuine deletion. This only frees up space on hard disk
or other data and allows the space to be overwritten. Genuine confirmation
of deletion is only possible through confirmation by the main or
subcontractor, that the released hard disk sectors on which the data were
stored have been overwritten. The easiest way of achieving this is to
overwrite the user’s own data with randomly generated data immediately
after deletion. The securest way of deleting data would be to destroy the
hard disk on which they were stored. However this is totally impractical in
the case of Cloud computing.
3.3.9
Warranty and liability
On‐going operations need to be assured during the migration, too. This
makes it essential to extend the warranty and liability provisions to the
migration.
Source code regulations
If one intends to set up a Cloud application to handle the creation and
assignment of the individual software, one should agree fiduciary keeping of
the source code with the Cloud service provider, allowing steps to be taken
to ensure that access to the data and any programs (SaaS) as well as their
full functionality, will continue to be possible. Updates on the source code
need to be incorporated on an on‐going basis.