8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
1/42
@}a wata miwtm~a~3 ~m`}thjaj xwthvanhjaj jml nlf}j nfiw}zhb`
FD^MT_AZFTHF JM LA ^M@]THJAJ JM LA HBOFTIANHB
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
2/42
Mjhnhb3 Fnz}dtm 4711
La @}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` ka ~hjf mladftaja wft ml
mq}hwf jml Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb jm HBZMNF3
Wadlf Wtms ^ab)Cf~ +jhtmnnhb(
Nth~zhba @}zhttms Dft`m +nfftjhbanhb(
Mj}atjf lvatms Alfb~f
^}~aba jm la O}mbzm Tfjt`}ms
La}ta @atna Wtms
La wtm~mbzm w}dlhnanhb wmtzmbmnm al Hb~zhz}zf Banhfbal jm Zmnbflf a~ jm la Nfi}bhnanhb +HBZMNF( x m~z dacf}ba lhnmbnha Tmnfbfnhihmbzf)Bf nfimtnhal >"7 M~waa jm Ntmazhvm Nfiifb~, x wft mllf m~za wmtihzhjf nfwhat, jh~zthd}htx nfi}bhnat wdlhnaimbzm m~za fdta dacf la~ nfbjhnhfbm~ ~h`}hmbzm~3
Tmnfbfnhihmbzf3 Ml nfbzmbhjf jm m~zm hboftim ~m w}mjm tmwtfj}nht zfzal f watnhalimbzm wft zmtnmtf~, nhzabjf ~}wtfnmjmbnha x kanhmbjf tmomtmbnha m{wtm~a zabzf a HBZMNF nfif a ~ } ~hzhf pmd3 ppp"hbzmnf"m~" Jhnkftmnfbfnhihmbzf bf wfjt mb bhb`b na~f ~}`mtht q}m HBZMNF wtm~za awfxf a jhnkf zmtnmtf f awfxa ml }~f q}mkanm jm ~} fdta"
]~f Bf Nfimtnhal3 Ml iazmthal fth`hbal x lf~ ztadacf~ jmthvajf~ w}mjmb ~mt jh~zthd}hjf~, nfwhajf~ x m{khdhjf~ihmbzta~ ~} }~f bf zmb`a ohbm~ nfimtnhalm~"
Al tm}zhlhsat f jh~zthd}ht la fdta, zhmbm q}m jmcat dhmb nlatf lf~ ztihbf~ jm la lhnmbnha jm m~za fdta" Al`}ba jm m~za~nfbjhnhfbm~ w}mjm bf awlhnat~m ~h ~m fdzhmbm ml wmtih~f jm HBZMNF nfif zhz}lat jm lf~ jmtmnkf~ jm a}zft" Baja mbm~za lhnmbnha imbf~nada f t m~zthb`m lf~ jmtmnkf~ iftalm~ jm HBZMNF" kzzw3&&ntmazhvmnfiifb~"ft`&lhnmb~m~&dx)bn&>"7&m~&
Ml wtm~mbzm jfn}imbzf n}iwlm nfb la~ nfbjhnhfbm~ jm annm~hdhlhjaj jml oftiazf WJO +Wftzadlm Jfn}imbz Oftiaz(" ^mztaza jm }b jf n}imbzf m~zt}nz}tajf x mzhq}mzajf, wtfvh~zf jm al zmtbazhva~ a z fjf mlmimbzf bf zm{z}al, iatnajf jmhjhfia x ftjmb jm lmnz}ta ajmn}ajf"
Wata aiwlhat hboftianhb ~fdtm la nfb~zt}nnhb jm jfn}imbzf~ WJO annm~hdlm~ w}mjm nfb~}lzat la `}a jh~wfbhdlm mbla ~mnnhb Annm~hdhlhjaj 2 Oftianhb 2 Iab}alm~ x @}a~ jm la w`hbakzzw3&&ppp"hbzmnf"m~
http://creativecommons.org/licenses/by-nc/3.0/es/http://creativecommons.org/licenses/by-nc/3.0/es/http://creativecommons.org/licenses/by-nc/3.0/es/http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://creativecommons.org/licenses/by-nc/3.0/es/http://creativecommons.org/licenses/by-nc/3.0/es/8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
3/42
Ml Hb~zhz}zf Banhfbal jm Zmnbflf`a~ jm la Nfi}bhnanhb +HBZMNF( +kzzw3&&ppp"hbzmnf"m~(,~fnhmjaj m~zazal aj~nthza al Ihbh~zmthf jm Hbj}~ztha, Z}th~if x Nfimtnhf a ztav~ jm la ^mntmzatajm M~zajf jm Zmlmnfi}bhnanhfbm~ x wata la ^fnhmjaj jm la Hboftianhb, m~ }ba wlazaoftia wata mljm~attfllf jm la ^fnhmjaj jml Nfbfnhihmbzf a ztav~ jm wtfxmnzf~ jml idhzf jm la hbbfvanhb x lazmnbflf`a" La ih~hb jm HBZMNF m~ awftzat valft m hbbfvanhb a lf~ nh}jajabf~, a la~ wxim~, ala~ Ajihbh~ztanhfbm~ Wdlhna~ x al ~mnzft jm la~ zmnbflf`a~ jm la hboftianhb, a ztav~ jmljm~attfllf jm wtfxmnzf~ q}m nfbzthd}xab a tmoftsat la nfbohabsa mb lf~ ~mtvhnhf~ jm la ^fnhmjaj jmla Hboftianhb mb b}m~ztf wa~, wtfifvhmbjf ajmi~ }ba lbma jm watzhnhwanhb hbzmtbanhfbal" Wata
mllf, HBZMNF jm~attfllat anz}anhfbm~ mb la~ ~h`}hmbzm~ lbma~3 ^m`}thjaj, Annm~hdhlhjaj, NalhjajZHN x Oftianhb"
Ml Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb +kzzw3&&fd~mtvazfthf"hbzmnf"m~( ~m hb~mtzajmbztf jm la lbma m~ztaz`hna jm anz}anhb jm HBZMNF mb i azmtha jm ^m`}thjaj Zmnbfl`hna,~hmbjf }b tmomtmbzm banhfbal m hbzmtbanhfbal al ~mtvhnhf jm lf~ nh}jajabf~, miwtm~a~, xajihbh~ztanhfbm~ m~wafla~ wata jm~nthdht, abalhsat, a~m~ftat x jho}bjht la n}lz}ta jm la ~m`}thjaj xla nfbohabsa jm la ^fnhmjaj jm la Hboftianhb"
HBZMNF q}hmtm a`tajmnmt la nfladftanhb jm la A~fnhanhb Wtfom~hfbal M~wafla jm Wthvanhjaj+AWMW( +kzzw3&&ppp"awmw"m~( mb la mladftanhb jm m~za `}a, mb m~wmnhal a ~} wtm~hjmbzm Thnatj
Iatzbms wft ~} awftzanhb wmt~fbal3
http://www.inteco.es/http://www.inteco.es/http://www.inteco.es/http://observatorio.inteco.es/http://observatorio.inteco.es/http://observatorio.inteco.es/http://www.apep.es/http://www.apep.es/http://www.apep.es/http://www.apep.es/http://observatorio.inteco.es/http://www.inteco.es/8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
4/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba : jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
BJHNM
1 HBZTFJ]NNHB AL NLF]J NFIW]ZHB@ """"""""""""""""""""""""""""""""""""""""""" ?
1"1 NLF]J NFIW]ZHB@NFIF M_FL]NHB JM ZMNBFLF@A^ """""""""""""""""""""" ?
1"4 ML L]@AT JML NLF]J NFIW]ZHB@ MB ML JM^ATTFLLF
HBOFTIZHNF """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" ;
1"> BH_MLM^ JML ^MT_HNHF """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" ;
1": IFJMLF^ JM JM^WLHM@]M JM ^MT_HNHF^ """"""""""""""""""""""""""""""""""""""""""""""""" 17
1"= ZHWFLF@A JM WTF_MMJFTM^ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 11
4 NATANZMT^ZHNA^ WTHBNHWALM^ JML NLF]J NFIW]ZHB@ """"""" 14
4"1 ANNM^F ]DHN]F A LF^ JAZF^ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 14
4"4 A^WMNZF^ MNFBIHNF^ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 1>
4"> M^NALADHLHJAJ X OLM[HDHLHJAJ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 1>
4": JM^LFNALHSANHB JM JAZF^ X WTFNM^F^ """"""""""""""""""""""""""""""""""""""""""""" 1:
4"= JMWMBJMBNHA JM ZMTNMTF^ """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 1:
> IATNF LM@AL """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 1=
>"1 TM@]LANHB JM LA LFWJ """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 1=
>"4 TM@]LANHB JM LA L^^H """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 41
>"> TM@]LANHB JML NJH@F WMBAL """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 41
>": ML ^H^ZMIA C]TJHNF JM LF^ WA^M^ JM JM^ZHBF """"""""""""""""""""""""""""""""" 44
: THM^@F^ JML NLF]J NFIW]ZHB@ """""""""""""""""""""""""""""""""""""""""""""""""" 4>
:"1 AD]^F X ]^F IALHBZMBNHFBAJF """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 4>
:"4 O]@A^ HBZMTBA^ JM HBOFTIANHB """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" 4>
:"> AWH^ HB^M@]TA^ """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 4>
:": ^]WLABZANHB JM HJMBZHJAJ """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 4:
:"= JM^NFBFNHIHMBZF JML WMTOHL JM THM^@F """"""""""""""""""""""""""""""""""""""""""""" 4:
bjhnm
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
5/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba = jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
= ^M@]THJAJ MB LA B]DM """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 4?
="1 ^M@]THJAJ WFT WATZM JML WTF_MMJFT JM NLF]J NFIW]ZHB@ """""" 40
="4 ^M@]THJAJ WFT WATZM JML NLHMBZM """"""""""""""""""""""""""""""""""""""""""""""""""""""" 4;
? WTH_ANHJAJ MB LA B]DM """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" >1
?"1 WTFZMNNHB JM JAZF^ """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" >1
?"4 HBZM@THJAJ """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" >4
?"> NFBZTFL JM ANNM^F """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" >>
?": WTM_MBNHB OTMBZM A WTJHJA """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" >:
0 WA^F^ WATA MBZTAT MB LA B]DM """"""""""""""""""""""""""""""""""""""""""""""""" >?
0"1 ABLH^H^ JM BMNM^HJAJM^ X FWFTZ]BHJAJM^ """""""""""""""""""""""""""""""""""""" >?
0"4 FOMTZA JM ^MT_HNHF^ MB LA B]DM """"""""""""""""""""""""""""""""""""""""""""""""""""""""""" >;
0"> TM^WFB^ADHLHJAJ X ZTIHBF^ JM ]^F """"""""""""""""""""""""""""""""""""""""""""""""""" >;
0": ]ZHLHSANHB JM IMNABH^IF^ JM IH@TANHB """"""""""""""""""""""""""""""""""""""""" :7
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
6/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba ? jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
1 HBZTFJ]NNHB AL NLF]JNFIW]ZHB@
Mb lf~ lzhif~ af~ la~ ft`abhsanhfbm~ a~h~zmb nfb m{wmnzanhb al ~}t`hihmbzf x
jm~attfllf jml nlf}j nfiw}zhb`f watajh`ia jm nfiw}zanhb mb la b}dm +zaidhb llaiaja
la b}dm(, ~m`b ml n}al, zfjf~ lf~ tmn}t~f~ jm hboftianhb w}mjmb ~mt alianmbajf~ mb~mtvhjftm~ jm z mtnmtf~ x annm~hdlm~ a ztav~ jm Hbzmtbmz" Lf~ wtfvmmjftm~ jh~wfbmb jm
nmbztf~ jm wtfnm~f jm jazf~ wata jat ~mtvhnhf a ilzhwlm~ }~}athf~" A naidhf, lf~ nlhmbzm~
tmnhdmb }b ~fwftzm olm{hdlm a la~ bmnm~hjajm~ x watzhn}lathjajm~ jm ~} anzhvhjaj mb naja
ifimbzf"
M~zm ifjmlf fotmnm `tabjm~ wf~hdhlhjajm~ wata miwtm~a~ x mbzhjajm~, zabzf mb ztihbf~
jm hbvmt~hb nfif mb mnfbfia~ jm m~ nala, jm~lfnalhsanhb, annm~f a l a hboftianhb
jm~jm n}alq}hmt l}`at, mzn" ^h dhmb bf m {h~zmb jazf~ nfbnl}xmbzm~ jm l a ajfwnhb jm la
b}dm mb M~waa, ~m hjmbzhohnab }ba ~mthm jm oanzftm~1
Ml wtm~mbzm jfn}imbzf fotmnm }ba aw tf{hianhb al ifjmlf nlf}j nfiw}zhb` wata zfjf
zhwf jm ft`abhsanhfbm~, jmzmbhbjf~m mb la~ wthbnhwalm~ hiwlhnanhfbm~ mb n}abzf a
~m`}thjaj x wthvanhjaj, nlavm~ wata a~m`}tat ml {hzf mb la }zhlhsanhb jm ~mtvhnhf~ mb la
b}dm" A lf lat`f jm l a wtm~mbzm `}a, ml lmnzft mbnfbztat la~ jmbfihbanhfbm~ mbzhjaj,
miwtm~a, ft`abhsanhb, nlhmbzm, nfbztazh~za, f }~}athf mb o}bnhb jml wawml q}m zfim mb la~hz}anhb nfbntmza q}m ~m m~z ztazabjf mb naja awatzajf"
q}m w}mjmb wtfwhnhat ~} m{zmb~hbmb lf~ ~mnzftm~ wdlhnf x wthvajf3 jm~attfllf jml ~mnzft ZHN, zmchjf miwtm~athal jfihbajf
wft la WXIM, jh~wf~hnhb `mf`tohna jm la wfdlanhb x wfzmbnhal jml ~mnzft wdlhnf, mbztm
fztf~"
1"1 NLF]J NFIW]ZHB@NFIF M_FL]NHB JM ZMNBFLF@A^
Nlf}j nfiw}zhb`, f hboftizhna mb la b}dm, m~ }ba wtfw}m~za zmnbfl`hna f ifjmlf q}m
wmtihzm fotmnmt ~mtvhnhf~ hboftizhnf~ a z tav~ jm H bzmtbmz mb ml q}m lf~ tmn}t~f~, ml
~fozpatm x lf~ jazf~ ~m fotmnmb dacf jmiabja" Ml fdcmzhvf jm m~zm b}mvf ifjmlf m~ q}m
la miwtm~a f ml }~}athf ohbal bf z mb`ab q}m wtmfn}wat~m wft lf~ jmzallm~ znbhnf~ x
w}mjab }zhlhsat n}alq}hmt awlhnanhb nfb ~} bavm`ajft pmd"
1O}bjanhb wata la Hbbfvanhb Dabehbzmt +4717("Nlf}j Nfiw}zhb`" La zmtnmta fla jm la~ Zmnbflf`a~ jm la Hboftianhb"
1" Hbztfj}nnhb al nlf}j nfiw}zhb`
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
7/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 0 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
Nlf}j nfiw}zhb`m~ la ~}ia jm la mvfl}nhb jm vatha~ zmnbflf`a~3
A}imbzf jm la nawanhjaj jm wtfnm~aihmbzf" Jm~jm ml fth`mb jm la hboftizhna,
la nawanhjaj jm niw}zf jm lf~ ftjmbajftm~ wmt~fbalm~ ~m ka hjf hbntmimbzabjfjm oftia vmtzh`hbf~a"
Nfbm{hb a Hbzmtbmz" La T mj ~m ka n fbvmtzhjf mb }ba km ttaihmbza na~h
hbjh~wmb~adlm mb la vhja nfzhjhaba jm la~ wmt~fba~" ^} mvfl}nhb hiwlhna a}imbzf
mb la vmlfnhjaj jm nfbm{hb x mb ml bimtf jm nfbm{hfbm~ mb lf~ kf`atm~ x mb ml
ztadacf"
Jh~wf~hzhvf~ ivhlm~" La ihbhaz}thsanhb jm lf~ nfiwfbmbzm~ hboftizhnf~ ka
wmtihzhjf la awathnhb jm jh ~wf~hzhvf~ ivhlm~ q}m wmtihzmb la nfbm{hbwmtiabmbzmimbzm a Hbzmtbmz" Kfx mb ja, mb }b bm`fnhf m~ bmnm~athf wfjmt~m
nfbmnzat nfb lf~ tmn}t~f~ jm l a miwtm~a, zabzf jm~jm ftjmbajftm~ ohcf~ nfif
jm~jm jh~wf~hzhvf~ wftzzhlm~, nfbvhtzhbjf~m la }dhn}hjaj x ifvhlhjaj mb tmq}h~hzf~
jm tab hiwftzabnha"
Mb n}abzf a la kh~zftha jm la nfiw}zanhb mb la b}dm, jm~zanab lf~ ~h`}hmbzm~ mvmbzf~3
Mb 18?1, Cfkb InNatzkx ~}`hth q}m lf~ avabnm~ mb l a hboftizhna x la~
nfi}bhnanhfbm~ nfbj}nhtab a q}m $al`b ja la nfiw}zanhb ~m ft`abhsata nfif
}b ~mtvhnhf wdlhnf +}zhlhzx(, h`}al q}m ml ifjmlf jm bm` fnhf jml a`}a f lamlmnzthnhjaj"
A ohbalm~ jm lf~ af~ 87, lf~ znbhnf~ jm Aiasfb ~m jhmtfb n}mbza q}m zmbab }ba
`tab hbotam~zt}nz}ta hboftizhna wmtf q}m awmba~ }zhlhsadab ml 17)1=- jm ~ }
nawanhjaj" _hmtfb la~ wf~hdhlhjajm~ jm fo tmnmt m~zf~ ~mtvhnhf~ a }~ }athf~ x mb
477? wtm~mbzatfb lf~ ^mtvhnhf~ Pmd jm Aiasfb4
J}tabzm lf~ af~ 4770 x 477;, `tabjm~ miwtm~a~ nfif @ff`lm f HDI ~m }bhmtfb
a }bhvmt~hjajm~ bftzmaimthnaba~ wata hbhnhat }ba hbvm~zh`anhb a `tab m~nala~fdtm ml nlf}j nfiw}zhb`" Nfif tm~}lzajf jm m~za hbvm~zh`anhb, mbmtf jm 4778
awatmnh M}nalxwz}~, }ba wlazaoftia jm njh`f adhmtzf q}m wmtihza la ntmanhb jm
~h~zmia~ mb la b}dm nfiwazhdlm~ nfb lf~ ~mtvhnhf~ pmd jm Aiasfb"
"
Mb nfbnl}~hb, lf~ avabnm~ mb l f~ ztm~ naiwf~ imbnhfbajf~ abzmthftimbzm +nawanhjaj
jm wtfnm~aihmbzf, nfbm{hb a Hbzmtbmz x jh~wf~hzhvf~ ivhlm~( c}bzf a l a~ hiwftzabzm~
hbvmt~hfbm~ tmalhsaja~ wft la~ `tabjm~ miwtm~a~ q}m jfihbab ml wabftaia zmnbfl`hnf
i}bjhal kab wtfwhnhajf la twhja mvfl}nhb m hiwlabzanhb jml nlf}j nfiw}zhb`" Ka~za zal
w}bzf q}m i}nkf~ }~}athf~ xa jh~ot}zab lf~ ~mtvhnhf~ mb la b}dm ~hb jat~m n}mbza"
4 Mb hb`l~, Aiasfb Pmd mtvhnm~+AP^(kzzw3&&ap~"aiasfb"nfi&
http://aws.amazon.com/http://aws.amazon.com/http://aws.amazon.com/http://aws.amazon.com/8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
8/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba ; jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
1"4 ML L]@AT JML NLF]J NFIW]ZHB@MB ML JM^ATTFLLF HBOFTIZHNF
La mvfl}nhb jm la hboftizhna mb lf~ lzhif~ af~ ~m w}mjm ~hiwlhohnat mb lf~ ~h`}hmbzm~
khzf~3
Iahbotaim~" A wthbnhwhf~ jm lf~ af~ ?7, lf~ ftjmbajftm~ mtab jh~wf~hzhvf~ i}x
natf~, jhonhlm~ jm iabzmbmt x jm }zhlhsat" La~ miwtm~a~ zmbab `tabjm~
ftjmbajftm~, nfbfnhjf~ nfif iahbotaim~, wata kanmt la~ zatma~ i~ ntzhna~ x
nfiwlhnaja~" @mbmtalimbzm, m~zf~ bf m~zadab nfbmnzajf~ a la Tmj x ~m }zhlhsadab
wata iabmcat `tabjm~ nabzhjajm~ jm jaz f~ nfif nmb~f~ f z tab~annhfbm~
mnfbihna~"
Atq}hzmnz}ta nlhmbzm)~mtvhjft" Mbztm lf~ af~ 07 x ;7, ~m `mbmtalhs ml }~f jm
ftjmbajftm~ wmt~fbalm~ mb l f~ w}m~zf~ jm z tadacf, imbf~ nf~zf~f~ x wfzmbzm~,wmtf q}m wmtihzab tmalhsat zatma~ d~hna~" Ajmi~ jh~wfbab jm }b jmzmtihbajf
bimtf jm ftjmbajftm~ i~ wfzmbzm~ q}m ~m mbnat`adab jm iabzmbmt lf~ jazf~
i~ ~mb~hdlm~ a~ nfif la~ awlhnanhfbm~ q}m bmnm~hzadab i~ tmn}t~f~" M~zf~
ftjmbajftm~ nfb iaxftm~ nawanhjajm~ jm wtfnm~f ~m jmbfihbatfb ~mtvhjftm~,
ihmbzta~ q}m la~ iq}hba~ nfb tmn}t~f~ i~ lhihzajf~ jm naja w}m~zf jm ztadacf
wa~atfb a llaiat~m nlhmbzm~" Banh la atq}hzmnz}ta nlhmbzm)~mtvhjft"
Atq}hzmnz}ta~ nfladftazhva~ x jh~zthd}hja~" La nfiwlmchjaj jm la~ awlhnanhfbm~
hboftizhna~ ka hjf ntmnhmbjf nfb ml zhmiwf, lf q}m ka fdl h`ajf a ntmat ~h~zmia~i~ nfiwlmcf~ wata ~fl}nhfbat jm oftia mohnhmbzm zfja~ la~ b}mva~ bmnm~hjajm~"
Wft mcmiwlf, la nfiw}zanhb `thj }zhlhsa }b b imtf vathadlm jm ft jmbajftm~
ztadacabjf jm o ftia nfladftazhva wata ~fl}nhfbat wtfdlmia~ nfiwlmcf~ wata lf~
q}m hbjhvhj}alimbzm bf zhmbmb ~}ohnhmbzm~ tmn}t~f~" Wft fzta watzm, la atq}hzmnz}ta
wmmt)zf)wmmtf w4w m~ }ba atq}hzmnz}ta jh~zthd}hja mb la q}m zfjf~ lf~ bfjf~ kanmb
a la vms jm nfb~}ihjftm~ x ~}ihbh~ztajftm~ jm hboftianhb" M~za~ atq}hzmnz}ta~
~fb aiwlhaimbzm }zhlhsaja~ mb la anz}alhjaj"
Ml ifjmlf nlf}j nfiw}zhb`bf ~}~zhz}xm a la~ atq}hzmnz}ta~ abzmthftm~, wmtf nfb~h`}mnaidhat tajhnalimbzm la oftia mb l a q}m ~m }zhlhsab x mbzhmbjmb la~ awlhnanhfbm~
hboftizhna~, `tanha~ a q}m wmtihzm awtfvmnkat al i{hif lf~ w}bzf~ o}mtzm~ jm Hbzmtbmz,
lf~ jh~wf~hzhvf~ ivhlm~ x lf~ ftjmbajftm~ wmt~fbalm~"
1"> BH_MLM^ JML ^MT_HNHF
Wata nfiwtmbjmt ml o}bnhfbaihmbzf jml nlf}j nfiw}zhb`m~ o}bjaimbzal nfiwtmbjmt lf~
ztm~ bhvmlm~ mb q}m w}mjm ~mt wtfwftnhfbajf ml ~mtvhnhf"
1 Hbotam~zt}nz}ta nfif ^mtvhnhf +Haa^, jm ~}~ ~h`la~ mb h b`l~ Hbota~zt}nz}tm a~ a
^mtvhnm(" ^m ztaza jml bhvml i~ alzf jm ~mtvhnhf" ^m mbnat`a jm m bztm`at }ba
hbotam~zt}nz}ta jm w tfnm~aihmbzf nfiwlmza al }~}athf dacf jmiabja" Ml }~}athf
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
9/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 8 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
jh~wfbm jm }ba f v atha~ iq}hba~ vhtz}alm~ mb la b}dm n fb la~ q}m, wft mcmiwlf,
w}mjm a}imbzat ml zaiaf jm jh~nf j}tf mb }bf~ ihb}zf~, fdzmbmt iaxft nawanhjaj
jm wtfnm~f f mbt}zajftm~> x wa`at ~flaimbzm wft lf~ tmn}t~f~ q}m }zhlhnm" M~zm bhvml
w}mjm ~mt vh~zf nfif }ba mvfl}nhb jm lf~ ^mtvhjftm~ Wthvajf~ _htz}alm~ q}m fotmnmb
anz}alimbzm la~ miwtm~a~ jm kf~zhb`:
4 Wlazaoftia nfif mtvhnhf +Waa^, jm ~}~ ~h`la~ mb hb`l~ Wlazofti a~ a ^mtvhnm(" ^m
ztaza jml bhvml hbzmtimjhf, ~m mbnat`a jm mbztm`at }ba wlazaoftia jm wtfnm~aihmbzf
nfiwlmza al }~}athf, wlmbaimbzm o}bnhfbal x ~hb zmbmt q}m nfiwtat x iabzmbmt ml
katjpatm x ~fozpatm" Wft mcmiwlf, }b jm ~attfllajft pmd bmnm~hza }b ~ mtvhjft pmd
q}m ~htva ~}~ w`hba~, }b ~mtvhjft jm da~m~ jm jazf~ x }b ~h~zmia fwmtazhvf" M~zm
bhvml ~m mbnat`a jm wtfwftnhfbat zfjf~ m~zf~ ~mtvhnhf~"
"
> ^fozpatm nfif mtvhnhf +^aa^, jm ~}~ ~h`la~ mb hb`l~ ^fozpatm a~ a ^mtvhnm(" M~zm
bhvml ~m mbnat`a jm mbztm`at ml ~fozpatm nfif }b ~mtvhnhf a ztav~ jm Hbzmtbmz
~hmiwtm q}m lf jmiabjm ml }~}athf" ^m ztaza jml bhvml i~ dacf q}m wmtihzm ml
annm~f a l a awlhnanhb }zhlhsabjf }b bav m`ajft pmd, ~hb bmnm~hjaj jm h b~zalat
wtf`taia~ ajhnhfbalm~ mb ml ftjmbajft f zmlofbf ivhl" La~ ~}hzm~ fohizhna~ a la~
q}m ~m w}mjm annmjmt fblhbm ~fb }b d}mb mcmiwlf jm m~zm bhvml"
Hl}~ztanhb 13 Mcmiwlf~ jm ~mtvhnhf~ mbztm`ajf~ mb naja bhvml jm nlf}j nfiw}zhb`
> Mbt}zajft f tf}zmt3 Jh~wf~hzhvf q}m jh~zthd}xm ztohnf mbztm tmjm~"
:Kf~zhb`3^mtvhnhf fotmnhjf wft miwtm~a~ nfb~h~zmbzm mb wtm~zat alfcaihmbzf jmbztf jm ~}~ ~mtvhjftm~ a la~ w`hba~ pmd jmfzta~ miwtm~a~, nfb la ohbalhjaj jm q}m alianmbmb hboftianhb, vhjmf~, ofzf`taoa~ f n}alq}hmt zhwf jm jazf~ q}m jm~mabzmbmt annm~hdlm mb la Tmj"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
10/42
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
11/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 11 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
1"= ZHWFLF@A JM WTF_MMJFTM^
Ml wabftaia anz}al jhth`m a lf~ }~}athf~ kanha jf~ wf~hdlm~ ~fl}nhfbm~" La wthimta ~mta
nfbztazat }b nlf}j kf~zhb` x la ~m`}bja ~mta }zhlhsat lf~ ~mtvhnhf~ m~wmnohnf~ jm nlf}jnfiw}zhb`fomtzajf~ wft tabjm~ miwtm~a~"
1 Lf~ ~mtvhnhf~ jm nlf}j kf~zhb` ~fb ~hihlatm~ a l f~ ~mtvhnhf~ fotmnhjf~ wft
miwtm~a~ jm kf~zhb` ztajhnhfbal" La jhomtmbnha wthbnhwal m~ q}m mb }b ~mtvhnhf mb la
b}dm ~m wa`a wft lf q}m ~m }zhlhsa x ~m w}mjmb aiwlhat f jh~ihb}ht lf~ tmn}t~f~ jml
~h~zmia mb n}m~zhb jm ihb}zf~" Mb }b ~h~zmia jm kf~zhb` ztajhnhfbal m~ bmnm~athf
~admt q} nawanhjaj jm wtfnm~aihmbzf ~m va a bmnm~hzat m hbnl}~f q} vmt~hb jml
~h~zmia fwmtazhvf ~m va a }zhlhsat abzm~ jm nfbztazat lf~ ~mtvhnhf~"
4 Lf~ ~mtvhnhf~ jm nlf}j nfiw}zhb`fomtzajf~ wft la~ `tabjm~ miwtm~a~ jml ~mnzfthboftizhnf wmtihzmb fdzmbmt }ba i axft wmt~fbalhsanhb mb la ~fl}nhb hboftizhna
nfbztazaja" Jajf q}m m~za fwnhb dthbja i~ o}bnhfbalhjajm~ zaidhb tmq}hmtm }b
iaxft nfbfnhihmbzf znbhnf wft watzm jml nfbztazabzm wata awtfvmnkat al i{hif ~}~
natanzmt~zhna~"
M{h~zmb kmttaihmbza~ x o}bnhfbalhjajm~ jm nlf}j nfiw}zhb`q}m ~m fotmnmb jm oftia
`taz}hza mb la Tmj, nfif w`hba~ x wlazaoftia~ nfladftazhva~ mb la Pmd 4"7"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
12/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 14 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
4 NATANZM T^ZHN A WT HBNH WALM^ JML NLF]JNFIW]ZHB@
4"1 ANNM^F ]DHN]F A LF^ JAZF^
La wthbnhwal natanzmt~zhna jml nlf}j nfiw}zhb` m~ ml annm~f }dhn}f +jm~jm n}alq}hmt
l}`at( a lf~ jazf~" ^flf ~m bmnm~hza }b bavm`ajft pmd x nfbm{hb a Hbzmtbmz wata jh~ot}zat
jm lf~ ~mtvhnhf~ mb l a b}dm, bf kan m oalza zmbmt }b ~ h~zmia fwmtazhvf jmzmtihbajf f
hb~zalat }b ~fozpatm m~wmnohnf mb naja nlhmbzm" ^m w}mjm }zhlhsat }b wftzzhl, }b zmlofbf
ivhl f }ba vhjmfnfb~fla nfbmnzajf a la Tmj wata annmjmt a la~ awlhnanhfbm~ jm la b}dm
mb n}alq}hmt ifimbzf"
Anz}alimbzm, la~ zmnbflf`a~ ivhlm~ ~fb }ba watzm hiwftzabzm jmbztf jml ifjmlf jm
bm`fnhf jm }ba miwtm~a" La nfidhbanhb jm jh~wf~hzhvf~ ivhlm~ x ohcf~ ntma b}mva~
fwftz}bhjajm~ mb ml jm~attfllf jm la anzhvhjaj miwtm~athal wmtihzhmbjf wlmba fwmtazhvhjaj"
M~za natanzmt~zhna ~}wfbm }ba `t ab vmbzaca otmbzm a f zta~ zmnbflf`a~, a}bq}m m~
hiwftzabzm w}bz}alhsat q}m m{h~zmb lhihzanhfbm~3 bf m~ wf~hdlm }zhlhsat la~ awlhnanhfbm~ mb
la b}dm ~h bf kax nfbm{hb a Hbzmtbmz" Ajmi~, la nalhjaj x la vmlfnhjaj jm la nfbm{hb
jmdmb ~mt alza~ wata wfjmt }zhlhsat ml ~mtvhnhf jm oftia nfttmnza" Wft bftia `mbmtal, la~
awlhnanhfbm~ jm m~nthzfthf +aq}mllf~ wtf`taia~ q}m m~zb hb~zalajf~ mb }b ftjmbajft(
zhmbmb }b tmbjhihmbzf iaxft q}m la~ awlhnanhfbm~ pmd jmdhjf a q}m awtfvmnkab imcft
zfjf~ lf~ tmn}t~f~ jml mq}hwf"
Nfb nlf}j nfiw}zhb`~m w}mjm ztadacat jm~jm n}alq}hmt l}`at6
Natanzmt~zhna~ wthbnhwalm~ jmlnlf}j nfiw}zhb`4"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
13/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 1> jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
4"4 A^WMNZF^ MNFBIHNF^
A la kfta jm jm ~wlm`at }b b}mvf ~mtvhnhf, ml ifjmlf hboftizhnf da~ajf mb nlf}j
nfiw}zhb`wmtihzm tmj}nht nf~zm~ nfb tm~wmnzf al ifjmlf ztajhnhfbal, xa q}m lf~ tmn}t~f~
q}m la mbzhjaj jmdm jm~zhbat ~fb imbftm~, zabzf jhtmnzf~ +mb n}abzf a kat jpatm,
iabzmbhihmbzf, wmt~fbal, mzn"( nfif hbjhtmnzf~ +hb~zalanhfbm~, ~}ihbh~ztf~, mzn"(, jm zal
oftia q}m watzm jm lf~ nf~zm~ ohcf~ wa~ab a ~mt vathadlm~"
A la vms, la~ mbzhjajm~ w}mjmb nfbztazat }b ~mtvhnhf mb la b}dm wft }ba nabzhjaj al im~ xmb o}bnhb jm nif mvfl}nhfbmb ~}~ bmnm~hjajm~, a}imbzat f jh~ihb}ht lf~ tmn}t~f~ jm
wtfnm~aihmbzf, ~adhmbjf q}m ~m va a wa`at wft }~f momnzhvf"
4"> M^NALADHLHJAJ X OLM[HDHLHJAJ
La ~mbnhllms nfb la q}m ~m w}mjmb aajht f mlhihbat tmn}t~f~ zaidhb ~}wfbm }ba vmbzaca
otmbzm al ifjmlf ztajhnhfbal" O}mta jm l a b}dm, n}abjf }b ajihbh~ztajft jml ~h~zmia
bmnm~hza hb~zalat }ba }bhjaj jm jh~nf j}tf ajhnhfbal, jmdm mlm`ht ml wtfj}nzf x ~m`}ht }b
wtfzfnflf wata tmalhsat la nfiwta, tmnhdht, hb~zalat x nfboh`}tat ml mq}hwf wata ~} w}m~za a
w}bzf" ^h ztab~n}tthjf }b z hmiwf ml vfl}imb jm }~ }athf~ jm~nhmbjm f v atab la~
o}bnhfbalhjajm~ jml ~h~zmia, xa bf ~m wfjt jat iatnka azt~"
Jmdhjf a la `tab m~naladhlhjaj x olm{hdhlhjaj jml nlf}j nfiw}zhb`, zfjf~ lf~ wtfvmmjftm~
jm ~mtvhnhf~ fotmnmb la wf~hdhlhjaj jm aajht f mlhihbat tmn}t~f~ mb n}m~zhb jm ihb}zf~,a}imbzabjf ml alianmbaihmbzf f ml bimtf jm wtfnm~ajftm~ ~hb q}m la awlhnanhb ~m
vma aomnzaja" Bf kax q}m hb~zalat baja mb ml ~h~zmia fwmtazhvf, bh nfboh`}tat }bhjajm~ jm
katjpatm ajhnhfbalm~" Jml ih~if ifjf, ~h wa~ajf }b zhmiwf ~m jmzmnza q}m ml ~mtvhnhf
mb la b}dm bf tmq}hmtm zabza nawanhjaj jm wtfnm~aihmbzf, ~m w}mjmb jh~ihb}ht ~}~
tmn}t~f~ wata ajmn}atlf~ al vfl}imb jm ztadacf bmnm~athf mb naja ifimbzf"
N}bzf zhmiwf w}mjm wa~at jm~jm q}m ~m jmzmnza q}m ~fb bmnm~athf~ i~
tmn}t~f~ ka~za q}m m~zb jh~wfbhdlm~6
M~ bmnm~athf llmvat a nadf }ba `tab hbvmt~hb wata hiwlabzat ml ifjmlf mb la
ft`abhsanhb6
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
14/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 1: jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
4": JM^LFNALHSANHB JM JAZF^ X WTFNM^F^
Mb }b ~h~zmia hboftizhnf ztajhnhfbal, ml ajihbh~ztajft jml ~h~zmia nfbfnm mb q}
iq}hba ~m alianmba naja jazf x q} ~mtvhjft m~ ml mbnat`ajf jm n aja wtfnm~f" Ml
ifjmlf mb la b}dm kanm }~f jm jh~zhbza~ zmnbflf`a~ jm vhtz}alhsanhb wata wfjmt fotmnmt
zfja~ la~ o}bnhfbalhjajm~ bmnm~atha~, wft lf q}m ~m whmtjm ml nfbztfl ~fdtm la lfnalhsanhb"
M~zf bf ~ h`bhohna q}m lf~ jazf~ f w tfnm~f~ m~zb wmtjhjf~ mb H bzmtbmz, w}m~zf q}m ml
nlhmbzm iabzhmbm ml nfbztfl ~fdtm q}hb m~ nawas jm annmjmt f ifjhohnat m~za hboftianhb"
La vmbzaca m~ q}m ~m w}mjmb llmvat zabzf lf~ jazf~ nfif lf~ wtfnm~f~ al l}`at i~nfbvmbhmbzm wata la ft`abhsanhb" Wft mcmiwlf, ~m w}mjmb }zhlhsat ilzhwlm~ nfwha~ jm }b
~mtvhjft x tmwatzhtla~ wft nmbztf~ jm wtfnm~f jm jazf~ mb jh~zhbzf~ w}bzf~ jml wlabmza wata
imcftat lf~ zhmiwf~ jm annm~f jm l f~ }~}athf~" Ajmi~, oanhlhza ml iabzmbhihmbzf jm
nfwha~ jm ~m`}thjaj bf ~flf jm lf~ jazf~ ~hbf jml ~mtvhjft mbzmtf, jml ~h~zmia fwmtazhvf x
lf~ wtf`taia~ hb~zalajf~ mb l"
La lfnalhsanhb jm lf~ jazf~ w}mjm h bnhjht ~h`bhohnazhvaimbzm mb ml t`himb c}tjhnf
awlhnadlm x mb l a~ nfbjhnhfbm~ jml nfbztazf" Mb jmzmtihbajf~ na~f~ wfjta tmq}mtht~m
n}iwlht nfb lf~ tmq}h~hzf~ wtmvh~zf~ wata la~ ztab~omtmbnha~ hbzmtbanhfbalm~ jm jaz f~wmt~fbalm~"
4"= JMWMBJMBNHA JM ZMTNMTF^
Zabzf ~h ~m ztadaca nfb }ba b}dm wdlhna nfif nfb }ba b}dm kdthja, m{h~zht }ba
miwtm~a nfbztazaja wata wtfvmmt lf~ ~mtvhnhf~ bmnm~athf~" Lf~ dmbmohnhf~ jm nfbzat nfb
m~za~ miwtm~a~ m~ q}m ~m mbnat`ab jm zfjf ml iabzmbhihmbzf jml katjpatm, tmnhbzf~
m~wmnhalhsajf~ wata lf~ nmbztf~ jm wt fnm~aihmbzf jm jaz f~, ~}ihbh~ztf mlnzthnf x
nfbmnzhvhjaj a Hbzmtbmz, mzn"
Lf~ wtfvmmjftm~ jm ~mtvhnhf mb la b}dm bf ~flf kf~wmjab }b ~mtvhjft pmd +nfif fn}ttm
mb ml kf~zhb`ztajhnhfbal(, ~hbf zaidhb zfjf~ lf~ wtfnm~f~ x jazf~ q}m m~zb mb la b}dm,
ajmi~ jm la~ nfwha~ jm ~m`}thjaj" M~ jmnht, q}m nfiwatzmb watzm jm ~} nfbztfl nfb ml
}~}athf } ft`abhsanhb"
Ml m~zadlmnhihmbzf jm } b bhvml ajmn}ajf jm z tab~watmbnha mb ml imtnajf a l a kfta jmbm`fnhat lf~ ztihbf~ x nfbjhnhfbm~ mb lf~ nfbztazf~ m~ o}bjaimbzal wata nfbztattm~zat la
oalza jm nfbztfl jmthvaja jm la jmwmbjmbnha jm zmtnmtf~"
^adm la miwtm~a jbjm m~z ~} hboftianhb6
Whmtjm la miwtm~a ml nfbztfl ~fdtm ~} hboftianhb x ~}~ wtfnm~f~6
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
15/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 1= jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
> IATNF LM@AL
Ml nlf}j nfiw}zhb`zhmbm ~} wthbnhwal o}bjaimbzf mb la `m~zhb tmifza jm la hboftianhb"
La~ ft`abhsanhfbm~ ztab~ohmtmb `tab nabzhjaj jm hboftianhb, mb al`}bf~ na~f~ ~mb~hdlm,
mb ~mtvhjftm~ wmtzmbmnhmbzm~ a zmtnmtf~"
M~zf nfbllmva b}imtf~a~ hiwlhnanhfbm~ c}tjhna~, i~ ab mb ml na~f jm q}m lf~ jazf~ ~m
alfcmb mb ~mtvhjftm~ jm fztf wa~, mb la imjhja mb q}m nfbvmt`mb jf~ f i~
c}th~jhnnhfbm~ x ~}t`m la bmnm~hjaj jm jmz mtihbat a~wmnzf~ nfif la Lmx awlhnadlm, lf~
zthd}balm~ nfiwmzmbzm~ f la~ nfbjhnhfbm~ m{h`hdlm~ wata q}m la ztab~omtmbnha jm lf~ jazf~
a lf~ ~h~zmia~ jml wtfvmmjft w}mja ~mt vhadlm x mb ~} na~f a}zfthsaja wft la a}zfthjaj
banhfbal jm wtfzmnnhb jm jazf~" Al ohtiat ml nfttm~wfbjhmbzm nfbztazf f ztihbf~ jm }~f,
ml nlhmbzm f nfbztazabzm ~m vhbn}la a anmwzat }ba c}th~jhnnhb nfbntmza"
Mb ml na~f m}tfwmf, ml iatnf `mbmtal mb n}abzf a wtfzmnnhb jm jazf~ x lhdtm nhtn}lanhb
jm lf~ ih~if~ lf ohca la Jhtmnzhva 8=&:?&NM, mb ajmlabzm la Jhtmnzhva=
A~hih~if, m{h~zmb Jmnh~hfbm~ x Nfi}bhnanhfbm~ jm la Nfih~hb M}tfwma x jfn}imbzf~
ajfwzajf~ wft lf~ wthbnhwalm~ anzftm~ a bhvml m}tfwmf mb la iazmtha, nfif m~ ml na~f jm
la Tmj jm A`mbnha~ M}tfwma~ jm ^m`}thjaj jm la Hboftianhb +MBH^A(
" La z ta~wf~hnhb
banhfbal fwmtaja wft naja M~zajf ihmidtf fdlh`a a z mbmt mb n}mbza la Lmx banhfbal
nfif nthzmthf tmnzft"
?
>"1 TM@]LANHB JM LA LFWJ
jm lf~ q}m ~m
jmj}nm ml natnzmt o}bjaimbzal jml iatnf lm`al awlhnadlm"
La Lmx Ft`bhna 1=&1888 jm 1> jm jhnhmidtm jm Wtfzmnnhb jm Jazf~ jm Natnzmt
Wmt~fbal +LFWJ( tm`}la lf~ a~wmnzf~ tmlazhvf~ al ztazaihmbzf jm lf~ jazf~ wmt~fbalm~ x la
lhdtm nhtn}lanhb jm lf~ jazf~" La A`mbnha M~wafla jm Wtfzmnnhb jm Jazf~ +AMWJ(0
m~ ml t`abf jm nfbztfl q}m ~m mbnat`a jm `atabzhsat ml n}iwlhihmbzf jm m~za bftiazhva
jmbztf jml zmtthzfthf m~wafl;
Mb wthimt l}`at, zabzf la miwtm~a nfbztazabzm jm ~ mtvhnhf~ nfif la wtfvmmjfta jmdmb
zmbmt mb n}mbza la jmohbhnhb jm jazf wmt~fbal q}m m~zadlmnm ml atzn}lf > jm la LFWJ3 }bjazf wmt~fbal m~ n}alq}hmt hboftianhb nfbnmtbhmbzm a wmt~fba~ o~hna~ hjmbzhohnaja~ f
hjmbzhohnadlm~"
"
= Jhtmnzhva 8=&:?&NM jml Watlaimbzf M}tfwmf x jml Nfb~mcf, jm 4 : jm fn z}dtm jm 188=, tmlazhva a l a wtfzmnnhb jm l a~wmt~fba~ o~hna~ mb lf q}m tm~wmnza al ztazaihmbzf jm jazf~ wmt~fbalm~ x a la lhdtm nhtn}lanhb jm m~zf~ jazf~"
? O}mbzm3MBH^A +4711("^mn}thzx abj Tm~hlhmbnm hb @fvmtbimbzal Nlf}j~"0 I~ hboftianhb3kzzw~3&&ppp"a`wj"m~&
; M{h~zmb ajmi~ fzta~ A`mbnha~ jm Wtfzmnnhb jm J azf~ jm natnzmt a}zfbihnf, mb l a~ Nfi}bhjajm~ A}zbfia~ jmIajthj, Nazal}a x mb ml Wa~ _a~nf
>" Iatnf lm`al
https://www.agpd.es/https://www.agpd.es/https://www.agpd.es/https://www.agpd.es/8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
16/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 1? jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
^h lf~ jazf~ nfb lf~ q}m ~m va a ztadacat mb la b}dm wmtzmbmnmb a m~za nazm`fta,
la miwtm~a q}m lf~ ztazm jmdm n }iwlht nfb natnzmt wtmvhf nfb ml nfbc}bzf jm
fdlh`anhfbm~ wtmvh~za~ mb l a LFWJ3 la hb~nthwnhb jm ohnkmtf~, jmdmtm~
tmlanhfbajf~ nfb la hboftianhb mb la tmnf`hja, ml nfb~mbzhihmbzf x la nalhjaj jm
lf~ jazf~, `atabza jm lf~ llaiajf~ jmtmnkf~ ATNF +Annm~f, Tmnzhohnanhb,
Nabnmlanhb x Fwf~hnhb( f la ajfwnhb jm imjhja~ jm ~m`}thjaj 8
^h lf~ jazf~ nfb lf~ q}m ~m va a ztadacat mb la b}dm bf ~fb jazf~ wmt~fbalm~ +~fb,
wft mcmiwlf, nfiwlmca~ fwmtanhfbm~ iazmizhna~, nln}lf~ o~hnf~ f q}ihnf~,
mzn"( ~m w}mjm wtfnmjmt ~hb q}m la LFWJ ~malm hiwmjhimbzf al`}bf"
"
Ajmi~, mb ml na~f jml nlf}j nfiw}zhb` m~ o}bjaimbzal tmvh~at la~ nfbjhnhfbm~ jml
nfbztazf a ohb jm `atabzhsat }ba ajmn}aja wtmvh~hb jm la~ n}m~zhfbm~ tmlanhfbaja~ nfb lawtm~mbnha jm }b mbnat`ajf jml ztazaihmbzf x&f }ba ztab~omtmbnha hbzmtbanhfbal jm
jazf~ wmt~fbalm~"
>"1"1 Wtm~zanhb jm ~mtvhnhf~ wft zmtnmtf~ acmbf~ al tm~wfb~adlm
Mb la wtm~zanhb jm ~mtvhnhf~ jm nlf}j nfiw}zhb`wft zmtnmtf~ acmbf~ a la ft`abhsanhb
tm~wfb~adlm ~m wtfj}nm lf q}m la LFWJ x ~} Tm`laimbzf jm Jm~attfllf +TJLFWJ( 17
^m jmohbm }b mbn at`ajf jml ztazaihmbzf nfif la wmt~fba o~hna f c}tjhna, wdlhna f
wthvaja, } t`abf ajihbh~ztazhvf q}m, ~flf f nfbc}bzaimbzm nfb fztf~, ztazm jazf~
wmt~fbalm~ wft n}mbza jml tm~wfb~adlm jml ztazaihmbzf f jml tm~wfb~adlm jml ohnkmtf,
nfif nfb~mn}mbnha jm la m{h~zmbnha jm }ba tmlanhb c}tjhna q}m lm vhbn}la nfb ml ih~if
x jmlhihza ml idhzf jm ~} anz}anhb wata la wtm~zanhb jm }b ~mtvhnhf +atzn}lf =
TJLFWJ("
jmbfihbab }b mbnat`f jml ztazaihmbzf" M~zf m~, }ba wtm~zanhb jm ~mtvhnhf~ mb la q}m lf~
jazf~ ~fb fdcmzf jm al`b zhwf jm z tazaihmbzf wft watzm jml wtm~zajft&wtfvmmjft, q}hmb
wa~a a ~mt ml mbnat`ajf jml ztazaihmbzf"
Mb la ~h`}hmbzm zadla ~m tmnf`mb lf~ wthbnhwhf~ d~hnf~ q}m jmdmb tm}bht la~ nl}~}la~
nfbztanz}alm~ tmlanhfbaja~ nfb ml annm~f a lf~ jazf~ wft n}mbza jm zmtnmtf~ x la~m`}thjaj jm lf~ jazf~, a~ nfif la oh`}ta a q}hmb ~m jhth`m jhnka nl}~}la"
8 I~ hboftianhb3 A`mbnha M~wafla jm Wtfzmnnhb jm Jazf~ +477;( @}a jml tm~wfb~adlm jm ohnkmtf~"17 Tmal Jmntmzf 1047&4770, jm 41 jm jhnhmidtm, wft ml q}m ~m awt}mda ml Tm`laimbzf jm jm~attfllf jm la Lmx Ft`bhna1=&1888, jm 1> jm jhnhmidtm, jm wtfzmnnhb jm jazf~ jm natnzmt wmt~fbal f TLFWJ"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
17/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 10 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
A~wmnzf~ anfbzmiwlat
Atzn}lf~hiwlhnajf~ Nfbzmbhjf jm la~ nl}~}la~ nfbztanz}alm~
Annm~f a
lf~ jazf~
wft n}mbza
jm zmtnmtf~
Atzn}lf 14LFWJ
Atzn}lf~ 47, 41x 44 TJLFWJ
Ml tm~wfb~adlm jmdmt3
^}wmtvh~at q}m ml mbnat`ajf tmbm la~ `atabza~ wata
ml n}iwlhihmbzf jm lf jh~w}m~zf wft ml TJLFWJ"
Hbnl}ht }ba jm~nthwnhb jml nfbc}bzf jm hb~zt}nnhfbm~
q}m ml mbnat`ajf awlhna wata ztazat lf~ jazf~"
M~zadlmnmt la~ imjhja~ jm ~m`}thjaj q}m ml
mbnat`ajf jml ztazaihmbzf m~z fdlh`ajf a hiwlabzat"
Ml mbnat`ajf jmdmt3
]zhlhsat lf~ jazf~ m{nl}~hvaimbzm wata lf~ ohbm~
nfbztazajf~" Mb na~f nfbztathf, ~m nfbvhmtzm mb
tm~wfb~adlm x jmdm tm~wfbjmt wft la hbotannhb
nfimzhja"
Bf nfi}bhnat m~za hboftianhb a zmtnmtf~, bh ~hq}hmta
wata ~} nfb~mtvanhb"
M~zat a}zfthsajf wft ml tm~wfb~adlm wata~}dnfbztazat11
Jm~zt}ht f jmvflvmt la hboftianhb ztazaja al
tm~wfb~adlm }ba vms ohbalhsajf ml nfbztazf" Nadm
n}iwlht la fdlh`anhb jm jmvfl}nhb imjhabzm la
ih`tanhb jm lf~ jazf~ a }b b}mvf wtfvmmjft"
x n}iwlht zfjf~ lf~ tmq}h~hzf~ jm l a
LFWJ x ml TLFWJ mb m~za iazmtha"
^m`}thjaj
jm lf~ jazf~
Atzn}lf 8 LFWJ
Zz}lf _HHHTJLFWJ
Ml tm~wfb~adlm jmdmt3
Ajfwzat la~ imjhja~ znbhna~ x ft`abhsazhva~
bmnm~atha~ wata `atabzhsat la ~m`}thjaj jm lf~
ohnkmtf~"
Mvhzat q}m la hboftianhb ~m whmtja f q}m ~ma
annmjhja f ztazaja wft wmt~fbal bf a}zfthsajf"
M~zadlmnmt imjhja~ jm wtmvmbnhb otmbzm lf~ jh~zhbzf~
thm~`f~ a lf~ q}m ~m mbn}mbztab ~fimzhjf~ lf~ jazf~,
xa wtfvmb`ab jm la annhb k}iaba, ~mab zmnbfl`hnf~
f jmwmbjab jml mbzftbf o~hnf f baz}tal"
11 ^m ajihzm la ~}dnfbztazanhb" Bf ~m nfb~hjmta nfi}bhnanhb jm jazf~ ml annm~f jm }b zmtnmtf a lf~ jazf~ n}abjf jhnkfannm~f ~ma bmnm~athf wata la wtm~zanhb jm }b ~mtvhnhf al tm~wfb~adlm jml ztazaihmbzf"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
18/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 1; jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
Jmdm zmbmt~m mb n}mbza q}m la m{h~zmbnha jml nfbztazf tm`}lajf wft ml atzn}lf 14 jm la
LFWJ m{nl}xm la awlhnanhb jm la tm`}lanhb wtmvh~za wata la~ nfi}bhnanhfbm~ jm jazf~
wmt~fbalm~ x oanhlhza, wft zabzf, ml jm~wlhm`}m jm ~mtvhnhf~ da~ajf~ mb ml nlf}j nfiw}zhb`"
La oh`}ta jml mbnat`ajf m~ nfbzmiwlaja jm ifjf i}x m~wmnohnf wft ml Zz}lf _HHH jml
TJLFWJ" Ml atzn}lf ;4 ~mala la bmnm~hjaj jm q}m la~ imjhja~ q}m ~m ohcmb mb ml
nfbztazf zmb`ab mb n}mbza jm ifjf i}x wtmnh~f la baz}talmsa jm la wtm~zanhb, ~h m~za ~m
jm~attflla mb lf~ lfnalm~ jml tm~wfb~adlm f mb lf~ jml mbnat`ajf x la~ nfbjhnhfbm~ jm
~m`}thjaj q}m aomnzmb a }b annm~f tmifzf"
Ml nfbc}bzf jm imjhja~ jm ~m`}thjaj wtmvh~za~ wft la lmx x ~} tm`laimbzf zhmbm wft fdcmzf
`atabzhsat la hbzm`thjaj x la ~m`}thjaj jm l f~ ohnkmtf~ mb l f~ nmbztf~ jm ztazaihmbzf,
lfnalm~, mq}hwf~ x wtf`taia~ x jm la jh~wfbhdhlhjaj jm la hboftianhb14
"
Ml wtfvmmjft jm ~mtvhnhf~ mb la b}dm ~m mbnat`a jm iabzmbmt la ~m`}thjaj mb ~}~ nmbztf~
jm wtfnm~f jm jazf~" Kadhz}alimbzm bf ~mt wf~hdlm }ba hb~wmnnhb jm ~}~ imjhja~ jm
~m`}thjaj wft ml nlhmbzm hbzmtm~ajf mb n fbztazat ~}~ ~mtvhnhf~" Wft fzta watzm, ~alvf mb
na~f~ i}x m~wmnohnf~, la nfbztazanhb ~m tmalhsa a ztav~ jm nfbjhnhfbm~ `mbmtalm~,)m~zf m~, jm nfbztazf~ q}m tm~wfbjmb a }b ifjmlf `mbmtal wata }ba nazm`fta jm nlhmbzm~)
x ajhnhfbalimbzm w}mjmb wtmvmt~m wflzhna~ jm wthvanhjaj" Wft mllf ~mt o}bjaimbzal
wata ml nlhmbzm nmtnhftat~m jm q}m ml wtfvmmjft jm ~mtvhnhf~ ~m nfiwtfimzm a tm~wmzat x
n}iwlht la~ fdlh`anhfbm~ nfbzmbhja~ mb la LFWJ x la Jhtmnzhva x mb m~wmnhal, mb lf tmlazhvf
a la ~m`}thjaj jm lf~ jazf~ x ml annm~f a lf~ jazf~ wft n}mbza jm zmtnmtf~"
La jhohn}lzaj mb m~zf~ na~f~ tm~hjm mb q}m mb la wtnzhna ~m w}mjm alnabsat ml tm~}lzajf
wtmvh~zf wft la lm`h~lanhb imjhabzm }b izfjf jh~zhbzf al kadhz}al" Jm an}mtjf nfb la Lmx,
al anmwzat lf~ ztihbf~ jm }~f ml wtfvmmjft ~m nfbvhmtzm mb mbnat`ajf jml ztazaihmbzf x
bhnaimbzm w}mjm z tazatlf~ jm an }mtjf a la~ hb~zt}nnhfbm~ jml tm~wfb~adlm jml
ztazaihmbzf +ml nlhmbzm(, ~hb awlhnatlf~ f }zhlhsatlf~ nfb ohb jh~zhbzf al m~zadlmnhjf, bh
nfi}bhnatlf~ a fzta~ wmt~fba~" ^hb midat`f, w}m~zf q}m mb tmalhjaj lf~ wtfvmmjftm~ jml
~mnzft }zhlhsab nfbjhnhfbm~ `mbmtalm~ ~mt bmnm~athf vmthohnat wtmvhaimbzm q}m m~za~ ~m
ac}~zab a la~ wtmvh~hfbm~ jm l a Lmx m~wafla x ml `tajf jm jh ~wf~hnhb jml wtfwhf
wtfvmmjft a hbnftwftat mb ~} na~f nl}~}la~ ajhnhfbalm~, m~nf`hmbjf mbztm aq}mlla~
fomtza~ q}m atabzhnmb m~zm n}iwlhihmbzf"
14 _a~m la @}a jm ^m`}thjaj jm Jazf~+4717( x la kmttaihmbza M_AL]A jm la A`mbnha M~wafla jm Wtfzmnnhb jm Jazf~q}m wmtihzmb hjmbzhohnat ml nfbc}bzf jm imjhja~ jm ~m`}thjaj wtmvh~za~ x zm~zmat ~} n}iwlhihmbzf"
Nif aomnzab ml atzn}lf 8 x 14 jm la LFWJ al nlf}j nfiw}zhb`6
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
19/42
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
20/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 47 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
q}m la wtm~zanhb ~m tmalhnm mb wa~m~ acmbf~ al M~wanhf Mnfbihnf M}tfwmf, fwmtat ml
t`himb wtmvh~zf wft lf~ atzn}lf~ >> x >: jm la LFWJ"
Atzn}lf~hiwlhnajf~ Nfbzmbhjf jml atzn}lf
Atzn}lf >>LFWJ
Bf ~m wmtihzm la zta~omtmbnha zmiwftal bh jmohbhzhva jm jaz f~ jm
natnzmt wmt~fbal a fztf~ wa~m~ q}m bf dt hbjmb }b bhvml jm
wtfzmnnhb mq}hwatadlm al jm la LFWJ"
Atzn}lf >:LFWJ
Mb fna~hfbm~ ~m wmtihzm m~za ztab~omtmbnha wtmvha a}zfthsanhb
ajihbh~ztazhva jml Jhtmnzft jm la A`mbnha M~wafla jm Wtfzmnnhb
jm Jazf~ +AMWJ(1?
Jhnka a}zfthsanhb bf m~ bmnm~atha3
"
Mb lf~ ~}w}m~zf~ m{nmwnhfbalm~ jml atzn}lf >:"a al >:"c jm la
LFWJ"
Mb ml na~f jm lf~ wa~m~ tm~wmnzf jm lf~ q}m la Nfih~hb ka
jmnlatajf q}m nfb~hjmta ajmn}ajf ml bhvml jm wtfzmnnhb jm
jazf~ wmt~fbalm~10
"
N}abjf bf ~ m jmb m~ za~ nhtn}b~zabnha~ ~mt bmnm~athf fdzmbmt la a}zfthsanhb jml
Jhtmnzft jm l a AMWJ ~h`}hmbjf ml wtfnmjhihmbzf wtmvh~zf wft la ^mnnhb Wthimta, jml
Nawz}lf _ jml Zz}lf H[ jml TJLFWJ" M~ i}x hiwftzabzm zmbmt mb n}mbza q}m n}abjf ml
nfbztazf ~h`a lf~ nthzmthf~ ohcajf~ mb lf~ jh~zhbzf~ ifjmlf~ jm nl}~}la~ nfbztanz}alm~ zhwf
m~zadlmnhja~ imjhabzm Jmnh~hfbm~ jm la Nfih~hb M}tfwma1;
1? ^m`b ml wtfnmjhihmbzf wtmvh~zf mb la ^mnnhb Wthimta, jml Nawz}lf _ jml Zz}lf H[ jml TJLFWJ"
, ml atzn}lf 07"4 jml
TJLFWJ aw}bza q}m ~m nfb~hjmtat q}m m~zadlmnmb la~ ajmn}aja~ `atabza~"
10 M~zf~ ~fb3 ^}hsa, At`mbzhba, @}mtb~mx, H~la jm Iab, Cmt~mx, H~la~ Omtfm, Abjftta, H~taml" M{h~zmb jf~ wa~m~ nfb nhmtza~watzhn}lathjajm~" Nabaj mb ml q}m ~m nfb~hjmtab ~m`}ta~ la~ ft`abhsanhfbm~ ~fimzhja~ a la lmx nabajhmb~m jm wtfzmnnhbjm jazf~, x M~zajf~ ]bhjf~, tm~wmnzf jm la~ miwtm~a~ q}m kaxab ~}~nthzf ^aom Katdf}t, m~zf m~ lf~ wthbnhwhf~ jm W}mtzf^m`}tf wata la wtfzmnnhb jm l a vhja wthvaja x la~ nfttm~wfbjhmbzm~ wtm`}bza~ i~ otmn}mbzm~, w}dlhnaja~ wft mlJmwatzaimbzf jm Nfimtnhf jm lf~ M~zajf~ ]bhjf~"
1;Mb nfbntmzf, la~ Jmnh~hfbm~ jm la Nfih~hb M}tfwma al}jhja~ ~fb3
Jmnh~hb 4771&:80&NM jm la Nfih~hb, jm 1= jm c }bhf jm 4771 , tmlazhva a ' Nl}~}la~ nfbztanz}alm~ zhwf wata laztab~omtmbnha jm jazf~ wmt~fbalm~ a }b zmtnmt wa~ wtmvh~za~ mb la Jhtmnzhva 8=&:?&NM"
Jmnh~hb 4774&1?&NM jm la Nfih~hb, jm 40 jm jh nhmidtm jm 4771, tmlazhva a 'Nl}~}la~ nfbztanz}alm~ zhwf wata laztab~omtmbnha jm jazf~ wmt~fbalm~ a lf~ mbnat`ajf~ jml ztazaihmbzf m~zadlmnhjf~ mb zmtnmtf~ wa~m~, jmnfboftihjaj nfb la Jhtmnzhva 8=&:?&NM" +q}mja jmtf`aja a watzht jm 1= jm iaxf jm 4717("
Jmnh~hb 4717&;0&]M jm la Nfih~hb, jm = jm o mdtmtf jm 4717, tmlazhva a la~ nl}~}la~ nfbztanz}alm~ zhwf wata laztab~omtmbnha jm jazf~ wmt~fbalm~ a lf~ mbnat`ajf~ jml ztazaihmbzf m~zadlmnhjf~ mb zmtnmtf~ wa~m~, jmnfboftihjaj nfb la Jhtmnzhva 8=&:?&NM jml Watlaimbzf M}tfwmf x jml Nfb~mcf"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
21/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 41 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
>"4 TM@]LANHB JM LA L^^H
Lf~ wtm~zajftm~ jm ~mtvhnhf~ jm la ~fnhmjaj jm la hboftianhb +~mtvhnhf~ jm alfcaihmbzf
jm jazf~ mb la b}dm x annm~f a Hbzmtbmz(, jmdmb n}iwlht nfb lf~ tmq}h~hzf~ m~zadlmnhjf~ mbla Lmx >:&4774, jm ^mtvhnhf~ jm la ^fnhmjaj jm la Hboftianhb x jml Nfimtnhf
Mlmnztbhnf +L^^H(3
Mb nfbntmzf, lf~ wtfvmmjftm~ jm ~ mtvhnhf~ m~zadlmnhjf~ mb M ~waa m~zb fdlh`ajf~ a
hboftiat a ~}~ nlhmbzm~ jm oftia wmtiabmbzm, onhl, jhtmnza x `taz}hza ~fdtm3
Lf~ imjhf~ znbhnf~ awlhnajf~ wata a}imbzat la ~m`}thjaj jm l a hboftianhb
+nfif wtf`taia~ abzhvht}~, abzhm~wa~ x ohlztf~ jm nfttmf("
La~ imjhja~ jm ~m`}thjaj q}m awlhnab mb la wtfvh~hb jm lf~ ~mtvhnhf~"
La~ kmttaihmbza~ m{h~zmbzm~ wata ml ohlztajf x tm~zthnnhb jml annm~f a
jmzmtihbajf~ nfbzmbhjf~ x ~mtvhnhf~ mb Hbzmtbmz bf jm~majf~ f q}m w}mjab
tm~}lzat bfnhvf~ wata la c}vmbz}j x la hboabnha"
Mb ml na~f jm lf~ wtfvmmjftm~ jm annm~f a Hbzmtbmz, ajmi~ jmdmb nfi}bhnat a
lf~ }~}athf~ la~ tm~wfb~adhlhjajm~ mb q}m w}mjmb hbn}ttht wft ml }~f hlnhzf jm la
Tmj"
Ajmi~ jm lf~ nhzajf~ wtmnmwzf~ lm`alm~ la Lmx >4&477> @mbmtal jmZmlmnfi}bhnanhfbm~ zaidhb vmla wft ml n}iwlhihmbzf jm la~ fdlh`anhfbm~ mb ml ~mntmzf
jm la~ nfi}bhnanhfbm~ x wtfzmnnhb jm jazf~ wmt~fbalm~, a~ nfif jm lf~ jmtmnkf~ x
fdlh`anhfbm~ jm natnzmt wdlhnf vhbn}lajf~ nfb la~ tmjm~ x ~mtvhnhf~ jm nfi}bhnanhfbm~
mlmnztbhna~, hiwfbhmbjf a ~} vms la~ nfttm~wfbjhmbzm~ ~abnhfbm~ wft ~} hbn}iwlhihmbzf"
>"> TM@]LANHB JML NJH@F WMBAL
Ml adabhnf jm n}m~zhfbm~ q}m wlabzma mb }b mbzftbf jm nlf}jw}mjm ~mt i}x nfiwlmcf, ~h
dhmb mb m~zm awatzajf ~m abalhsa jm oftia watzhn}lat ml jmlhzf jm m~zaoa"
La~ natanzmt~zhna~ jml ifjmlf mb la b}dm, nfif la jm~lfnalhsanhb x la ztab~omtmbnha a
zmtnmtf~ jm jazf~ x wtfnm~f~, w}mjmb hbvhzat a wf~hdlm~ m~zaoajftm~ a ntmat ~hzhf~ pmd
oal~f~ mb la b}dm wata awtfwhat~m jm hboftianhb ~mb~hdlm vflnaja wft lf~ }~}athf~ f
jh~zthd}ht ialpatm mb m~zm mbzftbf wata llmvat a nadf azaq}m~ jm ota}jm fblhbm"
Ml Njh`f Wmbal tm`}la ml jmlhzf jm m~zaoa mb ml atzn}lf 4:; +tmoftiajf tmnhmbzmimbzm
~m`b la Lmx Ft`bhna =&4717, jm 44 jm c}bhf( x mb nfbntmzf m~zadlmnm q}m3
1( Nfimzmb m~zaoa lf~ q}m, mb`amb a fztf nfb bhif jm l}ntf, hbj}nhbjflm a
tmalhsat }b anzf mb wmtc}hnhf wtfwhf f acmbf"
4( H`}alimbzm ~m nfb~hjmtab m~zaoajftm~3
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
22/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 44 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
a" Lf~ q}m, nfb bhif jm l}ntf x valhbjf~m jm al`}ba iabhw}lanhb
hboftizhna f ~ hihlat, nfb~h`ab }ba z tab~omtmbnha bf n fb~mbzhja jm
n}alq}hmt anzhvf wazthifbhal mb wmt c}hnhf jm fz tf, hbnl}xmbjf la
hboftianhb jmbztf jm m~za nazm`fta"
d" Lf~ q}m oadthq}mb, hbztfj}snab, wf~mab f o anhlhzmb wtf`taia~
hboftizhnf~ m~wmnohnaimbzm jm~zhbajf~ a la nfih~hb jm ota}jm"
n" Lf~ q}m }zhlhsabjf zatcmza~ jm ntjhzf f jdhzf, f nkmq}m~ jm vhacm, f lf~
jazf~ fdtabzm~ mb n}alq}hmta jm mllf~, tmalhnmb fwmtanhfbm~ jm n}alq}hmt
nla~m mb wmtc}hnhf jm ~} zhz}lat f jm }b zmtnmtf"
Mb o}bnhb jml hiwftzm jm lf jmota}jajf, ml q}mdtabzf mnfbihnf na}~ajf a la vnzhia,
la~ tmlanhfbm~ mbztm m~za x ml jmota}jajft, lf~ imjhf~ miwlmajf~ wft ~zm x ml tm~zf jm
wf~hdlm~ nhtn}b~zabnha~ q}m ~htvab wata valftat ml kmnkf, ~m hiwfbmb jhomtmbzm~
~abnhfbm~ al m~zaoajft, nfif tmnf`m jhnkf zm{zf lm`al"
>": ML ^H^ZMIA C]TJHNF JM LF^ WA^M^ JM JM^ZHBF
La mlmnnhb jml wa~ jm jm~zhbf jm lf~ jazf~ q}m ~mab fdcmzf jm }ba wtm~zanhb da~aja
mb ml nlf}j nfiw}zhb` bf ~flf jmdm zmbmt i}x mb n }mbza la~ bftia~ q}m tm`}lab la~
zmnbflf`a~ jm la hboftianhb x la~ nfi}bhnanhfbm~, ~hbf ml nfbc}bzf jml Ftjmbaihmbzf
c}tjhnf" La Nfb~zhz}nhb M~wafla x lf~ Ztazajf~ jm la ]bhb M}tfwma ~m mbiatnab mb
}ba ztajhnhb nfb~zhz}nhfbal q}m ~alva`}atja lf~ jmtmnkf~ o}bjaimbzalm~ jm l a~
wmt~fba~"
Wft mllf, }dhnat lf~ jazf~ mb }b wa~ mb ml n}al m~zf~ jmtmnkf~ bf tm~}lzmb `atabzhsajf~
nfbztavhmbm jm al`b ifjf ml m~wthz} jml ifjmlf nfb~zhz}nhfbal m~wafl x jml ifjf jm
nfbnmdht lf~ jmtmnkf~ k}iabf~" Wtmnh~aimbzm wft mllf, ml atzn}lf >0"1"o x ml atzn}lf 07">
TJLFWJ wmtihzmb jmbm`at f ~}~wmbjmt zmiwftalimbzm }ba ztab~omtmbnha n}abjf la
~hz}anhb jm wtfzmnnhb jm lf~ jmtmnkf~ o}bjaimbzalm~ x lhdmtzajm~ wdlhna~ mb ml wa~ jm
jm~zhbf f ~} lm`h~lanhb hiwhjab `atabzhsat ml bzm`tf n}iwlhihmbzf jml nfbztazf x ml
mcmtnhnhf wft lf~ aomnzajf~ jm lf~ jmtmnkf~ q}m ml nfbztazf `atabzhsa"
Wft fzta watzm, mb fn a~hfbm~ lf~ wa~m~ jm jm~zhbf w}mjmb n fbomtht oan}lzajm~
m{ztaftjhbatha~ a ~}~ ~mtvhnhf~ jm hbzmlh`mbnha, f a ~}~ o}mtsa~ x n}mtwf~ jm ~m`}thjaj,
wata ml annm~f a la hboftianhb nfbzmbhja mb ~mtvhjftm~ dacf ~} c}th~jhnnhb"
Nfb hbjmwmbjmbnha jm q}m mb la iaxft watzm jm la~ fna~hfbm~ wtfdadlmimbzm ~m ztazm jm
imjhja~ wmtomnzaimbzm tm`}laja~ x nfboftim~ nfb b}m~ztf~ valftm~ nfb~zhz}nhfbalm~, la
wf~hdlm hbzmb~hjaj jm la~ ih~ia~ jmdmta ~mt nfbzmiwlaja mb ml ablh~h~ jm thm~`f~
wtmvhf a la }dhnanhb bf xa ~flf jm jazf~ wmt~fbalm~, ~hbf zaidhb jm aq}mllahboftianhb x tmn}t~f~ q}m la ft`abhsanhb jm~mm ~alva`}atjat otmbzm a n}alq}hmt
annm~f m{zmtbf +_mt awatzajf ="4 ^m`}thjaj wft watzm jml nlhmbzm("
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
23/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 4> jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
: THM^@F^ JML NLF]J NFIW]ZHB@
Nfif zfja zmnbflf`a, ml nlf}j nfiw}zhb` bf m~z m{mbzf jm thm~`f~" N}abzf i~
nfiwlmca m~ la hbotam~zt}nz}ta hboftizhna }zhlhsaja, i~ wf~hdlm~ v}lbmtadhlhjajm~
awatmnmb" A nfbzhb}anhb ~m jm~nthdmb lf~ wthbnhwalm~ thm~`f~ jm ~m`}thjaj x wthvanhjajq}m w}mjmb `mbmtat }b hiwanzf mb lf~ tmn}t~f~ mb la b}dm18
:"1 AD]^F X ]^F IALHBZMBNHFBAJF
3
Ml nlf}j nfiw}zhb` fotmnm }b `tab bimtf jm vmbzaca~ x fwftz}bhjajm~ q}m zaidhb
m~zb ~hmbjf awtfvmnkaja~ wft lf~ whtaza~ hboftizhnf~" Azaq}m~ nfif ml tfdf jm
nfbzta~ma~47, mbvf jm ~wai, `tabca~ jm nawznka~41 f azaq}m~ jm jm bm`anhb jm
~mtvhnhf jh~zthd}hjf44
Lf~ nhdmtjmlhbn}mbzm~ w}mjmb wlabmat ~}~ azaq}m~ nfbztazabjf ~mtvhnhf~ mb la b}dm watawf~zmthftimbzm mcmn}zatlf~ mb n }m~zhb jm kft a~" Ajmi~, lf~ tmn}t~f~ q}m }zhlhnmb ~m
dfttatb }ba vms nfbnl}xa ml azaq}m, lf q}m jhohn}lza i}nkf ~} wmt~mn}nhb"
~m v}mlvmb i}nkf i~ ~mbnhllf~ x datazf~"
Jml ih~if ifjf, w}mjmb nfbztazat ~mtvhnhf~ jm alianmbaihmbzf mb la b}dm wata `}atjat
jazf~ ialhnhf~f~ f tfdajf~" Jm m~za oftia, jhohn}lzab q}m la~ a}zfthjajm~ w}mjab annmjmt
a m~za hboftianhb +wft la nfiwlmchjaj q}m ~}wfbm( wata anz}at nfbzta lf~ azanabzm~"
:"4 O]@A^ HBZMTBA^ JM HBOFTIANHB
La aimbasa zaidhb w}mjm wtfvmbht jm la wtfwha miwtm~a, dhmb wft mttftm~ k}iabf~,dhmb wft annhfbm~ jmlhdmtaja~ jm lf~ }~}athf~ jml nlf}j" M~zf~ hbnhjmbzm~ jm~mbnajmbab
wtjhja~ jm hboftianhb, nfb lf~ nfb~h`}hmbzm~ jaf~ mb la hia`mb jm la miwtm~a x la~
wf~hdlm~ nfb~mn}mbnha~ lm`alm~ x&f c}tjhna~" Wata mvhzat m~za~ ~hz}anhfbm~, la~
ft`abhsanhfbm~ }zhlhsab imjhja~ nfif la hbnftwftanhb jm nl}~}la~ jm nfbohjmbnhalhjaj
mb lf~ nfbztazf~ ladftalm~ f ml m~zadlmnhihmbzf jm wflzhna~ jm ~m`}thjaj"
:"> AWH^ HB^M@]TA^
La~ AWH~4>
18 O}mbzm3 Dabm`a~, I" +Zmlmobhna M~waa @tabjm~ Nlhmbzm~( Wtm~mbzanhb ^m`}thjaj mb Nlf}j Nfiw}zhb`" MBH^M :+4717("
nfb ml bhnf w}bzf jm hbzmtannhb nfb lf~ wtf`taia~ q}m ~m m~zb mcmn}zabjf
mb la b}dm" Al ~mt la~ w}mtza~ jm mbztaja kanha lf~ ~mtvhnhf~ mb la b}dm, ~m nfbvhmtzmb mb}b w}bzf ntzhnf jm la ~m`}thjaj x wthvanhjaj jml ~h~zmia"
47 Ml wa~~pftj ntanehb`m~ }b wtfnm~f hboftizhnf q}m nfb~h~zm mb jm~nhotat la nfbzta~ma jm jmzmtihbaja~ awlhnanhfbm~wata nfb~m`}ht }b annm~f bf a}zfthsajf"
41 Nawznka m~ ml antbhif jm Nfiwlmzmlx A}zfiazmj W}dlhn Z}thb` zm~z zf zmll Nfiw}zmt~ abj K}iab~ Awatz +Wt}mda jmZ}thb` wdlhna x a}zfizhna wata jhomtmbnhat iq}hba~ x k}iabf~(" ^m ztaza jm }ba wt}mda jm~aof)tm~w}m~za }zhlhsaja mbnfiw}zanhb wata jmzmtihbat n}bjf ml }~}athf m~ f bf k}iabf"
44 Mb hb`l~, Jh~zthd}zmj Jmbhal fo ^mtvhnm +JJF^(" La jmbm`anhb jm ~mtvhnhf jh~zthd}hja nfb~h~zm mb azanat a }b ~h~zmia
hboftizhnf wata nfb~}iht zfjf~ ~}~ tmn}t~f~ +wft mcmiwlf ml abnkf jm dabja( hiwhjhmbjf ml annm~f a }~}athf~ lm`zhif~"4> Awwlhnazhfb Wtf`taiihb` Hbzmtoanm" ]ba hbzmtoas jm wt f`taianhb jm awl hnanhfbm~ m~ ml nfbc}bzf jm o }bnhfbm~ xwtfnmjhihmbzf~ q}m fotmnmb la~ dhdlhfzmna~ wata ~mt }zhlhsajf~ wft fztf ~fozpatm nfif }ba nawa jm ad~ztannhb"
:" Thm~`f~ jml nlf}j nfiw}zhb`
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
24/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 4: jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
Naja wtfvmmjft jm ~ mtvhnhf~ mb l a b}dm fo tmnm ~}~ wtfwha~ AWH~ jm n fbm{hb q}m
wmtihzmb jm~jm attabnat f watat lf~ ~mtvhnhf~ mb la b}dm ka~za a}imbzat f jh~ihb}ht lf~
tmn}t~f~ jm lf~ ih~if~"
^hb }ba nfttmnza wflzhna jm ~m`}thjaj, la~ AWH~ w}mjmb ~}otht azaq}m~ jm ialpatm wata
q}m tmalhnmb annhfbm~ ajhnhfbalm~ f jhomtmbzm~ wata la~ q}m fth`hbalimbzm o}mtfb
wtf`taiaja~" Nfb mllf, lf~ azanabzm~ wmt~h`}mb ml tfdf x&f annm~f a la hboftianhb jm la
vnzhia"
:": ^]WLABZANHB JM HJMBZHJAJ
La ~}wlabzanhb jm la hjmbzhjaj m~ }b thm~`f wtm~mbzm zabzf mb lf~ ~h~zmia~ hboftizhnf~
ztajhnhfbalm~ nfif mb ml ifjmlf jm nlf}j nfiw}zhb`" ^hb midat`f, zhmbm }ba m~ wmnhal
tmlmvabnha mb ~zm lzhif"
Mb la iaxfta jm lf~ ~h~zmia~ hboftizhnf~ m~ bmnm~athf hjmbzhohnat~m abzm~ jm t malhsat
n}alq}hmt zatma" Kadhz}alimbzm, m~za hjmbzhohnanhb ~m wtfj}nm imjhabzm la nfidhbanhb
jml bfidtm jm }~}athf x }ba nlavm ~mntmza f wa~~pftj"
Jmwmbjhmbjf jml }~f q}m ~m m~z kanhmbjf jml nlf}j nfiw}zhb`, m~za nfidhbanhb
ztajhnhfbal jm }~ }athf x nfbzta~ma w}mjm bf tm~}lzat lf ~}ohnhmbzmimbzm tfd}~za" M~
bmnm~athf hbvm~zh`at fztf~ ~h~zmia~ i}nkf i~ ~m`}tf~ wata mvhzat la ~}wlabzanhb jm
hjmbzhjaj mb la Tmj"
]ba ~fl}nhb wata hbntmimbzat la ~m`}thjaj m~ la }zhlhsanhb jml JBH mlmnztbhnf nfif
imnabh~if jm hjmbzhohnanhb, xa q}m hbnl}xm imjhja~ nthwzf`tohna~ x dhfizthna~ nfif
nfiwlmimbzf a la~ ztajhnhfbalm~ imjhja~ jm ~m`}thjaj"
Hl}~ztanhb 43 Hia`mb JBH mlmnztbhnf
:"= JM^NFBFNHIHMBZF JML WMTOHL JM THM^@F
La `m~zhb jm la ~m`}thjaj mb lf~ mbzftbf~ hboftizhnf~ ztajhnhfbalm~ ~m ka m~z}jhajf
j}tabzm i}nkf zhmiwf" M~ tmlazhvaimbzm ~mbnhllf awlhnat ~fl}nhfbm~ hboftizhna~ wata
a}imbzat la ~m`}thjaj, jhohn}lzabjf la~ mbztaja~ bf a}z fthsaja~ f jh ~ihb}xmbjf la~
v}lbmtadhlhjajm~ jml ~h~zmia"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
25/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 4= jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
^hb midat`f, ml nlf}j nfiw}zhb` mbztaa }ba mvfl}nhb bf n fbfnhja abzmthftimbzm"
Fotmnm b}mva~ o}bnhfbalhjajm~ m hbntmimbza la~ fwftz}bhjajm~ jm bm`fnhf, wmtf a ~} vms
m~ }b ifjmlf q}m w}mjm ~mt m{wlfzajf wft b}mva~ aimbasa~ mb la Tmj"
M~zf bf ~h`bhohna q}m ~ma imbf~ ~m`}tf q}m lf~ ifjmlf~ abzmthftm~, ~hiwlmimbzm
q}m kax imbf~ m{wmthmbnha jm azaq}m~ x lf~ m{wmtzf~ mb ~m`}thjaj m~z}jhab lf~ b}mvf~
ifj}~ fwmtabjh jm lf~ }~}athf~ ialhbzmbnhfbajf~ a la vms q}m lf~ wf~hdlm~ oallf~ jm
jh~mf"
Jm mbztm m~za~ wtmfn}wanhfbm~, lf~ m{wmtzf~ jm~zanab ml }~f jm zmnbflf`a~
nfiwatzhja~4:
4: O}mbzm3 HBZMNF)NMTZ +4711(" Thm~`f~ x aimbasa~ mb nlf}j nfiw}zhb`"
" M~wmnhalimbzm, mb n}abzf al ah~laihmbzf bmnm~athf jm la hboftianhb jm
jhomtmbzm~ }~}athf~ mb }ba ih~ia hbotam~zt}nz}ta" Abzm m~zf, lf~ wtfvmmjftm~ jm ~mtvhnhf~
nlf}jjmdmb iabzmbmt ~}~ m~o}mtsf~ wata a~m`}tat }b ~mtvhnhf ~hb oh~}ta~ mb ml q}m naja}~}athf zmb`a annm~f bhnaimbzm a ~} wtfwha hboftianhb"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
26/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 4? jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
= ^M@]THJAJ MB LA B]DM
]zhlhsat lf~ ~mtvhnhf~ mb la b}dm nfbllmva }b naidhf mb la oftia jm mbzmbjmt la ~m`}thjaj
hboftizhna" Jmca jm m{h~zht la hia`mb ztajhnhfbal mb la q}m zfjf~ lf~ ~mtvhjftm~ jm la
miwtm~a m~zb mb ml ~zabf jml mjhohnhf jfbjm ~flf w}mjmb annmjmt lf~ ajihbh~ztajftm~hboftizhnf~" Al kanmt }~f jml nlf}j nfiw}zhb`}ba watzm hiwftzabzm jm la ~m`}thjaj jml
~h~zmia tmnam ~fdtm la miwtm~a q}m wtfvmm lf~ ~mtvhnhf~ mb la b}dm"
Wata mbzmbjmt ml ifjmlf jm ~ m`}thjaj jm la hboftianhb awlhnajf mb m~zm ifjmlf m~
bmnm~athf nfbfnmt lf~ jh~zhbzf~ anzftm~ q}m watzhnhwab mb l3
Wtfvmmjft jm ~mtvhnhf~ mb la b}dm3 miwtm~a q}m jh~wfbm jm la hbotam~zt}nz}ta
hboftizhna bmnm~atha wata kf~wmjat lf~ wtf`taia~ ~h`}hmbjf ml ifjmlf jm nlf}j
nfiw}zhb`"
Nlhmbzm3 wmt~fba, ft`abhsanhb f miwtm~a q}m nfbztaza lf~ ~mtvhnhf~ mb la b}dm"
Ml nlhmbzm m~ q}hmb wa`a nhmtza nabzhjaj jm jhbmtf wata dmbmohnhat~m jm l a~
wtm~zanhfbm~ jm la nfiw}zanhb mb la b}dm" Ml }~}athf ohbal, f la wmt~fba f `t}wf
jm wmt~fba~ q}m }zhlhsa ml wtf`taia, w}mjm ~ mt jh~zhbzf al nlhmbzm" Wft mcmiwlf,
}ba miwtm~a w}mjm nfbztazat ~mtvhnhf~ mb la b}dm wata kf~wmjat }b ~mtvhjft pmd
al q}m annmjmtb ~}~ miwlmajf~, nfif ~m i}m~zta mb la ~h`}hmbzm hia`mb"
Hl}~ztanhb >3 Mcmiwlf jm watzhnhwabzm~ mb ml nlf}j nfiw}zhb`
Lf~ imnabh~if~ jm ~m`}thjaj q}m ~m w}mjmb awlhnat wata wtfzm`mt lf~ jazf~ alfcajf~ mb
la b}dm jmdmb nfb~hjmtat~m nfif }b ztadacf nfladftazhvf mbztm la~ jf~ watzm~
+wtfvmmjft jm ~mtvhnhf~ mb la b}dm x nlhmbzm(, xa q}m aida~ jmdmb a~}iht }ba~
tm~wfb~adhlhjajm~" La tmalhsanhb jm a}jh zftha~ jm ~ m`}thjaj nfbc}bza~ m~ }ba d}mba
wtnzhna wata tmvh~at q}m zfjf ml ~h~zmia m~z wtfzm`hjf otmbzm a wf~hdlm~ aimbasa~"
="^m`}thjaj mb la b}dm
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
27/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 40 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
="1 ^M@]THJAJ WFT WATZM JML WTF_MMJFT JM NLF]J NFIW]ZHB@
Ml wtfvmmjft jm ~ mtvhnhf~ mb l a b}dm ~m mbnat`a jm
`atabzhsat la ~m`}thjaj o~hna mb ~}~ nmbztf~ jm wtfnm~f~ jmjazf~" Jmdmt hiwmjht q}m wmt~fba~ bf a}zfthsaja~ mbztmb
mb jhnkf~ mjhohnhf~ wata, wft mcmiwlf, tfdat ~}~ mq}hwf~" Jml
ih~if ifjf, jmdmt iabzmbmt ~}~ mq}hwf~ anz}alhsajf~
zabzf a bhvml katjpatm nfif ~fozpatm wata kanmt otmbzm a la~
aimbasa~ m{h~zmbzm~ mb Hbzmtbmz"
Ml wtfvmmjft }zhlhsa imnabh~if~ nfif la vhtz}alhsanhb x la ~m`imbzanhb jm jazf~ wata
tmoftsat la ~m`}thjaj jm ~}~ ~mtvhnhf~ mb la b}dm"
La vhtz}alhsanhb w}mjm ~mt vh~za nfif }ba oftia jm a}imbzat la ~m`}thjaj jmlf~ wtfnm~f~ q}m ~m mcmn}zab mb la b}dm" _atha~ iq}hba~ vhtz}alm~ w}mjmb ~mt
mcmn}zaja~ mb }b bhnf ~mtvhjft wmtf naja iq}hba vhtz}al mcmn}za }b ~h~zmia
fwmtazhvf jm oftia ah~laja" Ml m~wanhf jm imiftha x jh~nf m~zb nfbztflajf~ wft
}b khwmtvh~ft4=
Ml iaxft thm~`f al q}m jmdm mbo tmbzat~m ml wtfvmmjft jm ~ mtvhnhf~ mb n}abzf a
m~zm imnabh~if m~ ml nfbztfl x mlhihbanhb jml ~fozpatm ialhbzmbnhfbajf q}m
wtmzmbja d}tlat la~ wtfzmnnhfbm~ jml khwmtvh~ft wata zmbmt annm~f a fz ta~iq}hba~ vhtz}alm~ f hbnl}~f al ~h~zmia abohzthb"
q}m hiwhjm q}m lf~ wtfnm~f~ mcmn}zajf~ mb jh ~zhbza~ iq}hba~
vhtz}alm~ w}mjab hbzmtanz}at mbztm mllf~"
La jm~lfnalhsanhb jm l f~ jazf~ m~ }ba natanzmt~zhna q}m zaidhb w}mjm ~mt
m{wlfzaja nfif }b imnabh~if jm ~m`}thjaj mb ~ ih~ia" La ~m`imbzanhb jm
jazf~ wmtihzm q}m lf~ jazf~ jm }b nlhmbzm tm~hjab mb jhomtmbzm~ ~mtvhjftm~, hbnl}~f
mb jhomtmbzm~ nmbztf~ jm jazf~" Jm m~za oftia ~m wtfzm`mb jhnkf~ jazf~ otmbzm a
}b khwfzzhnf tfdf mb la~ hb~zalanhfbm~ jml wtfvmmjft jm ~mtvhnhf~"
Ajmi~, al wfjmt iabzmbmt lf~ jazf~ mb vatha~ lfnalhsanhfbm~ jm oftia
~hi}lzbma, ~m jh~wfbm jm }b ~h~zmia jm nfwha~ jm ~m`}thjaj wtnzhnaimbzm mb
zhmiwf tmal" A~, abzm oallf~ jm ~ m`}thjaj, ~m w}mjm tmn}wmtat twhjaimbzm la
anzhvhjaj, wmtihzhmbjf la nfbzhb}hjaj jml bm`fnhf"
4= Khwmtvh~ft3 wlazaoftia jm vhtz}alhsanhb q}m wmtihzm }zhlhsat, al ih~if zhmiwf, jhomtmbzm~ ~h~zmia~ fwmtazhvf~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
28/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 4; jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
="4 ^M@]THJAJ WFT WATZM JML NLHMBZM
Wft ~} watzm, ml nlhmbzm m~ tm~wfb~adlm jm iabzmbmt ml
~h~zmia fwmtazhvf anz}alhsajf m h b~zalat lf~ watnkm~ jm~m`}thjaj q}m awatmsnab" H`}alimbzm m~ bmnm~athf
iabzmbmt wflzhna~ jm ~m`}thjaj ztajhnhfbalm~ nfif ml
nfbztfl jm }~}athf~, ml dfttajf jm n}mbza~ jm }~}athf q}m xa
bf ~m }zhlhsab, f la tmvh~hb jml ~fozpatm wata nfiwtfdat q}m
bf zhmbm v}lbmtadhlhjajm~, mbztm fzta~"
Lf~ imnabh~if~ m~wmnohnf~ q}m w}mjm ajfwzat ml nlhmbzm wata tmoftsat la ~m`}thjaj mb la
b}dm mb`lfdab ml nfbztfl wmthimztal, la nthwzf`taoa x la `m~zhb jm lf`~ f atnkhvf~ jm
tm`h~ztf jm mvmbzf~"
Wft watzm jml nlhmbzm, }bf jm lf~ whlatm~ jm la ~m`}thjaj hboftizhna m~ ml nfbztfl
wmthimztal" Wata llmvatlf a nadf, m~ tmnfimbjadlm la hb~zalanhb x nfboh`}tanhb
jm }b ohtmpall f nftzao}m`f~, awlhnanhb hboftizhna q}m ~m mbnat`a jm ifbhzfthsat
zfja~ la~ nfi}bhnanhfbm~ q}m ~m tmalhsab jm~jm f kan ha ml mq}hwf f la tmj x
jmnhjm ~h la~ wmtihzm jmwmbjhmbjf jm la~ tm`la~ m~zadlmnhja~ wft ml ajihbh~ztajft
jml ~h~zmia"
Wata aajht fztf bhvml jm ~m`}thjaj jm t mj, m~ h`}alimbzm tmnfimbjadlm la
hb~zalanhb x nfboh`}tanhb jm }b Hbzt}~hfb Jmzmnzhfb ^x~zmif HJ^4?
La nthwzf`taoa m~ fztf jm lf~ imnabh~if~ q}m va a c}`at }b wawml wtfza`fbh~za
mb ml }~f jm lf~ ~mtvhnhf~ mb la b}dm" La nthwzf`taoa wtfwftnhfba }b bhvml ~}wmthft
jm ~m`}thjaj mb ztm~ a~wmnzf~ wthbnhwalm~3
" ]b HJ^ m~aq}mlla awlhnanhb hboftizhna q}m bf ~flf dlfq}ma f wmtihzm nfbm{hfbm~ ~hbf q}m
abalhsa jhnka~ nfbm{hfbm~ wata jmzmnzat ~h al`}ba jm ml la~ m~ wftzajfta jm
nfbzmbhjf wmlh`tf~f wata ml mq}hwf f wata la tmj" Ajmi~ m~ nawas jm nazm`fthsat
la~ jh~zhbza~ aimbasa~ m hboftiat al ajihbh~ztajft jml ~h~zmia ~h`}hmbjf }ba lh~za
jm tm`la~ x km}t~zhna~"
f Wtfzmnnhb jm la~ nfbm{hfbm~ jm Tmj mbztm lf~ }~}athf~ x la~
awlhnanhfbm~ mb la b}dm" Ml }~f jm ^mn}tm ^fnemz~ Laxmt +^^L(40 x
Ztab~wftz Laxmt ^mn}thzx+ZL^(4;
4?Hbzt}~hfb Jmzmnzhfb x~zmif h~zmia jm Jmzmnnhb jm Hbzt}~hfbm~"
wmtihzmb q}m zfjf~ lf~ jazf~ q}m vhacmb
40^mn}tm fnemz~ Laxmt3 Wtfzfnflf jm Nawa jm Nfbm{hb ^m`}ta" Wtfwftnhfba a}zmbzhnanhb x wthvanhjaj jm la hboftianhbmbztm m{ztmif~ ~fdtm Hbzmtbmz imjhabzm ml }~f jm nthwzf`taoa"
4;Ztab~wftz Laxmt ^mn}thzx3 ^m`}thjaj jm la Nawa jm Ztab~wftzm" Nfb~h~zm mb }b wt fzfnflf nthwzf`tohnf q}m wtfwftnhfbanfi}bhnanhfbm~ ~m`}ta~ a ztav~ jm Hbzmtbmz" ZL^ m~ }b wtfzfnflf hbjmwmbjhmbzm q}m wmtihzm a lf~ wtfzfnflf~ jm bhvmlm~
~}wmthftm~ anz}at wft mbnhia jm l jm iabmta ztab~watmbzm" Da~ajf mb ^^L jm Bmz~nawm >"7, ZL^ ~}wfbm la mvfl}nhb jm~} wtmjmnm~ft, ~h dhmb bf ~fb fwmtadlm~ mbztm ~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
29/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba 48 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
jm~jm ml ~mtvhjft mb la b}dm ka~za ml }~}athf m~zb nhotajf~ hiwhjhmbjf ~}
annm~f a z mtnmta~ wmt~fba~ hbnl}~f n}abjf ~m }zhlhsa }ba t mj Ph)Oh bf
~m`}ta"
Hl}~ztanhb :3 Nmtzhohnajf ^^L jm Aiasfb"nfi
f Wtfzmnnhb jm la~ nfbm{hfbm~ mbztm lf~ ajihbh~ztajftm~ jml ~h~zmia x
lf~ ~mtvhnhf~ jm la b}dm" Mb m~zm na~f, ml }~f jm ^mn}tm ^kmll+^^K(48 x
_htz}al Wthvazm Bmzpfte+_WB(>7 wmtihzht a lf~ ajihbh~ztajftm~ jml ~h~zmia
f jm~attfllajftm~ jm l a~ awlhnanhfbm~ iabzmbmt }ba n abal ~m`}tf jmnfi}bhnanhb nfb lf~ ~h~zmia~ mb la b}dm"
Hl}~ztanhb =3 Wtfzmnnhb jm nfbm{hfbm~ mb nlf}j nfiw}zhb`
48^mn}tm kmll3 Hbztwtmzm jm tjmbm~ ~m`}ta" M~ ml bfidtm jm }b wtfzfnflf x jml wtf`taia q}m lf hiwlmimbza, x ~htvm wataannmjmt a iq}hba~ tmifza~ a ztav~ jm }ba tmj"
>7_htz}al Wthvazm Bmzpfte3 ]ba Tmj Wthvaja _htz}al" M~ }ba zmnbflf`a jm tmj q}m wmtihzm }ba m{zmb~hb jm la tmj lfnal~fdtm }ba tmj wdlhna f bf nfbztflaja, nfif wft mcmiwlf Hbzmtbmz"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
30/42
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
31/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >1 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
? WTH_ANHJAJ MB LA B]DM
La hboftianhb m~ ml anzhvf i~ hiwftzabzm jm la~ ft`abhsanhfbm~" A~m`}tat la wthvanhjaj
jm la hboftianhb j}tabzm ~} nhnlf jm vhja m~ nt}nhal a la kfta jm }zhlhsat ~mtvhnhf~ jm nlf}j
nfiw}zhb`"
?"1 WTFZMNNHB JM JAZF^
Ml nhnlf jm vhja q}m ~h`}mb lf~ jazf~ q}m ~fb wtfnm~ajf~ mb la b}dm m~ ml ~h`}hmbzm3
Lf~ jazf~ ~fb wtmwatajf~ wata wfjmt ajawzat~m a la b}dm ajawzabjf ~}
oftiazf f ntmabjf }b ohnkmtf q}m nfbzmb`a zfja la hboftianhb bmnm~atha"
Lf~ jazf~ vhacab a la b}dm a ztav~ jm }ba nfbm{hb a Hbzmtbmz, imjhabzm }b
nfttmf mlmnztbhnf, }ba awlhnanhb m~wmnohna wata hiwftzatlf~ f la ztab~omtmbnha ala b}dm jm la nfwha jm ~m`}thjaj fdzmbhja jm }b ~mtvhjft mb la ft`abhsanhb"
Lf~ jazf~ ~fb wtfnm~ajf~ mb la b}dm, jm~jm ~} alianmbaihmbzf ka~za ml
nln}lf jm nfiwlmca~ fwmtanhfbm~ iazmizhna~" M~ hiwftzabzm imbnhfbat q}m lf~
jazf~ w}mjmb alianmbat~m mb nfwha~ jm ~ m`}thjaj mb l a b}dm wat a oanhlhzat
o}z}tf~ annm~f~"
Lf~ jazf~ ohbalm~ vhacab jm v}mlza al }~}athf" ]ba vms zmtihbajf ml
wtfnm~aihmbzf, ml tm~}lzajf jmdm v flvmt al }~}athf nfb ml valft aajhjf jm l a
hboftianhb `mbmtaja mb la b}dm"
Ml imtf kmnkf jm q}m lf~ jazf~ adabjfbmb l a ft`abhsanhb w}mjm nfb~zhz}ht }b thm~`f
jm~jm ml w}bzf jm vh~za jm la wthvanhjaj3 }b }~}athf ialhbzmbnhfbajf wfjta hbzmtnmwzat
lf~ jazf~ ihmbzta~ m~zb ~hmbjf ztab~omthjf~ wft Hbzmtbmz" Hbnl}~f ~h bf ~fb hbzmtnmwzajf~,
m~zb ~hmbjf alianmbajf~ x wtfnm~ajf~ mb }ba hbotam~zt}nz}ta hboftizhna acmba al
nfbztfl jml }~}athf"
Lf~ imnabh~if~ wata ihbhihsat m~zf~ thm~`f~ jm wthvanhjaj ~fb i}x ~mbnhllf~" Abzm~ jm
ih`tat lf~ wtfnm~f~ a la b}dm nfbvhmbm wtm`}bzat~m3 M~ tmalimbzm bmnm~athf q}m zfjf~
lf~ jazf~ jm la ft`abhsanhb wa~mb a m~zat mb la b}dm6" Ml ~h`}hmbzm mcmiwlf anlata m~zm
hbzmttf`abzm"
Ml kmnkf jm q}m lf~ jazf~ adabjfbmb la ft`abhsanhb w}mjm nfb~zhz}ht }b
thm~`f jm~jm ml w}bzf jm vh~za jm la wthvanhjaj
?" Wthvanhjaj mb la b}dm
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
32/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >4 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
]ba miwtm~a mbnat`aja jm ztaihzat la~ bihba~ jm miwlmajf~ jmnhjm }zhlhsat ~mtvhnhf~
mb la b}dm" M~za miwtm~a zhmbm da~m~ jm jaz f~ jm i hlm~ jm z tadacajftm~ nfb JBH,
bfidtm, jhtmnnhb wf~zal, ~}mljf dt}zf, w}m~zf jm ztadacf, wftnmbzacm jm tmzmbnhfbm~,
bimtf jm kf ta~ ztadacaja~, mzn" La fwmt anhb iazmizhna q}m m~za miwtm~a jm~ma
tmalhsat mb la b}dm m~ ml nln}lf jml ~}mljf bmzf q}m jmdm ~mt mbztm`ajf a naja miwlmajf
a ohbal jm im~" M~ bmnm~athf q}m zfjf~ lf~ jazf~ jm lf~ miwlmajf~ ~mab ih`tajf~ a la
b}dm6 Tmalimbzm ~m bmnm~hza ml JBH jm }b miwlmajf wata jm~nfbzatlm ml wftnmbzacm jm
HTWO6
]ba ~fl}nhb ~m`}ta m~ mbvhat a la b}dm ~flf lf~ jazf~ bmnm~athf~ wata tmalhsat ml nln}lf
jml ~alathf q}m ~fb ml ~}mljf dt}zf x ml wftnmbzacm jm tmzmbnhfbm~" Mb l}`at jm mbvhat a la
b}dm ml bfidtm f ml JBH wata hjmbzhohnat al ztadacajft, ~m ntma }b b}mvf hjmbzhohnajft +wft
mcmiwlf }b bimtf( q}m wmtihzm a~h`bat nfttmnzaimbzm ml b}mvf valft a naja ztadacajft"Jm m~zm ifjf, ~m hiwhjm a }b wf~ hdlm azanabzm q}m hbzmtnmwzm la~ nfi}bhnanhfbm~
ztaj}nht m~f~ jazf~" Ajmi~, ml wtfvmmjft jm ~ mtvhnhf~ mb l a b}dm b}bna zmbjt jazf~
~mb~hdlm~ mb ~}~ ~h~zmia~, ~flf nfbzmbjt valftm~ iazmizhnf~ ~hb ~admt a q}hb
wmtzmbmnmb f q} nfbzhmbmb"
?"4 HBZM@THJAJ
Iabzmbmt }ba nfttmnza hbzm`thjaj jm lf~ jazf~ ~h`bhohna q}m m~zf~ wmtiabmnmb hjbzhnf~
j}tabzm la~ fwmtanhfbm~ jm ztab~omtmbnha, alianmbaihmbzf f tmn}wmtanhb" Mb ml idhzf
jml nlf}j nfiw}zhb`, la hbzm`thjaj jm lf~ jazf~ m~ m~wmnhalimbzm ntzhna3 lf~ jazf~ m~zb
~hmbjf ztab~omthjf~ nfb~zabzmimbzm mbztm lf~ ~mtvhnhf~ mb la b}dm x lf~ jh~zhbzf~ }~}athf~
q}m annmjmb a mllf~"
Jmdhjf a la~ natanzmt~zhna~ jm la nfiw}zanhb mb la
b}dm, vathf~ }~}athf~ w}mjmb m~zat annmjhmbjf
~hi}lzbmaimbzm x ifjhohnabjf jmzmtihbaja
hboftianhb" Wft mllf, jmdmb h iwlmimbzat~m lf~
imnabh~if~ q}m `atabzhnmb la nfttmnza hbzm`thjaj jm lf~
jazf~"
La iaxft aimbasa wata la hbzm`thjaj jm lf~ jazf~ mb la b}dm m~ q}m lf~ jazf~ ~m anadmb
nfttfiwhmbjf jmdhjf a mttftm~ mb ~} iabhw}lanhb" ^h bf ~m jmzmnza q}m ka kadhjf }b
wtfdlmia mb la ztab~omtmbnha x lf~ jazf~ ~m alianmbab mttbmaimbzm, la wt{hia vms q}m
ml }~}athf q}hmta annmjmt a mllf~ bf wfjt }zhlhsatlf~"
Wata mvhzat q}m lf~ jazf~ mb la b}dm bf w}mjab }zhlhsat~m f q}m bf m~zb jh~wfbhdlm~ ~m
}zhlhsab wthbnhwalimbzm ztm~ imnabh~if~3 nfbztfl jm hbzm`thjaj, `m~zhb jm naidhf~ x
nfwha~ jm ~m`}thjaj"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
33/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >> jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
Ml nfbztfl jm hbzm`thjaj kanm }~f jm o}bnhfbm~ iazmizhna~ +o}bnhfbm~ tm~}imb
f ka~k( wata vmthohnat q}m lf~ jazf~ bf kab ~}othjf ifjhohnanhfbm~ j}tabzm ~}
zta~lajf" Ml wtfnm~f nfb~h~zm mb fdzmbmt }b valft wata la o}bnhb ka~k abzm~ jm
ifvmt ml jazf x fztf n}abjf ~m ka z mtihbajf jm i fvmt" ^h jhnkf~ valftm~ bf
nfhbnhjmb m~ q}m ka kadhjf }b wtfdlmia mb la ztab~annhb x jmdm ~mt tmwmzhja" Mb
ml na~f jml nlf}j nfiw}zhb`bf ~m }zhlhsab o}bnhfbm~ tm~}imb ~flf wata ohnkmtf~,
~hbf zaidhb wata iq}hba~ vhtz}alm~ nfiwlmza~ f wata la~ nfwha~ jm ~m`}thjaj"
La `m~zhb jm naidhf~ iabzhmbm }b kh~zfthal jm i fjhohnanhfbm~ jm lf~ jazf~ f
ohnkmtf~ alianmbajf~ mb la b}dm" Naja ifjhohnanhb llmva a~fnhaja }b ~ mllf jm
omnka x ml }~}athf q}m lf wtfj}cf" ^h ~m jmzmnza q}m vathf~ }~}athf~ kab
ifjhohnajf ml tmn}t~f a la vms ~m w}mjm abalhsat ml ~mllf jm omnka wata nfiwtfdat
q} vmt~hb zhmbm valhjms" Jml ih~if ifjf, ~h ~m jmzmnza }b mttft jm hbzm`thjaj mbml tmn}t~f ~m w}mjm vflvmt a }ba vmt~hb abzmthft q}m ~ma nfttmnza"
La~ nfwha~ jm ~m`}thjaj ~fb la lzhia lbma jmomb~hva wata `atabzhsat la
hbzm`thjaj jm lf~ jazf~" ]zhlhsabjf ajmn}ajaimbzm la~ kmttaihmbza~ mb la b}dm ~m
w}mjmb wtf`taiat nfwha~ jm ~m`}thjaj naja nhmtzf zhmiwf" ^h ~m jmzmnza }b oallf
jm hbzm`thjaj a bh vml `mbmtal, la bhna oftia jm ~fl}nhfbatlf m~ vflvmt a }ba
vmt~hb abzmthft jml ~h~zmia alianmbaja mb la nfwha jm ~m`}thjaj"
?"> NFBZTFL JM ANNM^F
H`}al q}m ~}nmjm nfb la~ atq}hzmnz}ta~ ztajhnhfbalm~, ml nfbztfl jm annm~f zaidhb c}m`a
}b wawml hiwftzabzm mb ml nlf}j nfiw}zhb`" A}bq}m m~za zmnbflf`a ~m tmwtm~mbzm
hboftialimbzm nfif }ba b}dm a l a q}m ~m nfbmnza zfjf ml i}bjf jm~jm ~}~ mq}hwf~
+zabzf ohcf~ nfif jh~wf~hzhvf~ ivhlm~(, bf ~h`bhohna mb
ad~fl}zf q}m n}alq}hmt wmt~fba w}mja an nmjmt a
n}alq}hmt jazf f wtfnm~f mb la b}dm"
M~ bmnm~athf jh~zhb`}ht nlataimbzm mbztm lf~ ~mtvhnhf~
q}m ~m fotmnmb jm oftia lhdtm x `taz}hza mb la b}dm x la}zhlhsanhb jm t mn}t~f~ mb l a b}dm wata ohbm~
wmt~fbalm~ f miwtm~athalm~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
34/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >: jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
^m w}mjmb }z hlhsat ~h~zmia~ jm n fttmf mlmnztbhnf mb l a b}dm, nfif @iahl f I ^B
Kfziahl, x m~f bf ~h`bhohna q}m n}alq}hmt wmt~fba w}mja lmmt ml nfttmf jm fzta lhdtmimbzm"
A}bq}m zal vms ml mcmiwlf i~ nfiwlmzf wata kadlat jml nfbztfl jm annm~f mb la b}dm ~ma
Whna~a" Whna~a m~ }b ~h~zmia jm alianmbaihmbzf x ft`abhsanhb `taz}hzf jm ofzf~ mb la
b}dm" N}abjf ~m va a ntmat }b b}mvf ld}i jm zfjf~, ml }~}athf zhmbm la wf~hdhlhjaj jm
mlm`ht ~h m~a~ ofzf~ ~mtb wdlhna~ x vh~hdlm~ wata zfjf ml i}bjf, ~flf wfjtb ~mt vh~za~
wft }b nfbc}bzf jm wmt~fba~ f ~h m~ }ba `almta wthvaja a la q}m ~flf ml }~}athf zmbjt
annm~f" Mb m~zm na~f nfbntmzf, m~ ml }~}athf jm Whna~a ml q}m m~zadlmnm la wflzhna jm
nfbztfl jm an nm~f }zhlhsabjf ml ~h~zmia nfif }b m{wf~hzft jm h i`mbm~ wata zfjf ml
i}bjf f nfif }b ~h~zmia jm dane}w~ wthvajf jm ofzf~"
M{zmbjhmbjf ml mcmiwlf abzmthft, n}abjf }ba miwtm~a f mbzhjaj }zhlhsa la~ nawanhjajm~
jm la nfiw}zanhb mb la b}dm, bmnm~hza q}m ml ajihbh~ztajft jml ~h~zmia m~zadlmsna }b
nfttmnzf nfbztfl jm annm~f wata `atabzhsat q}m lf~ }~}athf~ ~flf }zhlhsab lf~ jazf~ f
wtfnm~f~ wata lf~ q}m kab ~hjf a}zfthsajf~"
?": WTM_MBNHB OTMBZM A WTJHJA
]bf jm lf~ iaxftm~ thm~`f~ a lf~ q}m ~m mbotmbza zfjf ~h~zmia hboftizhnf m~ la wtjhja
jm jazf~, xa ~ma wftq}m }b }~}athf ka dfttajf hboftianhb annhjmbzalimbzm, wftq}m kaxa
}b oallf mb al`b jh~wf~hzhvf katjpatm f wft n}lwa jm }b azaq}m hboftizhnf" Wmtjmt lf~
jazf~ bf ~flf ~h`bhohna zmbmt q}m tmkanmt watzm jml ztadacf tmalhsajf, ~hbf q}m mb i}nkf~
na~f~ w}mjm ~h`bhohnat n}abzhf~a~ wtjhja~ mnfbihna~" La ~fl}nhb a m~zm wtfdlmia ~m
mbofna jm~jm jf~ w}bzf~ jm vh~za wthbnhwalm~"
Wft }b lajf, }ba nfttmnza wflzhna jm ~m`}thjaj lhihza la lhdmtzaj jm lf~ }~}athf~
wata dfttat mlmimbzf~ jml ~h~zmia, wtfzm`m lf~ mq}hwf~ abzm ml azaq}m jm ~fozpatm
ialhbzmbnhfbajf x ajmi~ hiwhjm q}m wmt~fba~ acmba~ a la ft`abhsanhb annmjab
f nfttfiwab lf~ jazf~" Ml wtfvmmjft jm ~mtvhnhf~ ~m mbnat`a jm ~fl}nhfbat zfjf~
lf~ wtfdlmia~ tmlanhfbajf~ nfb lf~ nfiwfbmbzm~ mlmnztbhnf~" ^h jmzmnza }b oallf
mb }bf jm l f~ mq}hwf~ jmbztf jm ~ }~ hb~zalanhfbm~, a}zfizhnaimbzm lf a~la x
zfjf~ lf~ wtfnm~f~ q}m ~m mcmn}zab mb l ~m ih`tab a fzta iq}hba q}m bf zmb`awtfdlmia~" M~zm wtfnm~f w}mjm j}tat zab ~flf }bf~ ihb}zf~ m hbnl}~f tmalhsat~m
~hb nftzat ml ~mtvhnhf, wmtihzhmbjf }ba jh~wfbhdhlhjaj hbhbzmtt}iwhja jm lf~ ~mtvhnhf~
mb la b}dm"
Wft fzta watzm, }ba nfttmnza wflzhna jm nfwha~ jm ~m`}thjaj wmtihzm tmn}wmtat
lf~ jazf~ ab n}abjf zfja~ la~ imjhja~ jm ~ m`}thjaj kab oallajf f n }abjf ~m
wtfj}nm }ba av mta mb }b n fiwfbmbzm katjpatm" Zfjf~ lf~ wtfvmmjftm~ jm
~mtvhnhf~ mb la b}dm fotmnmb ~h~zmia~ jm n fwha~ jm ~ m`}thjaj jm o ftia
nfiwlmzaimbzm ztab~watmbzm wata ml }~}athf" Zab ~ flf m~ bmnm~athf ~mlmnnhfbatlf~ anzhvf~ q}m ~m q}hmtmb wtfzm`mt x la wmthfjhnhjaj nfb la q}m ~m jm~mab m~za~
nfwha~" La t mn}wmtanhb otmbzm a }b azaq}m w}mjm ~mt zab ~mbnhlla nfif la
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
35/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >= jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
tm~za}tanhb jm }b ~baw~kfz +nfwha hb~zabzbma jm vfl}imb( abzmthft jm la
iq}hba vhtz}al"
La~ natanzmt~zhna~ abzmthftimbzm m{w}m~za~ wmtihzmb jh~wfbmt jm }b ~h~zmia tfd}~zfwtmwatajf wata tmalhsat }ba n fttmnza tmn}wmtanhb otmbzm a jm~ a~ztm~, m~ jmnht,
a~m`}tabjf la nfbzhb}hjaj jml bm`fnhf"
Wft lzhif, m{h~zm fzta vmbzaca tmlazhva a lf~ jh~wf~hzhvf~
wftzzhlm~, naja vms i~ }zhlhsajf~ mb la~ miwtm~a~ x
jm~jm lf~ q}m ~m annmjm a l a hboftianhb jm l a
ft`abhsanhb3 ftjmbajftm~ wftzzhlm~, ]^D~, ivhlm~,
mzn" M~zf~ jh~wf~hzhvf~ w}mjmb ~ mt tfdajf~ } flvhjajf~
m{wfbhmbjf `tabjm~ nabzhjajm~ jm ja zf~ a wmt~fba~nfiwlmzaimbzm acmba~ a la ft`abhsanhb" ^h ~m }zhlhsab
~h~zmia~ mb la b}dm, a}bq}m ~m whmtja }b zmlofbf ivhl
f al`}hmb tfdm }b wf tzzhl, la hboftianhb wmtiabmnmt
hbannm~hdlm wata zmtnmtf~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
36/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >? jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
0 WA^F^ WATA MBZTAT MB LA B]DM
]ba vms q}m ~m ka mbzmbjhjf nif o}bnhfba ml nlf}j nfiw}zhb` x la~ jh~zhbza~
wf~hdhlhjajm~ q}m fotmnm, m~ ml ifimbzf jm wmb~at mb ~h tmalimbzm la miwtm~a f mbzhjaj
~m w}mjmb dmbmohnhat jm mllf~" ]b wf~hdlm m~q}mia wata la zfia jm jmnh~hfbm~ m~ ml~h`}hmbzm>43
Hl}~ztanhb 03 M~q}mia jm zfia jm jmnh~hfbm~
Lf~ ~h`}hmbzm~ awatzajf~ hbnl}xmb lf~ jh~zhbzf~ wa~f~ q}m ~m jmdmb ~m`}ht wata jat ml
~alzf a la b}dm3
0"1 ABLH^H^ JM BMNM^HJAJM^ X FWFTZ]BHJAJM^
Mb wthimt l}`at, la miwtm~a f mbzhjaj jmdm fd~mtvat3
La~ natanzmt~zhna~ jm ~} anzhvhjaj3
f tma~ jm bm`fnhf ajmn}aja~ wata la ih`tanhb"
f Nfbc}bzf jm }~}athf~ q}m ~m awtfvmnkatb jm la~ fwftz}bhjajm~ jml nlf}j
nfiw}zhb`" Wft mcmiwlf, wmt~fba~ q}m ztadacab mb tmifzf f }~}athf~ q}m
vhacab i}nkf" ^m jmdm zmbmt mb n}mbza la~ bmnm~hjajm~ jm jhnkf `t}wf jm
}~}athf~ x la~ wf~hdhlhjajm~ jm q}m ~m ajawzmb dhmb a la~ ~fl}nhfbm~
da~aja~ mb la b}dm"
f Wtm~}w}m~zf3 }zhlhsabjf la~ awlhnanhfbm~ mb la b}dm ~m w}mjm akfttat }ba
nabzhjaj hiwftzabzm jm jhbmtf mb la nfiwta jm lhnmbnha~ jm ~fozpatm" Wft>4 _mt bfza al whm ="
0"Wa~f~ wata mbztat mb la b}dm
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
37/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >0 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
lf zabzf, }b d}mb w}bz f jm wat zhja wfjta ~mt la }zhlhsanhb jm ~ }hzm~
fohizhna~ mb la b}dm mb l}`at jm nfiwtat m hb~zalat }ba ~}hzm fohizhna wft
naja mq}hwf jm la ft`abhsanhb"
Hl}~ztanhb ;3 Mcmiwlf jm valftanhb jm vathadlm~ fwmtazhva~
Lf~ watimztf~ jm ~m`}thjaj x zflmtabnha a oallf~ q}m naja ft`abhsanhb jmdm
jmohbht mb ~} ifjmlf hjmal jm nlf}j nfiw}zhb`~m m~zt}nz}tab mb n}aztf nazm`fta~3
f Wtmwatanhb jm la ft`abhsanhb wata wtfwftnhfbat }b bhvml anmwzadlm jm
~mtvhnhf a l a vms q}m wtfzm`mb la nfbohjmbnhalhjaj m h bzm`thjaj jm l a
hboftianhb"
f Mbztm`a jml ~mtvhnhf3 nawanhjaj jm l f~ ~h~zmia~ wata wtfwftnhfbat lf~
~mtvhnhf~ jm an}mtjf nfb lf~ tmq}h~hzf~ m~zadlmnhjf~ mb ml an}mtjf jm
~mtvhnhf"
f Tm~w}m~za x tmn}wmtanhb3 nthzmthf~ wata imjht la nawanhjaj jml ~h~zmia
wata tm~za}tat~m mb na~f jm hbnhjmbzm~ f oallf~"
f N}iwlhihmbzf lm`al x bftiazhvf m~wmnohnf"
Bhvmlm~ jm ~mtvhnhf x ifjmlf~ jm jm~wlhm`}m" Mb da~m a lf~ awatzajf~ 1">
Bhvmlm~ jml ~mtvhnhfx 1": Ifjmlf~ jm jm~wlhm`}m jm ~mtvhnhf~"
Mb da~m a l f~ watimztf~ m~zadlmnhjf~, ~m llmva a n adf }b ablh~h~ JAOF, wata
hjmbzhohnat la~ jmdhlhjajm~, aimbasa~, oftzalmsa~ x fwftz}bhjajm~ jm naja ifjmlf jm b}dmwata la ft`abhsanhb" M~zm ablh~h~ jmdm ~ mt }b ibhif q}m la mbzhjaj w}mjm
nfiwlmimbzat nfb izfjf~ i~ m{ka}~zhvf~, nfif ml ablh~h~ jm thm~`f~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
38/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba >; jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
Nfb m~zm ablh~h~, la ft`abhsanhb jmdm fdzmbmt la hboftianhb wata hjmbzhohnat ml
ifjmlf jm b}dm i~ awtfwhajf wata naja nhtn}b~zabnha"
0"4 FOMTZA JM ^MT_HNHF^ MB LA B]DM
^h ~m jmnhjm q}m la~ natanzmt~zhna~ jml bm`fnhf f mbzhjaj tmq}hmtmb }ba ~fl}nhb da~aja
mb ml nlf}j nfiw}zhb`, ml ~h`}hmbzm wa~f fdlh`azfthf m~ m~z}jhat n}hjajf~aimbzm la~
jh~zhbza~ fwnhfbm~ m{h~zmbzm~ mb ml imtnajf"
Kax i}nka~ miwtm~a~ m~wmnhalhsaja~ mb ~ mtvhnhf~ jm nlf}j kf~zhb` q}m llmvab af~
ztadacabjf nfb m~za zmnbflf`a, ihmbzta~ q}m kax miwtm~a~ jm kf~zhb` ztajhnhfbal q}m
miwhmsab a fomtzat jh~zhbzf~ waq}mzm~ jm o}bnhfbalhjajm~ mb la b}dm" Wft fzta watzm, la~
`tabjm~ i}lzhbanhfbalm~ jml ~fozpatm nfif Ihntf~foz, Aiasfb f @ff`lm jh~wfbmb jm }ba
`tab fomtza jm ~mtvhnhf~ mb la b}dm q}m w}mjmb ~mt awlhnajf~ twhjaimbzm a la~bmnm~hjajm~ nfbntmza~ jml nlhmbzm"
0"> TM^WFB^ADHLHJAJ X ZTIHBF^ JM ]^F
Nfif mb zfjf an}mtjf miwtm~athal, la tmlanhb mbztm ml wtfvmmjft jm ~mtvhnhf~ mb la b}dm
x ml nlhmbzm +mb m~zm na~f, ml nfbztazabzm( jmdm m~zat tm`}laja wft }b nfbztazf" M~zm
nfbztazf jmdm jmohbht nlataimbzm la wf~hnhb jm naja }ba jm l a~ watzm~ a~ nfif ~}~
tm~wfb~adhlhjajm~ x fdlh`anhfbm~"
Lf~ ztihbf~ jm }~f ~m mbnat`ab jm jmohbht la~ m~wmnhohnanhfbm~ znbhna~ i~hiwftzabzm~ tmlanhfbaja~ nfb la mbztm`a x la nalhjaj jml ~mtvhnhf" M~za~ lzhia~
m~zadlmnmb lf~ bhvmlm~ jm tmbjhihmbzf x jh~wfbhdhlhjaj `atabzhsajf~ wft ml wtfvmmjft"
M~ hiwftzabzm w}bz}alhsat q}m mb fztf zhwf jm an}mtjf~ nfimtnhalm~, lf~ nfbztazf~
~hmiwtm ~m bm`fnhab" Mb ml na~f jm lf~ wtfvmmjftm~ jm ~mtvhnhf~ mb la b}dm bf m{h~zm zal
anmtnaihmbzf jm wf~hnhfbm~" M~za~ miwtm~a~ i}m~ztab nlataimbzm la~ nfbjhnhfbm~ mb la~
q}m wtm~zab ~} ~mtvhnhf x m~ ml nlhmbzm ml q}m jmdm m~z}jhat n}hjajf~aimbzm naja }ba
jm mlla~ ka~za mbnfbztat la q}m imcft ~azh~oanm ~}~ bmnm~hjajm~"
La~ watzm~ jml nfbztazf mb la~ q}m ml nlhmbzm jmdm nmbztat ~} azmbnhb ~fb la~ ~h`}hmbzm~3
An}mtjf~ jm Bhvml jm ^mtvhnhf +^mtvhnm Lmvml A`tmmimbz~, ^LA~( nfb ~}~
nfttm~wfbjhmbzm~ hboftim~ wmthjhnf~"
Nfbohjmbnhalhjaj3 o}bjaimbzalimbzm mb la~ fwmtanhfbm~ jm zta~lajf jm jazf~ x
alianmbaihmbzf mb ~mtvhjftm~"
Jh~wfbhdhlhjaj" M~za nl}~}la m~wmnhohna ml bhvml jm jh ~wfbhdhlhjaj q}m ml
wtfvmmjft jm ~mtvhnhf~ ~m nfiwtfimzm a iabzmbmt" Bftialimbzm zfjf~ lf~wtfvmmjftm~ jm ~ mtvhnhf iabzhmbmb }b bh vml jm jh~wfbhdhlhjaj nmtnabf al 177-,
a}bq}m m~ wtfdadlm q}m al`}bf lf i}m~ztm mb kfta~ imb~}alm~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
39/42
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
40/42
@}a wata miwtm~a~3 ~m`}thjaj x wthvanhjaj jml nlf}j nfiw}zhb` W`hba :7 jm :4Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb
0": ]ZHLHSANHB JM IMNABH^IF^ JM IH@TANHB
Lf i~ hiwftzabzm a la kfta jm }zhlhsat lf~ ~mtvhnhf~ mb la b}dm
m~ zmbmt nlatf q} watzm jm lf~ anzhvf~ hboftizhnf~ vab a ~mtztab~omthjf~" Wata mllf, nfbvhmbm kanmt }b m~z}jhf jm la~
hiwlhnanhfbm~ jm ih`tat zfjf~ lf~ jazf~ x wtfnm~f~ a la b}dm"
Mb jhnkf m~z}jhf ~m jmdm ~fwm~at la nabzhjaj x ~mb~hdhlhjaj
jm lf~ jazf~ iabmcajf~" ^hmiwtm ~m jmdm wtfn}tat q}m lf~
jazf~ i~ ~mb~hdlm~ m~zb ~fimzhjf~ al i~ m~zthnzf nfbztfl
wata mvhzat q}m ~mab annmjhjf~ wft wmt~fba~ ~hb la jmdhja
a}zfthsanhb"
Ml wtfnm~f jm ih`tanhb w}mjm ~mt ~mn}mbnhal3
J}tabzm lf~ wthimtf~ ifimbzf~ jm }~ f jml nlf}j nfiw}zhb`, }ba fwnhb
tmnfimbjadlm m~ bf ih`tat a la b}dm lf~ jazf~ f wtfnm~f~ i~ ~mb~hdlm~,
ihmbzta~ q}m la~ awlhnanhfbm~ i~ wm~aja~ ~m zta~lajab a la b}dm" Wft mcmiwlf,
~m w}mjm hb~zalat ml ~mtvhjft pmd x nfttmf mb la b}dm wmtf iabzmbmt ml ~mtvhjft jm
da~m~ jm jazf~ mb lfnal"
]ba vms nfiwtfdaja ~h la oti}la o}bnhfba ~m w}mjm tmalhsat }ba ih`tanhb zfzal
a la b}dm, }zhlhsabjf lf~ imnabh~if~ jm awfxf q}m wtfwftnhfbab lf~ wtfvmmjftm~
jm ~mtvhnhf~ x a~ tmj}nht ~h`bhohnazhvaimbzm la nfiwlmchjaj jm la zatma" Naja }bfjm lf~ wtfvmmjftm~ jm ~mtvhnhf~ mb la b}dm zhmbm }b ~h~zmia wtfwhf jm ih`tanhb"
Mb al`}bf~ m~ ~}ohnhmbzm mbvhat }b miahl a }ba jhtmnnhb nfbntmza nfb lf~ jazf~
q}m ~m jm~mab ih`tat wata q}m zfjf o}bnhfbm nfttmnzaimbzm ihmbzta~ q}m mb
fztf~ na~f~ kax }ba hbzmtoas pmd mb la q}m ~m tmalhsa la nfboh`}tanhb"
Wata wmtihzht la nfttmnza nfbzhb}hjaj jm bm`fnhf m~ i}x hiwftzabzm iabzmbmt }ba
nfwha nfiwlmza jml ~h~zmia mb ml ifjmlf ztajhnhfbal j}tabzm }b zhmiwf" Mb
na~f jm q}m ~m jmzmnzmb wtfdlmia~ jm~w}~ jm tmalhsat la ih`tanhb a la b}dm, ~m
w}mjm vflvmt al ifjmlf ztajhnhfbal" Jm m~za oftia, ~m w}mjm ztadacat mb l anfttmnza hbzm`tanhb jm la~ awlhnanhfbm~ mb ml b}mvf ifjmlf jm oftia zta~watmbzm
wata lf~ }~}athf~"
8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
41/42
^`}mbf~ a ztav~ jm3
Pmd kzzw3&&fd~mtvazfthf"hbzmnf"m~
Wmtohl Oanmdffe Fd~mtvaHBZMNF
kzzw3&&ppp"oanmdffe"nfi&Fd~mtvaHBZMNF
Wmtohl Zphzzmt Fd~mtvaHBZMNF
kzzw3&&ppp"zphzzmt"nfi&Fd~mtvaHBZMNF
Wmtohl ^nthdj Fd~mtvaHBZMNF
kzzw3&&ppp"~nthdj"nfi&Fd~mtvaHBZMNF
Nabal Xf}z}dm Fd~mtvaHBZMNF
kzzw3&&ppp"xf}z}dm"nfi&Fd~mtvaHBZMNF
Dlf` jml Fd~mtvazfthf jm la ^m`}thjaj jm la Hboftianhb3
kzzw3&&ppp"hbzmnf"m~&dlf`~&hbzmnf&^m`}thjaj&Dlf`^m`}thjaj
Mbvabf~ z}~ nfb~}lza~ x nfimbzathf~ a3
fd~mtvazfthfGhbzmnf"m~
http://observatorio.inteco.es/http://www.facebook.com/ObservaINTECOhttp://www.twitter.com/ObservaINTECOhttp://www.scribd.com/ObservaINTECOhttp://www.youtube.com/ObservaINTECOhttp://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadhttp://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadmailto:[email protected]://twitter.com/ObservaINTECOmailto:[email protected]://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridadhttp://www.youtube.com/ObservaINTECOhttp://www.scribd.com/ObservaINTECOhttp://www.twitter.com/ObservaINTECOhttp://www.facebook.com/ObservaINTECOhttp://observatorio.inteco.es/8/3/2019 Gua para empresas: seguridad y privacidad del cloud computing
42/42
Top Related