cdpse-d2-infrastructure-cloud-computing

Cloud Computing

isaca-cdpse · framework · Production-ready

Drawn fromCDPSE Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Cloud Computing

Cloud Computing in Privacy Architecture is the discipline of designing, implementing, and governing privacy controls across cloud infrastructure — IaaS, PaaS, and SaaS — to protect personal data throughout its lifecycle. The discipline centers on the shared responsibility model: a contractual and technical division of privacy obligations between the cloud provider (infrastructure security) and the customer organization (data protection, access control, compliance). Privacy professionals must determine which controls belong to the provider, which belong to the organization, and where gaps arise — particularly when personal data crosses regions, cloud tiers, or vendor boundaries.

Where it stops · what it isn't

—IS: Privacy architecture decisions specific to cloud deployments — data residency, encryption key management, IAM configuration, DPA negotiation, vendor assessment, and cloud-native incident response.
—IS: Governance of shared responsibility matrices across IaaS (AWS EC2), PaaS (Azure App Service), and SaaS (Salesforce, Google Workspace) service models and their distinct privacy implications.
—IS NOT: General cloud security architecture — this cubelet focuses on personal data protection obligations, not network perimeter security or vulnerability management.
—IS NOT: A comprehensive regulatory compliance framework — this cubelet addresses cloud as an infrastructure context for applying privacy principles, not a substitute for GDPR, HIPAA, or CCPA legal analysis.
—IS NOT: Cloud performance engineering, cost optimization, or DevOps pipeline design, unless those concerns directly affect personal data handling.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Privacy Architecture — Infrastructure (CDPSE Domain 2)

REQUIRES

Shared Responsibility ModelData Processing Agreements (DPAs)Encryption (at rest and in transit)Identity and Access Management (IAM)

ENABLES

Data Residency and Sovereignty CompliancePrivacy Incident Response in Cloud Environments

RELATED TO

Data Classification and GovernanceVendor Assessment and Third-Party Risk

CONSTRAINS

Multi-Cloud and Hybrid Cloud Architecture Decisions

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.