With cloud compliance and standards regulations changing as often as the weather, how do cloud admins keep up? Unfortunately, there is no one answer -- but there are a number of different ways to attack it.
When users work together with their cloud computing service providers, staying on top of cloud regulations becomes easier. From keeping up-to-date on the latest regulations, such as PCI DSS and HIPAA, to ensuring that all of your cloud service requirements are being met, collaboration between cloud providers and consumers is the key. But what else do cloud admins need to know to meet cloud regulations?
With that question in mind, we've compiled our top five tips on cloud computing compliance and standards with the hope of shedding light on these vital pieces of the cloud puzzle.
5. Maintain cloud compliance in the enterprise -- or else
According to cloud expert Paul Korzeniowski, "compliance is a moving target." That being the case, companies need more than just a superficial perusal of cloud standards and compliance to protect themselves -- they must dig deep. Korzeniowski provides a checklist for companies to maintain their compliance, from staying abreast on regulations to using third-party encryption services.
Cloud security is imperative, and guidelines are put in place to help ensure data remains safe. Not following the standards set in place can lead to a security nightmare for companies -- just ask Target.
4. Don't let governance methods die after a cloud migration
Cloud standards and regulations don't disappear following a cloud migration, but many don't understand their role once their workloads are offloaded to a cloud provider. Cloud adoption changes a fundamental principal of governance -- your data is on-premises and controlled by your company -- so adapting to the changing cloud regulations can be confusing.
According to cloud expert Tom Nolle, there are certain steps to follow to ensure your compliance strategy is strong after a cloud transition. "It's critical to know whether you have governance practices that are 'fragile,' or might fall short of regulations in case you switch providers," says Nolle.
3. Cloud-first initiatives alleviate standards and compliance pain points
Despite many enterprise fears, public cloud does not have to be the "Wild West" of the IT world. A major concern for those considering cloud has been lack of control and security, especially with a public cloud. But, for trailblazers that took on the cloud-first approach, public cloud eased compliance and security debacles.
"The bane of my life is PCI compliance," said Phil Jones, vice president at Bluebird, a company that took a cloud-first approach. However, by standardizing on Amazon Web Services, Bluebird found it was far easier to comply with security guidelines, instead of worrying about, for example, keycard access to the data room and biometric security.
2. Understanding IT's role in cloud security and compliance
Everyone plays the blame game. No matter what happened, most people would rather place the blame outward than look inward. Cloud issues are no different, especially when it comes to regulation violations and compliance. Who is to blame for a cloud disaster: the cloud provider or the user? The judgment is not always clear, so understanding the responsibilities of both parties up front can simplify it.
The authors of Cloud Computing: Assessing the Risks, Jared Carstensen, Bernard Golden and J.P. Morgenthal, engage on the roles of the cloud provider and user, as well as how to develop a bond of trust between the two to keep a cloud secure and comply with the set standards.
1. Understanding cloud compliance issues
What information is stored in the cloud, and where? Who has access to it, and how? The answers to these questions, and a few more, are the key to understanding your position in maintaining cloud compliance. According to cloud expert Phil Cox, "Much of compliance is about ensuring proper controls over who has access to assets, what level of access they have and how those levels are maintained." These answers should be blueprinted in your cloud service-level agreement with a cloud provider as well as your company's in-house security and access protocols, so teamwork between you and your cloud provider can keep your cloud productive, compliant and, most importantly, secure.
Nicholas Rando is assistant site editor for SearchCloudComputing. You can reach him at firstname.lastname@example.org.