cloud-data

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance 

Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into the hands of the service provider. Additionally, the lines of responsibility between the service provider and the consumer remain blurred in most regulations, standards and frameworks though cloud has gone mainstream for even regulated workloads. However, in this era of business agility out we not to focus more on ways to relieve cloud audit burden?

cloud-data

It’s all About the Data

With end user digital empowerment and increased business agility it’s only to be expected that more rogue cloud services will abound. That’s where a more data-centric approach can reduce the risk of compliance violations of data being transacted or residing in rogue cloud services. In this data-centric approach users need to be:

1. Proactively educated about the value of data. Many when they provision rogue cloud services are often not aware of the value of the company data that they are farming out to public cloud models

2. Able to leverage an intuitive data classification scheme and easily digitally tag or watermark data accordingly

Organizations can also leverage one of the many cloud security brokers for the discovery, analysis and many of the policy enforcement aspects of their data across public Software as a Service cloud models.

Standards Evolution

Standards issuers have begun providing more concrete guidance and standards for cloud service providers and consuming organizations alike The International Organization for Standardization ISO/IEC 27018:2014 establishes controls and guidelines in for protecting Personally Identifiable Information (PII) in public clouds. The Payment Industry Data Security Standard (PCI DSS) Council has also issued guidance and so has the National Institute of Technology and Standards (NIST), with its Federal Risk and Authorization Management Program (FedRAMP). FedRAMP goes one step further in requiring service providers to obtain authorization in order to meet federal cybersecurity requirements for cloud services.

Harmonizing Compliance Efforts

shutterstock_186238016

Harmonizing regulations and standards to a common security framework can greatly benefit both cloud providers and consuming organizations. Cloud users no longer need to think of standards in a “one off” manner, but instead utilize a framework to essentially “audit once, report many times” given the great overlap between many of the standards, frameworks and regulations today.

The Cloud Security Alliance Cloud Controls Matrix cross maps several internationally recognized industry and regulatory standards against 16 domains based on critical areas of focus for cloud computing and while not intended to be a prescriptive framework, it has emerged as concrete guidance for all parties. The Cloud Controls Matrix also recognizes that controls apply differently across different environments and delineates controls not only by cloud model type (SaaS, PaaS, IaaS), but also recommends which fall under the service provider’s realm of responsibility versus the consuming organizations’.

As cloud audit processes mature, there is an opportunity to further streamline compliance and decrease complexity. A digitized cross mapping tool would be the next evolution and a great asset to both cloud providers and consuming organizations alike.

(Image Source: Shutterstock)

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based ...
The Need For Cloud Experts

Cloud Migrations And The Need For Experts

The Need For Cloud Experts One of the things that worries me about organizations considering cloud migrations is the reality ...
THE CLOUD IS FUELING THE TECH SECTOR’S PROFITS

THE CLOUD IS FUELING THE TECH SECTOR’S PROFITS

The Tech Sector’s Profits The tech industry continues to generate huge profits, and for good reason. Internet usage in its ...
The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have ...
How Will Artificial Intelligence Really Impact Jobs?

How Will Artificial Intelligence Really Impact Jobs?

Will Artificial Intelligence Impact Jobs? Hamilton is my favorite Broadway musical. The show follows the life of one of America’s ...
Gartner’s Hype Cycle for Emerging Technologies, 2017 Adds 5G, Edge Computing For First Time

Gartner’s Hype Cycle for Emerging Technologies, 2017 Adds 5G, Edge Computing For First Time

Gartner’s Hype Cycle for Emerging Technologies Gartner added eight new technologies to the Hype Cycle this year including 5G, Artificial ...
The 800-Pound Cloud Gorilla Makes a Move

The 800-Pound Cloud Gorilla Makes a Move

Amazon Connect Oh-oh! First, books; then all of retail and cloud services. Now, call centers??? What is Amazon up to? ...
Fundamental Technology For An Autonomous Driving Future

Fundamental Technology For An Autonomous Driving Future

Driving Into The Autonomous Future Over-the-air (OTA) update capabilities are incredibly important to the automotive industry—in fact, they’re quite literally ...
Built to Last: Choosing the Right Infrastructure Partner for Your Game

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Choosing the Right Infrastructure Partner There are millions of gamers around the globe, and according to gaming market research firm ...
How to Build a Top Level Data Science Team

How to Build a Top Level Data Science Team

Data Science Team Businesses today need to do more than merely acknowledge big data. They need to embrace data and ...