cloud-data

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance 

Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into the hands of the service provider. Additionally, the lines of responsibility between the service provider and the consumer remain blurred in most regulations, standards and frameworks though cloud has gone mainstream for even regulated workloads. However, in this era of business agility out we not to focus more on ways to relieve cloud audit burden?

It’s all About the Data

With end user digital empowerment and increased business agility it’s only to be expected that more rogue cloud services will abound. That’s where a more data-centric approach can reduce the risk of compliance violations of data being transacted or residing in rogue cloud services. In this data-centric approach users need to be:

1. Proactively educated about the value of data. Many when they provision rogue cloud services are often not aware of the value of the company data that they are farming out to public cloud models

2. Able to leverage an intuitive data classification scheme and easily digitally tag or watermark data accordingly

Organizations can also leverage one of the many cloud security brokers for the discovery, analysis and many of the policy enforcement aspects of their data across public Software as a Service cloud models.

Standards Evolution

Standards issuers have begun providing more concrete guidance and standards for cloud service providers and consuming organizations alike The International Organization for Standardization ISO/IEC 27018:2014 establishes controls and guidelines in for protecting Personally Identifiable Information (PII) in public clouds. The Payment Industry Data Security Standard (PCI DSS) Council has also issued guidance and so has the National Institute of Technology and Standards (NIST), with its Federal Risk and Authorization Management Program (FedRAMP). FedRAMP goes one step further in requiring service providers to obtain authorization in order to meet federal cybersecurity requirements for cloud services.

Harmonizing Compliance Efforts

shutterstock_186238016

Harmonizing regulations and standards to a common security framework can greatly benefit both cloud providers and consuming organizations. Cloud users no longer need to think of standards in a “one off” manner, but instead utilize a framework to essentially “audit once, report many times” given the great overlap between many of the standards, frameworks and regulations today.

The Cloud Security Alliance Cloud Controls Matrix cross maps several internationally recognized industry and regulatory standards against 16 domains based on critical areas of focus for cloud computing and while not intended to be a prescriptive framework, it has emerged as concrete guidance for all parties. The Cloud Controls Matrix also recognizes that controls apply differently across different environments and delineates controls not only by cloud model type (SaaS, PaaS, IaaS), but also recommends which fall under the service provider’s realm of responsibility versus the consuming organizations’.

As cloud audit processes mature, there is an opportunity to further streamline compliance and decrease complexity. A digitized cross mapping tool would be the next evolution and a great asset to both cloud providers and consuming organizations alike.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

Ransomware Future

Ransomware Future: Fasten Your Seat Belts 2018 Is Here

Ransomware Future 2017 was a breakout year for Ransomware, although a prominent feature and topic of discussion in IT sector it had managed to stay out of the public eye and common parlance. This all ...
Virtual Reality Healthcare Trends

Virtual Reality Trends and Possibilities in Healthcare

Virtual Reality Healthcare Trends Virtual reality tends currently to focus on entertainment and gaming, but it’s a field that’s beginning to show advances into more esteemed areas such as healthcare and medicine. Already high-tech simulations are allowing ...
73% Are Using Internet Of Things Data To Improve Their Business

73% Are Using Internet Of Things Data To Improve Their Business

Internet Of Things Data According to the Cisco Visual Networking Index, M2M connections will represent 46% of connected devices by 2020. 95% of execs surveyed plan to launch an IoT business within three years. These ...
GDPR Compliance

A Quick and Dirty Guide to GDPR Compliance

GDPR Compliance Set a reminder: On May 25, 2018, the new General Data Protection Regulation directive from the European Union will go into effect. Although its goal to protect consumer data is admirable, about a third of ...
Bob Waters

Artificial or Augmented Intelligence: Talks with Intel’s Chief Data Scientist, Bob Rogers

Artificial or Augmented Intelligence I recently sat down with Bob Rogers. Bob is Intel’s Chief Data Scientist for Analytics and AI. I sought out answers to the some of the most popular questions related to artificial ...
The Lighter Side Of The Cloud - Car Troubles
Comic
The Lighter Side Of The Cloud - The Nanodegree
The Lighter Side of the Cloud - Procurement
The Lighter Side Of The Cloud - The Backup Reminder
The Lighter Side Of The Cloud - Playing It Safe
The Lighter Side Of The Cloud - Really Smart Machines
The Lighter Side Of The Cloud - The Autobiography
The Lighter Side Of The Cloud - The Robo-Revolution

CLOUDBUZZ NEWS

EU antitrust official sees more scrutiny for Facebook, others

EU antitrust official sees more scrutiny for Facebook, others

ROME (Reuters) - Facebook and other tech giants may attract more regulatory scrutiny in future because of their market power, a senior EU antitrust official said on Tuesday. Tommaso Valletti, chief economist at the European ...
StumbleUpon is closing down after 16 years

StumbleUpon is closing down after 16 years

StumbleUpon, the social content discovery platform founded way back in 2001, is closing down. Cofounder Garrett Camp made the announcement in a blog post earlier today, stating that StumbleUpon accounts can be ported over to another of ...
Silicon breakthrough could make key microwave technology much cheaper and better

Silicon breakthrough could make key microwave technology much cheaper and better

THURSDAY, MAY 24, 2018 - Researchers using powerful supercomputers have found a way to generate microwaves with inexpensive silicon, a breakthrough that could dramatically cut costs and improve devices such as sensors in self-driving vehicles ...