As cloud services become even more ubiquitous, cloud compliance is growing into an even trickier area. Is your cloud security up to snuff – and do you know what it would take to reach current standards? The world of cloud compliance is worth keeping an eye on.
The Need for Cloud Compliance
The cloud tech world has grown so quickly, especially in the past several years, that it has encountered a classic compliance issue: Standards have struggled to keep up, leaving companies to develop whatever cloud solutions they want without worrying about security, compatibility, or overall quality. Left unchecked, this would create an incredibly chaotic market.
Fortunately the issue is not unchecked, and several organizations are hard at work to create cloud compliance standards and protocols to catch up with the tech world. However, security is still a particularly sensitive area in cloud computing. Companies often use services and vendors without knowing where their data is stored, let alone what sort of security measures are protecting it – and if managing their own cloud solutions, they may not be aware of weak points and potential breaches in their own systems.
Other scenarios are also growing more complex: Take de-provisioning, or logging an employee out of the company’s systems when they leave. Today, with so much cloud activity on multiple levels and sometimes a dozen or more different entry points, basic de-provisioning doesn’t mean an old employee can’t access sensitive information. More robust systems and more across-the-board standards are necessary.
FedRAMP and New Capabilities
So, what’s being done with it comes to greater cloud compliance? Well, that depends what cloud area you are talking about. At a government level, FedRAMP is one of the most promising developments. This project is a collaboration between multiple different councils and companies to create certification necessary for government cloud services. Companies without this certification – which is still being updated – cannot answer government contracts for cloud services (IMB, HP and Microsoft all have FedRAMP compliance, for example).
A closely connected field here is the healthcare field. HIPAA compliance and cloud technology are not good bedfellows at the moment, especially as the industry grows more accustomed to sharing information via the cloud. This is a major can of worms, but there’s an important solution being implemented called the Omnibus Rule, which allows for the creation of partnerships where the exchange of data via cloud storage is easier (and more legal) than it was before. Security, however, is still an ongoing issue when it comes to sensitive health information.
The Ecommerce and Business World
In the private world, there is some competition when it comes to cloud compliance. General compliance thus far is handled by SAS 70 Type II and ISO 27001 certifications for general security, but a lot of specifics are missing here, and updates are needed badly.
Such is the goal of organizations like the Cloud Security Alliance, which is working to develop standardized auditing of cloud frameworks, an immensely helpful step that includes the Cloud Trust Protocol, audit procedures, a Cloud Controls Matric, and Consensus Assessments to help companies explore their options and judge their security needs. It is a much-needed step in the right direction.
Katrina is a leader in the IT industry custom solution and innovative ideas as a product specialist for rack solutions.