Seeking compliance in the cloud



Email    print   
July 9, 2009 —  (Page 1 of 5)
Cloud computing can make it easier for developers to meet an organization's compliance requirements, but it can also introduce new risks and run afoul of regulations that govern data, a panel of experts told SD Times.

They recommended that an organization document what processes cloud providers have in place to secure application data and safeguard privacy; communicate its requirements for applications to providers; understand how regulation affects development in external clouds; and know what liabilities apply if something goes wrong when it is no longer the primary custodian of data.

Surprisingly, cloud providers can offer greater control and visibility of IT assets than on-premises systems, said Cass Brewer, founder of Truth to Power, an online information governance research community.

In the cloud, every action is an invocation of a service and can therefore be monitored, logged or even rolled back, explained Peter Coffee, director of platform research for Salesforce.com. "It provides a big step in the right direction towards achieving compliance…It's auditable, instead of being a scavenger hunt through incredibly heterogeneous IT environments, which most organizations are using today."

Important business processes exist in traditional enterprise IT, which are not governed at all, he added. For instance, employees might exchange data by attaching spreadsheets to e-mails. In that instance, achieving compliance is difficult because there are "an amazing number of places" where that data can go, as well as poor specification and auditability of what actions where performed by whom, he explained.

"You can't even dream of getting a snapshot of a compliance inventory in the traditional IT model," Coffee said. "You don't end up with residual state on network edge devices in cloud. That is worth an enormous amount," he added.

However, the lauded benefits of cloud computing might be out of reach for organizations that operate in highly regulated industries.

Approaching the cloud
Companies should do legwork before they approach the cloud to understand their own compliance requirements and how they may conflict with what the provider offers, said Chenxi Wang, a principal analyst at Forrester Research.



Related Search Term(s): cloud computing

Pages 1 2 3 4 5 


Share this link: http://sdt.bz/33602
 
Most Read Latest News Blog Resources


Comments


07/09/2009 01:32:50 PM EST

good job

United States dad


07/09/2009 03:28:52 PM EST

"At least in our cloud, nothing will prevent them from constructing applications that are HIPAA- or PCI- [Peripheral Component Interconnect] compliant, [a] process that includes our technology as part of the [processing] chain," Coffee said. PCI stands for Payment Card Industry, not Peripheral Component Interconnect. Better not to spell the acronym out than to spell it out incorrectly.

United StatesAcronym Police


07/09/2009 04:04:12 PM EST

This is a nicely written article. One issue that was missed, but lightly danced around, is "Data Escrowing" for SAAS and Cloud applications. Escrowing is basically a contract between three parties.. the provider... the customer... and an independent third-party escrow company. These types of arrangements are complicated. In short... the third-party stores a copy of the providers source code AND database information for the customer. If something "bad" happens (the provider goes under, the service is down for a long period of time, etc) then the third-party will release the source code and customer data, in some preconceived methodology. We, as a technology liability consulting firm, see some potential problems with escrowing. Without going into too much detail... your data is still housed by third-party groups that you don't control, off-site, away from your day-to-day operation. And escrowing does not remove the problem of your data being housed by a group that is solely focused on the arrival of your next payment. Now.. we are absolutely not saying that Cloud / SaaS is bad. We, like the author of this article, are simply saying... do your homework first. Sadien Staff Sadien, Inc. http://www.sadien.com

United StatesSadien, Inc. (Sadien.com)


08/13/2009 02:36:49 PM EST

I work for an ISV called RainStor that launched a cloud archive service a few months ago. We have focused on the business problem of application retirement initially by delivering a service that allows companies to preserve historical data from legacy applications in the cloud. However, we’ve also been asked by many customers, partners, commentators and analysts how our cloud archive service can be used for “SaaS data escrow”. We’re keen to understand in more detail why and how companies might use cloud archive services to keep a copy of the data within their SaaS applications so we’re running a survey. The survey is available at http://tinyurl.com/kl5l86 and we share the results with anyone who particpates.

United KingdomJulian Cook


Add comment


Name*
Email*  
Country     


  • Comment
Loading




close
NEXT ARTICLE
Cloud computing is green computing
Despite advances made in efficient power consumption, cloud's scalability is the best way to cut down on energy use Read More...
 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?


 
blogs tab
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
02/09/2012 02:16 PM EST

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

 
Events calendar tab
2/13/2012 to 2/16/2012
Santa Clara
TechWeb

2/26/2012 to 2/29/2012
San Francisco
BZ Media

2/27/2012 to 3/2/2012
San Francisco
RSA

3/4/2012 to 3/7/2012
Las Vegas
IBM Tivoli

3/5/2012 to 3/9/2012
San Francisco
TechWeb