Compliance in the Cloud: The Need for Compliance
This is the first blog in a series of blogs and podcasts that provides the information surrounding the concepts of compliance in a cloud environment. In this series, we will greater insight into the concepts and best practices for many of the considerations that are generally part of a cloud compliance program. In this installment, we will be discussing the topic: “The Need for Compliance.”
As discussed as part of the Cloud Security 101 series, cloud compliance is a significant concern most companies. According to a recent 451 Research report, compliance related concerns are the most significant barrier to cloud adoption.
Cloud compliance is the domain that talks specifically how a company’s cloud infrastructure will be regulated, and some of the differences and similarities between the controls used to regulate on premise systems and the workloads migrated to the cloud.
Cloud compliance covers a whole host of requirements and issues: basically any issues or controls that are currently regulated for on premise systems have an analog in the cloud. There are national data sovereignty requirements to comply with and laws effecting the international storage and movement of data such as the EU Data Protection Directive and USA Patriot Act. There are both global and national regulatory requirements for securing personal health data (HIPAA, HITECH), general privacy (PII, SPI), credit card holder information (PCI), sensitive industry data like ITAR and many, many more.
Read the entire article here, Compliance in the Cloud: The Need for Compliance
via the fine folks at HP Enterprise.