Computerworld - Using the cloud for data processing and storage may have its advantages in terms of simplicity and cost, but ensuring regulatory compliance will not be nearly so simple.
What it all comes down to, ultimately, is that the user organization is responsible for figuring out who is doing what to its data and requiring assurances about the data staying in compliance.
"In certain cases, compliance will be impossible," predicted Jim Haskin, senior vice president at Websense Inc., a security services vendor in San Diego. "It is difficult to take full responsibility for who can access data, who sees it and how it is stored, since the premise of the cloud is that customers don't necessarily need to know or care where their data is," he added.
"As enterprises start to run their entire networks on the cloud, existing certifications [such as Gramm-Leach-Bliley, etc.] start to break down," added Jonathan Bryce, co-founder of Mosso, the cloud division of Rackspace Inc., a hosting firm in San Antonio. "The certifications assume that the enterprise controls everything, and it's all located within their office building."
But some observers make the point that the cloud doesn't necessarily complicate compliance issues. "The concept of auditing is to track everything that goes on, whether it's across the cloud or across multiple data centers of the same firm -- tracking is no different no matter where the various components are," said Mike Karp, senior analyst at Enterprise Management Associates Inc., an enterprise IT consultancy based in Boulder, Colo.
In fact, various sources agreed that regulatory compliance is often possible with cloud computing, although it takes special effort. As noted by Chris Day, senior vice president at Terremark Worldwide Inc., a cloud service in Miami that offers what it claims is a fully compliant cloud, "There is no magic solution." The basis of Terremark's compliance is that Terremark claims to know where the client's data is and what parts of the network it passes through, even if that complexity is invisible to the client.
That said, each separate compliance environment requires specific attention, Day added.
Compliance environments that experts cite as important for cloud computing included auditing-related standard SAS 70, Payment Card Industry Data Security Standards (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA.)
SAS 70 refers to "Statement on Auditing Standards 70: Service Organizations," issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). According to Judith Sherinsky, manager of audit and test standards at the AICPA in New York, "SAS 70 applies when an audited entity sends data to a service organization, which does something to that data and sends it back to the user, who uses that data in its financial statements." An example is if corporate inventory data is sent to a cloud-based data center where a total valuation will be assigned to it -- a valuation that will later show up in the corporation's annual report.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- Harness IT -- An Introduction to Business Intelligence Solutions Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information... All Data Center White Papers | Webcasts