Jian Zhen wrote an interesting article about Cloud Computing – stating that “You can outsource responsibility, but you can’t outsource accountability.” At the top of most cloud customers/prospects minds is the issue of security and compliance - but when you give the cloud computing provider the responsibilty of protecting your data and environment, how do you know they'll take on accountability as well?
Zhen states that it doesn’t matter if data is in the cloud or on-premise, what matters is that the there is control and transparency on the client’s data, applications and identities. Every client, no matter what their industry or specialty, must be compliant with whatever regulations and mandates they’re responsible for. So this not only means that a cloud prospect looking to outsource their IT infrastructure must find a reliable cloud provider – they must also do their due diligence to make sure that the provider will go to any length necessary to build an environment that is not only secure but fully compliant.
Zhen states, “If you look across all of the regulations and mandates out there, like SOX, PCI, HIPAA, COBIT, ISO, etc etc, they all require essentially two things: transparency and control.”
Does your cloud computing provider allow you to see who’s accessing what data, when and where with documentation? Are your data, applications and identity protected?
This image shows the three primary focuses when it comes to control and transparency – identity, applications and data. If any of these come under attack, your entire business could falter.
Zhen argues that enterprises are better off in their own environment where they can “do many things…to ensure they are ‘as compliant as possible’” but in the cloud “they lose that control.” However, it’s important to note that he’s mainly referring to Google App Engine and Amazon’s AWS. He says that the problem is not necessarily that the clouds aren’t secure; it’s that the enterprise loses control and transparency when they move to those clouds.
So what if you want to outsource your IT and get into the cloud - but you don’t want to lose control or transparency? You want enterprise level IT security and compliance. You want an IT environment that can withstand audits and attacks.
You look for an enterprise-level cloud provider who has clients who came to them because they could build a secure and compliant environment that cost a fraction of what it would cost for that company to do it themselves – plus the provider has 24/7/365 management and monitoring (we call this full-service offering managed cloud hosting). You don’t lose control and transparency. That cloud provider takes on the responsibility of protecting your environment, data, applications and identities, all the while being accountable for what goes on in the environment. You won’t get that in a GAE or AWS cloud, but you just might find it somewhere else…like the BlueLock Cloud.
The way we see it enterprises shouldn't feel like they can't reap the advantages of virtualization and managed IT hosting because of security and compliance. If they want to virtualize and need security and compliance, it's just the beginning of a great conversation.
Zhen states that it doesn’t matter if data is in the cloud or on-premise, what matters is that the there is control and transparency on the client’s data, applications and identities. Every client, no matter what their industry or specialty, must be compliant with whatever regulations and mandates they’re responsible for. So this not only means that a cloud prospect looking to outsource their IT infrastructure must find a reliable cloud provider – they must also do their due diligence to make sure that the provider will go to any length necessary to build an environment that is not only secure but fully compliant.
Zhen states, “If you look across all of the regulations and mandates out there, like SOX, PCI, HIPAA, COBIT, ISO, etc etc, they all require essentially two things: transparency and control.”
Does your cloud computing provider allow you to see who’s accessing what data, when and where with documentation? Are your data, applications and identity protected?
This image shows the three primary focuses when it comes to control and transparency – identity, applications and data. If any of these come under attack, your entire business could falter.
Zhen argues that enterprises are better off in their own environment where they can “do many things…to ensure they are ‘as compliant as possible’” but in the cloud “they lose that control.” However, it’s important to note that he’s mainly referring to Google App Engine and Amazon’s AWS. He says that the problem is not necessarily that the clouds aren’t secure; it’s that the enterprise loses control and transparency when they move to those clouds.
So what if you want to outsource your IT and get into the cloud - but you don’t want to lose control or transparency? You want enterprise level IT security and compliance. You want an IT environment that can withstand audits and attacks.
You look for an enterprise-level cloud provider who has clients who came to them because they could build a secure and compliant environment that cost a fraction of what it would cost for that company to do it themselves – plus the provider has 24/7/365 management and monitoring (we call this full-service offering managed cloud hosting). You don’t lose control and transparency. That cloud provider takes on the responsibility of protecting your environment, data, applications and identities, all the while being accountable for what goes on in the environment. You won’t get that in a GAE or AWS cloud, but you just might find it somewhere else…like the BlueLock Cloud.
The way we see it enterprises shouldn't feel like they can't reap the advantages of virtualization and managed IT hosting because of security and compliance. If they want to virtualize and need security and compliance, it's just the beginning of a great conversation.
Comments for Security and Compliance: What Cloud Clients Want