The Cloud Computing Compliance Conundrum

5 comments

There’s lots of discussion about worries about security in the cloud. Chris Hoff writes today that cloud security concerns are often intermingled with compliance, which is quickly becoming a key factor in establishing comfort for enterprise users.

“The only measure that counts in the long run is how compliant you are,” he writes. “That’s what will determine the success of Cloud. Don’t believe me? Look at how the leading vendors in Cloud are responding today to their biggest (potential) customers — taking the ‘one size fits all’ model of mass-market Cloud and beginning to chop it up and create one-off’s in order to satisfy…compliance.”

Hoff emphasizes the importance of educating auditors and examiners, and recommends learning more about the Automated Audit, Assertion, Assessment, and Assurance API (A6) , an emerging effort to create a security standard for cloud stacks.

“There are TONS of things one can do in order to make up for the shortcomings of Cloud security today,” he adds. “The problem is, most of them erode the benefits of Cloud: agility, flexibility, cost savings, and dynamism. We need to make the business aware of these tradeoffs as well as our auditors because we’re stuck. We need the regulators and examiners to keep pace with technology — as painful as that might be in the short term — to guarantee our success in the long term.”

Read the full post at Rational Survivability.

About the Author

Rich Miller is the founder and editor at large of Data Center Knowledge, and has been reporting on the data center sector since 2000. He has tracked the growing impact of high-density computing on the power and cooling of data centers, and the resulting push for improved energy efficiency in these facilities.

Add Your Comments

  • (will not be published)

5 Comments

  1. Rich: Thanks for the ping. I really should have emphasized more the unfortunate value decay of "security" into compliance and reiterate the notion that security does not equal compliance (or vice versa.) I don't want people to come away with the message that I think that compliance is more important than "security" or managing risk, because that's definitely NOT the case. Rather, it's a delicate and rather unfortunate position that we're in when compliance trumps other more reasonable approaches to ensuring viable business operations. /Hoff