The Cloud Computing Channel is brought to you by ZT Systems

• The Cloud Computing Compliance Conundrum

  January 25th, 2010 : Rich Miller

  There’s lots of discussion about worries about security in the cloud. Chris Hoff writes today that cloud security concerns are often intermingled with compliance, which is quickly becoming a key factor in establishing comfort for enterprise users.

  “The only measure that counts in the long run is how compliant you are,” he writes. “That’s what will determine the success of Cloud. Don’t believe me? Look at how the leading vendors in Cloud are responding today to their biggest (potential) customers — taking the ‘one size fits all’ model of mass-market Cloud and beginning to chop it up and create one-off’s in order to satisfy…compliance.”

  Hoff emphasizes the importance of educating auditors and examiners, and recommends learning more about the Automated Audit, Assertion, Assessment, and Assurance API (A6) , an emerging effort to create a security standard for cloud stacks.

  “There are TONS of things one can do in order to make up for the shortcomings of Cloud security today,” he adds. “The problem is, most of them erode the benefits of Cloud: agility, flexibility, cost savings, and dynamism. We need to make the business aware of these tradeoffs as well as our auditors because we’re stuck. We need the regulators and examiners to keep pace with technology — as painful as that might be in the short term — to guarantee our success in the long term.”

  Read the full post at Rational Survivability.

• 
• 
• Slashdot It!

Christofer Hoff

Posted January 25th, 2010

Rich:

Thanks for the ping. I really should have emphasized more the unfortunate value decay of “security” into compliance and reiterate the notion that security does not equal compliance (or vice versa.)

I don’t want people to come away with the message that I think that compliance is more important than “security” or managing risk, because that’s definitely NOT the case. Rather, it’s a delicate and rather unfortunate position that we’re in when compliance trumps other more reasonable approaches to ensuring viable business operations.

/Hoff

RESOURCE LINKS: