There's lots of discussion about worries about security in the cloud. Chris Hoff writes today that cloud security concerns are often intermingled with compliance, which is quickly becoming a key factor in establishing comfort for enterprise users.
"The only measure that counts in the long run is how compliant you are," he writes. "That’s what will determine the success of Cloud. Don’t believe me? Look at how the leading vendors in Cloud are responding today to their biggest (potential) customers — taking the 'one size fits all' model of mass-market Cloud and beginning to chop it up and create one-off’s in order to satisfy…compliance."
Hoff emphasizes the importance of educating auditors and examiners, and recommends learning more about the Automated Audit, Assertion, Assessment, and Assurance API (A6) , an emerging effort to create a security standard for cloud stacks.
"There are TONS of things one can do in order to make up for the shortcomings of Cloud security today," he adds. "The problem is, most of them erode the benefits of Cloud: agility, flexibility, cost savings, and dynamism. We need to make the business aware of these tradeoffs as well as our auditors because we’re stuck. We need the regulators and examiners to keep pace with technology — as painful as that might be in the short term — to guarantee our success in the long term."
Read the full post at Rational Survivability.