Storage, Compliance, and Regulations in the Age of Cloud

There are new services and evolving models which now support a more compliance-oriented infrastructure

Bill Kleyman

June 24, 2015

4 Min Read
Storage, Compliance, and Regulations in the Age of Cloud

We all know that cloud computing has come a long way. We’ve got new ways to connect, new ways to deliver data, and a lot more user distribution. In an ever-connected world, the user and the organization are demanding a persistent connection regardless of device, location, or even data type. That means that both cloud and the data center model had to adapt to these new types of demands.

Well, this worked for a lot of organizations. They were able to deliver applications, desktops, and rich content via the cloud to a dispersed user base and an ever-growing organization. But it wasn’t perfect. The cloud model was only partially evolved since many eager cloud adopters were still limited in what they could do. Healthcare, pharmaceuticals, some public organizations, government, and other compliance or regulation-bound entities just couldn’t utilize the full capacity of the cloud.

So can compliance, regulations, and storage all live in the cloud? Believe it or not, there are new services and evolving models which now support a more compliance-oriented infrastructure. Here are a few examples:

  • The Government Cloud. Ever hear of FedRAMP? If not, it’s time to take a look. Basically, FedRAMP is the result of close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry. Already, cloud providers like IBM, HP, Microsoft, and Akamai are FedRAMP certified cloud service providers. Amazon is in the mix as well. For example, AWS GovCloud (US) allows US government agencies and customers supporting the US government to move more sensitive workloads into the cloud.

  • PCI/DSS and the Hybrid Cloud. E-commerce in the cloud has always been a bit of a challenge. The passing of sensitive information caused serious issue for cloud providers. And so, providers like Rackspace decided to get creative. By intelligently controlling data through the cloud, the organization’s servers, and the payment gateway you’re able to continuously control the flow of sensitive information. According to Rackspace, when you host your infrastructure in their cloud, you can also sign up with a separate payment processor to provide tokenization, which occurs when you replace credit card data with meaningless numbers or “tokens.” When you accept a payment, non-PCI data is routed to your Rackspace-hosted environment, while the tokenized credit card data is routed to your payment processor. Since your customers’ credit card data is not routed to your Rackspace hosted infrastructure — only to the payment processor — your Rackspace environment stays out of the scope of your PCI requirements.

  • Cloud for Healthcare. File and data collaboration, also known as the “Dropbox challenge,” has really crept up on the healthcare industry. In fact, HIPAA compliance in general can be a cloud nightmare. And so, a recent change to HIPAA (the Omnibus Rule) now allows for the creation of a business associate (BA). This is any organization that has more than just transient access to data (FedEx, UPS, USPS, for example).

As more organizations move towards a cloud model, there will be new rules written around cloud computing. Data centers are becoming more compliant and a lot more secure. As more users connect to obtain information via a cloud model, there will be a need for optimized security and data segregation.

Throughout the entire cloud planning and cloud storage process there are still some big takeaways to consider:

  • It’s all about the use case. When you’re working with some kind of a cloud workload make sure to understand the impacts on your IT environment, your users, and your business. In some cases compliance isn’t the only barrier to a cloud storage deployment. Applications and data sets might have some very strict delivery profiles.

  • Work with your provider. It’s good to be in the data center business. More providers are offering various kinds of compliance-ready cloud services and there are even more eager customers. Through this kind of growth, make sure to work with your provider when deploying specific kinds of compliance-bound workloads. There are a lot of new options around multi-tenant segmentation and control.

  • Keep security at the forefront. As cloud computing continues to boom, there will be more data stored and more targets created. In creating a complaint-ready cloud architecture, next-gen security technologies can keep data flowing safely. This includes application firewalls scanning for anomalous traffic patterns and even port-specific security policies.

The good news is that new rules are being passed allowing new kinds of industries to leverage even more cloud services. As more content becomes web-born and web-delivered, the data center provider will sit square in the middle of the entire architecture. Fortunately, the future of the cloud compute model is looking to be a bit friendlier towards compliance-driven workloads.

About the Author(s)

Bill Kleyman

Bill Kleyman has more than 15 years of experience in enterprise technology. He also enjoys writing, blogging, and educating colleagues about tech. His published and referenced work can be found on Data Center Knowledge, AFCOM, ITPro Today, InformationWeek, NetworkComputing, TechTarget, DarkReading, Forbes, CBS Interactive, Slashdot, and more.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like