Security, compliance, and the future
This article is the last in our 5 part series on using the Cloud in your department or agency. Through the series we’ve gone through Cloud basics to bring you to a better understanding about what the Cloud is, what value it providesand the steps to take to ensure a successful implementation.
But, there’s more. Based on the original Cloud trends and survey results, many of you still have questions over security and compliance in a Cloud-friendly world, so let’s take some time to address those.
Is this Cloud secure? Does the Cloud meet strict compliance regulations? Read on.
As Secure as You Are
One of the big misconceptions I briefly covered in Part 3 is about Cloud security. In that article, I talked about how it’s important to take your Cloud provider choice to task to prove their specific Cloud offering is secure. But, even more than that, you also must understand general computing security, so when the vendor starts talking HTTPs, SSL, TLS, 2-factor authentication, and other electronic communication mediums you’re not apt to turn blank-faced, give timed nods, and daydream about the ride home.
In essence, the Cloud and Cloud provider you choose can only be as secure as you make them, based on your own knowledge. Many organizations have honed environment security over the years, but the Cloud brings new opportunities for security failure. Invest the time to learn these new security paradigms.
The best spot to get started is to visit the Cloud Security Alliance web site:
Cloud Security Alliance (CSA) – The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
One of the key compliance issues organizations will face is due to the flexibility and value of the Cloud. The Cloud allows an organization to move data, applications, and operations to the Cloud provider. But, in doing so, many times where that data actually ends up is unknown. Data moved from on-premises to the Cloud could actually end up being stored in a datacenter across the world. Many laws demand that data shall not cross borders or be shared with other environments in a different national area.
Fortunately, compliance for data moving and storage have improved as the Cloud has evolved. Companies like Microsoft understand these compliance issues and have developed policies to solve it where you get to choose and control where data resides geographically.
A couple other important challenges come from the Payment Card Industry Data Security Standards (PCI DSS) and the Health Insurance Portability and Accountability Act. These sector-specific standards and laws present additional challenges for agencies.
Fortunately, for these situations, the STAR registry was created by the Cloud Security Alliance. The STAR registry allows cloud service providers to provide customers with visibility into their security, privacy and compliance commitments and capabilities. Customers can sift through the registry to locate Cloud providers that meet their specific Cloud compliance concerns.
Download this whitepaper to learn more: Compliance in the Cloud
The Cloud is not perfect, but it is ever improving. We’ve come a long way in a very short period of time, thanks to those providers who have invested considerable resources into helping the solution to evolve. And, it continues to evolve at a rapid pace. Just 3 years ago, this 5-part article series would have looked and read much differently. I would have told you, flat-out, DO NOT consider the Cloud because the detriments significantly outweighed the value. 3 years ago we were in the baby stage, but today, I’d say we’re just coming out of toddler and heading to adolescence. The legs are strong and sturdy, and the body is full of excitement, energy, and substance.
Vendors like Microsoft will always offer customers a choice and not force you to go all-Cloud or nothing. Hopefully, you have a better understanding of what the Cloud is and appreciate the value that it can bring to your organization. Hopefully, I’ve helped dispel the biggest misconceptions and turned your fear into admiration. We live in exciting times with the potential for great things.
I wish you great success.
Rod Trent is the IT Community Manager for Windows IT Pro and myITforum.com, both sister brands of American City & County.