Compliance in the Cloud Can Be Achieved with a Secure Infrastructure

Compliance in the Cloud Can Be Achieved with a Secure Infrastructure

By Erin Harrison

As regulated industries such as healthcare, government and financial move to the cloud, there are strict security policies that must be taken into consideration to ensure compliance standards are met.

Regulatory mandates including the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) for government contractors and the Payment Card Industry Data Security Standard (PCI DSS) for businesses that process credit transactions, all have one common objective: implementation and enforcement of policies, according to Len Whitten, director of cloud services product management at SunGard Availability Services.

The Wayne, Pa.-based company provides disaster recovery services, managed IT services, information availability consulting services and business continuity management software.

Using the cloud complicates governance and compliance – and if not done properly it can result in hefty government fine, Whitten said. Achieving compliance in the cloud involves setting up the proper framework, with the cloud service provider’s physical infrastructure acting as the foundation.

With a secure infrastructure in place, an organization can migrate services to the cloud with minimal compliance risk.

“Most compliance standards that govern how an IT infrastructure is managed weren’t designed with the cloud in mind,” Whitten explained in an interview with MSPToday. “So when these highly-regulated industries look at adopting such cloud services to achieve better scalability and lower IT costs, they confront a myriad of questions about compliance.”

Achieving compliance in the cloud requires a multi-level, holistic approach, he said. The company or its service provider needs to focus on implementing supporting controls, and these controls are security related as well as process related.

“While we don’t approach each industry differently, every subset – the people, processes, physical and logical security – all need to be taken into consideration. This includes platform security (e.g. how is the cloud architected?), data protection and data center security (physical security),” Whitten said.

By most accounts, the number-one concern with regard to the public cloud is security, not regulatory compliance. Loss of control is the second concern, according to SunGard.

“Regulatory compliance and security is really about overall data protection. Customers in regulated industries have to be very, very specific about making sure they understand the cloud architecture and how it affects their regulations compliance,” Whitten said. “Regulatory compliance mandates are definitely a roadblock, and have even caused some companies to avoid migrating to the cloud.”

Such companies are realizing that public cloud is just too risky in some instances, and SunGard is seeing customers turn to private could solutions.  

SunGard Availability Services offers a suite of security services such as log and threat management, firewalling and host and network intrusion detection.

There are other pieces of “cloud security” that fit into the broader picture, including platform security, data security and data center security, which are all services SunGard offers to customers as well.

There isn’t one regulated industry that’s moving faster than others, and a lot of companies in these industries aren’t jumping in fully yet. However, they might be moving toward cloud for specific cases, e.g. test development, Whitten explained.

“The reality is that many customers have already invested in regulatory compliance applications and have such applications in place. We’re seeing companies run into issues where they can’t move their legacy technology to the cloud,” he added. “Overall, we’re predicting we will see a lot of hybrid environments for the next two to five years. We’re also seeing highly-regulated industries turn to private cloud solutions instead of public cloud, given all of the security issues surrounding public cloud.”

Edited by Braden Becker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Executive Editor, Cloud Computing

Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More