Compliance in the Cloud Can Be Achieved with a Secure Infrastructure


Compliance in the Cloud Can Be Achieved with a Secure Infrastructure

By Erin Harrison

As regulated industries such as healthcare, government and financial move to the cloud, there are strict security policies that must be taken into consideration to ensure compliance standards are met.

Regulatory mandates including the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) for government contractors and the Payment Card Industry Data Security Standard (PCI DSS) for businesses that process credit transactions, all have one common objective: implementation and enforcement of policies, according to Len Whitten, director of cloud services product management at SunGard Availability Services.

The Wayne, Pa.-based company provides disaster recovery services, managed IT services, information availability consulting services and business continuity management software.

Using the cloud complicates governance and compliance – and if not done properly it can result in hefty government fine, Whitten said. Achieving compliance in the cloud involves setting up the proper framework, with the cloud service provider’s physical infrastructure acting as the foundation.

With a secure infrastructure in place, an organization can migrate services to the cloud with minimal compliance risk.

“Most compliance standards that govern how an IT infrastructure is managed weren’t designed with the cloud in mind,” Whitten explained in an interview with MSPToday. “So when these highly-regulated industries look at adopting such cloud services to achieve better scalability and lower IT costs, they confront a myriad of questions about compliance.”

Achieving compliance in the cloud requires a multi-level, holistic approach, he said. The company or its service provider needs to focus on implementing supporting controls, and these controls are security related as well as process related.

“While we don’t approach each industry differently, every subset – the people, processes, physical and logical security – all need to be taken into consideration. This includes platform security (e.g. how is the cloud architected?), data protection and data center security (physical security),” Whitten said.

By most accounts, the number-one concern with regard to the public cloud is security, not regulatory compliance. Loss of control is the second concern, according to SunGard.

“Regulatory compliance and security is really about overall data protection. Customers in regulated industries have to be very, very specific about making sure they understand the cloud architecture and how it affects their regulations compliance,” Whitten said. “Regulatory compliance mandates are definitely a roadblock, and have even caused some companies to avoid migrating to the cloud.”

Such companies are realizing that public cloud is just too risky in some instances, and SunGard is seeing customers turn to private could solutions.  

SunGard Availability Services offers a suite of security services such as log and threat management, firewalling and host and network intrusion detection.

There are other pieces of “cloud security” that fit into the broader picture, including platform security, data security and data center security, which are all services SunGard offers to customers as well.

There isn’t one regulated industry that’s moving faster than others, and a lot of companies in these industries aren’t jumping in fully yet. However, they might be moving toward cloud for specific cases, e.g. test development, Whitten explained.

“The reality is that many customers have already invested in regulatory compliance applications and have such applications in place. We’re seeing companies run into issues where they can’t move their legacy technology to the cloud,” he added. “Overall, we’re predicting we will see a lot of hybrid environments for the next two to five years. We’re also seeing highly-regulated industries turn to private cloud solutions instead of public cloud, given all of the security issues surrounding public cloud.”

Edited by Braden Becker

Executive Editor, Cloud Computing

Related Articles

Unifi Connects Employees to T-Mobile 5G Network

By: Greg Tavarez    9/28/2022

Unifi selected T-Mobile and Hyperion for a Managed Mobility program to give employees a personal 5G smartphone.

Read More

Teams Direct Routing for MSP Revenue

By: Gary Audin    9/27/2022

Team Direct Routing is a way to connect Microsoft's Phone System to the PSTN via an existing PBX, Unified Communications system, or a third-party tele…

Read More

End-User Privacy and Mobile Security Coexist in Q-Scout

By: Greg Tavarez    9/27/2022

Quokka believes end-user privacy and mobile security should coexist in a secure BYOD network and launched Q-Scout to provide proactive, privacy-first …

Read More

CrowdStrike Intros Partner Progam, Adds Elite Tier for Business Growth

By: Stefania Viscusi    9/27/2022

The CrowdStrike Powered Service Provider Program (CPSP) includes value-added solution bundles and is adding an elite tier to incentivize MSPs.

Read More

Escalating Ransomware Diminishes Organizations' Confidence

By: Greg Tavarez    9/26/2022

SpyCloud revealed in its "2022 Ransomware Defense Report" that 90% of organizations were affected by ransomware in some capacity over the past 12 mont…

Read More