Compliance in the Cloud Can Be Achieved with a Secure Infrastructure

Compliance in the Cloud Can Be Achieved with a Secure Infrastructure

By Erin Harrison

As regulated industries such as healthcare, government and financial move to the cloud, there are strict security policies that must be taken into consideration to ensure compliance standards are met.

Regulatory mandates including the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) for government contractors and the Payment Card Industry Data Security Standard (PCI DSS) for businesses that process credit transactions, all have one common objective: implementation and enforcement of policies, according to Len Whitten, director of cloud services product management at SunGard Availability Services.

The Wayne, Pa.-based company provides disaster recovery services, managed IT services, information availability consulting services and business continuity management software.

Using the cloud complicates governance and compliance – and if not done properly it can result in hefty government fine, Whitten said. Achieving compliance in the cloud involves setting up the proper framework, with the cloud service provider’s physical infrastructure acting as the foundation.

With a secure infrastructure in place, an organization can migrate services to the cloud with minimal compliance risk.

“Most compliance standards that govern how an IT infrastructure is managed weren’t designed with the cloud in mind,” Whitten explained in an interview with MSPToday. “So when these highly-regulated industries look at adopting such cloud services to achieve better scalability and lower IT costs, they confront a myriad of questions about compliance.”

Achieving compliance in the cloud requires a multi-level, holistic approach, he said. The company or its service provider needs to focus on implementing supporting controls, and these controls are security related as well as process related.

“While we don’t approach each industry differently, every subset – the people, processes, physical and logical security – all need to be taken into consideration. This includes platform security (e.g. how is the cloud architected?), data protection and data center security (physical security),” Whitten said.

By most accounts, the number-one concern with regard to the public cloud is security, not regulatory compliance. Loss of control is the second concern, according to SunGard.

“Regulatory compliance and security is really about overall data protection. Customers in regulated industries have to be very, very specific about making sure they understand the cloud architecture and how it affects their regulations compliance,” Whitten said. “Regulatory compliance mandates are definitely a roadblock, and have even caused some companies to avoid migrating to the cloud.”

Such companies are realizing that public cloud is just too risky in some instances, and SunGard is seeing customers turn to private could solutions.  

SunGard Availability Services offers a suite of security services such as log and threat management, firewalling and host and network intrusion detection.

There are other pieces of “cloud security” that fit into the broader picture, including platform security, data security and data center security, which are all services SunGard offers to customers as well.

There isn’t one regulated industry that’s moving faster than others, and a lot of companies in these industries aren’t jumping in fully yet. However, they might be moving toward cloud for specific cases, e.g. test development, Whitten explained.

“The reality is that many customers have already invested in regulatory compliance applications and have such applications in place. We’re seeing companies run into issues where they can’t move their legacy technology to the cloud,” he added. “Overall, we’re predicting we will see a lot of hybrid environments for the next two to five years. We’re also seeing highly-regulated industries turn to private cloud solutions instead of public cloud, given all of the security issues surrounding public cloud.”

Edited by Braden Becker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Executive Editor, Cloud Computing

Related Articles

MSP Expo Sponsor Wildix Launches E-Learning Platform

By: Greg Tavarez    6/24/2024

MSP Expo sponsor Wildix launched its new e-learning platform designed to enhance training and certification processes for MSPs and system integrators.

Read More

Strategizing to Strengthen Asset Intelligence Capabilities, Courtesy of Sevco Security and GuidePoint Security Partnership

By: Alex Passett    6/24/2024

Last week, a new strategic reseller partnership was announced between Sevco Security and GuidePoint Security.

Read More

SUSE Launches Cloud Elevate Program

By: Stefania Viscusi    6/24/2024

SUSE announced a new SUSE One Cloud Elevate Program, designed to empower SUSE One partners to sell SUSE's open-source solutions more effectively.

Read More

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More