Compliance

Cloud Computing: When Compliance Comes Down to Security

Grazed from CloudComputingExpo. Author: Fouad Khalil.

In the business world, it's hard to throw a rock without hitting a compliance requirement. All must be obeyed, but some call for a high level of control and auditability. Governing bodies are exerting their authority like never before, increasing the number of auditors and handing out heavy fines - sometimes as much as $1 million. This has become the new norm, and it isn't likely to turn around any time soon. It's important, then, to be aware of the primary threats that could undermine compliance efforts. The top three such issues are discussed below.

The Challenges of SOX

Public companies in the U.S. as well as foreign companies listed on U.S. exchanges are required by Sarbanes-Oxley (SOX) to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation...

Read more from from the source @ http://www.cloudcomputingexpo.com/node/3900000

ISO Compliance in the Cloud - why should you care?

Grazed from CCI. Author: Editorial Staff.

Issues around mobility and multi-tenancy, identity and access management, data protection and incident response and assessment all need to be addressed. And with multiple modes – SaaS, PaaS, IaaS, public, private, hybrid – creating added complexity in how security and compliance is carried out and by whom, this can lead IT leaders to think twice about leveraging cloud...

Organisations already in the processes of implementing ISO 27001 to audit and report on the state of controls within their environment will know the immense amount of work required. However, while addressing compliance in the cloud is undoubtedly tough, it doesn’t have to be an obstacle...

VMblog's Expert Interviews: CloudPassage Talks about Security and Compliance in the Cloud

Grazed from VMblog.com

Whether new infrastructure is spun up in the cloud or whether new applications are launched in a rapid development environment, companies should be implementing security best practices and compliance checks as early and often as possible.  But, is that happening?  To find out more about compliance in the cloud and beyond, I recently spoke with Bart Westerink, senior director of security and compliance at CloudPassage, to dig in deeper and find out what we need to know.

VMblog:  To kick things off, give us some background on CloudPassage and tell us what type of problems you're solving?

Bart Westerink:  The migration from traditional servers to agile, elastic infrastructure is putting a huge strain on enterprise compliance efforts. Servers and workloads that spin up automatically and on-demand make it difficult to manage and verify access controls, user privileges and security configurations. Implementing continuous monitoring and logging, while maintaining an accurate inventory of systems are also huge challenges. Compliance teams are being forced to expend lots of manual effort to keep up, which threatens to erase the business benefits of moving to agile infrastructure in the first place.

 

Cloud Computing: The Compliance Oriented Architecture - are we there yet?

Grazed from ComputerWeekly. Author: Clive Longbottom.

Over a decade ago, Quocirca looked at the current means of securing data, and decided that there was something fundamentally wrong. The concept of solely relying on network edge protection, along with internal network and application defences misses the point. It has always been the data that matters - in fact, not really even the data, but the information and intellectual property that data represents.

To our minds, enterprise content management (ECM) has not lived up to expectations around information security: it only dealt with a very small subset of information; it was far too expensive; and has not evolved to support modern collaboration mechanisms. It is also easy to circumvent its use, and far too easy for information assets to escape from within its sphere of control...

The ups and downs of cloud compliance

Grazed from TechTarget. Author: Mike Chapelle.

Compliance doesn't need to slow down cloud adoption, but it should remain a high priority in cloud-enabled IT environments. Federal and state laws that protect information security and data privacy differ widely and are becoming increasingly complex. The global picture is even more difficult to unravel.

As enterprises around the world adopt cloud computing strategies, regulated data -- such as personally identifiable information, health records and credit card numbers -- increasingly passes through the control of a wide range of service providers. Multinational corporations must take time to understand the data security ramifications of cloud computing decisions and move forward in a manner that maintains compliance with applicable security and privacy regulations...

Cloud computing may make IT compliance auditing even cloudier

 Grazed from ZDNet.  Author: Joe McKendrick.

Compliance is one of those thankless activities that add a lot more pain than gain to IT managers' and professionals' worklives. It's a matter of doing the minimum that needs to get done and be done with it, so one can get back to the good things, like building commerce and analytics systems.

Accordingly, most IT departments are ill-prepared for any audits that may come their way. A new survey finds three out of five IT professionals say they're not ready for compliance audits...

Cloud computing may make IT compliance auditing even cloudier

Grazed from ZDNet.  Author: Joe McKendrick.

Compliance is one of those thankless activities that add a lot more pain than gain to IT managers' and professionals' worklives. It's a matter of doing the minimum that needs to get done and be done with it, so one can get back to the good things, like building commerce and analytics systems.

Accordingly, most IT departments are ill-prepared for any audits that may come their way. A new survey finds three out of five IT professionals say they're not ready for compliance audits...

Revisiting Compliance in the Cloud: Is it Risky Business? (Part 3)

Grazed from CloudComputingAdmin.  Author: Deb Shinder.

In this, Part 3, we’ll talk about data classification responsibilities in a cloud environment and then move into some specifics of how to develop your data classification scheme.

Cloud Raxak Unveils Cloud Security Compliance Solution

Grazed from TalkinCloud. Author: Dan Kobialka.

Cloud security compliance (CSC) company Cloud Raxak today has launched Cloud Raxak Protect, a cloud-based service that enables users to "secure and ensure compliance of their compute infrastructures, starting with their environment provisioning process and through the lifecycle, for both public and private clouds."

Cloud Raxak Protect provides hybrid cloud service management for businesses, according to Cloud Raxak. It leverages the Hewlett-Packard (HPQ) Cloud Service Automation (CSA) solution, Cloud Raxak said, to help companies reduce their hybrid cloud service management costs and simplify audits...

Read more from the source @ http://talkincloud.com/cloud-computing-security/04202015/cloud-raxak-unveils-cloud-security-compliance-solution

Cloud security and compliance trends in 2015

Grazed from TechRepublic.  Author: Editorial Staff.

 More and more Amazon Web Services (AWS) customers in 2014 could not make their networks as secure using AWS/S3, explained Vormetric's VP of Cloud C.J. Radford. This trend will pick up in 2015, with more enterprises using cloud applications in order to defend themselves from the rising tide of cyberthreats.

In an email Q&A with TechRepublic, regarding 2015 cloud security trends Radford said he also expects that organizations will "open their coffers" to protect Software as a Service (SaaS) offerings, that more Information as a Service (IaaS) providers will offer encryption and access control services, and that hosted private clouds will exceed the number of in-house private clouds as the preferred environment...