Compliance

Is your cloud provider compliant?

Grazed from ProgrammableWeb. Author: Editorial Staff.

Before investing in any new technology, an organisation must first establish whether that technology will meet the businesses’ needs. Similarly, the organisation must scrutinise the technology and its provider, to make sure it is up to standard with the company’s security and compliance requirements.

One such example of this, says John McLoughlin, MD of J2 Software, a distributor of SkyView Partners’ managed security solutions, is cloud computing. “The business benefits of cloud computing are widely accepted and documented, however, whether or not cloud computing meets your business requirements is dependent on the type of data being stored, accessed, and shared in the cloud.”...

Provider-user teamwork key in cloud compliance

Grazed from TechTarget. Author: Nicholas Rando.

With cloud compliance and standards regulations changing as often as the weather, how do cloud admins keep up? Unfortunately, there is no one answer -- but there are a number of different ways to attack it. When users work together with their cloud computing service providers, staying on top of cloud regulations becomes easier.

From keeping up-to-date on the latest regulations, such as PCI DSS and HIPAA, to ensuring that all of your cloud service requirements are being met, collaboration between cloud providers and consumers is the key. But what else do cloud admins need to know to meet cloud regulations? With that question in mind, we've compiled our top five tips on cloud computing compliance and standards with the hope of shedding light on these vital pieces of the cloud puzzle...

The Impact Of Cloud Computing On Data Compliance

Grazed from GlobalBankingAndFinance. Author: Ron Miller.

It might have been a buzzword within the IT industry for some years now but more recently we’ve seen the mainstream appetite for – and adoption of – cloud computing rise significantly. Whether it’s public, private or hybrid services, the promise of greater flexibility, scalability and cost-effective pricing models has been too enticing for many businesses to ignore.

The flipside, however, is that as a result of the Cloud, we’re also seeing a number of companies coming under scrutiny for their data protection and compliance policies. It’s the CIOs that are leading the charge here, as they become increasingly concerned over the security of their mission-critical data. There is the perception that many ‘cloud’ vendors (and that’s including those companies that have simply rebranded an existing solution to jump on the bandwagon) are failing to provide a comprehensive view on where data is being stored and the information security management framework that’s in place...

The battle between compliance and the cloud

Grazec from InformationAge. Author: Ben Rossi.

The beauty of the cloud is that it seeks to enable a business to become more agile, efficient and competitive, yet compliance seeks to restrain it. And this is what is preventing some businesses from making the most of the cloud. Recent research from NTT Com Security revealed businesses across the globe are wary of the using the cloud. A worrying 86% admitted that issues around data protection, legislation and regulation are responsible for cloud computing being adopted more slowly than they would like.

You only have to look at the publicity surrounding the NSA and PRISM revelations and compliance, data sovereignty laws and regulation requirements from authorities like the Information Commissioner’s Office (ICO). With these increasingly complicated data laws, it’s becoming something of a minefield for businesses looking to embrace, or experiment with, the cloud...

Enterprises Solve Compliance Riddle With Encrypted Cloud and Backup

Grazed from OnLineTech. Author: PR Announcement.

Companies that must comply with regulations such as HIPAA, Sarbanes-Oxley, PCI and Safe Harbor now have an instant solution to a key aspect of data security that too often goes un-met: end-to-end encryption for sensitive patient and customer information sitting in the cloud. Organizations in regulated industries that must ensure the protection of confidential information often avoid cloud computing because they have incomplete encryption strategies that leave them in non-compliance and at risk of embarrassing, costly security breaches.

The common areas of non-compliance for most hosting providers are due to a lack of encryption for data in the cloud and for backup of that data. The cloud infrastructure and backup techniques used by the vast majority of companies today leave patient and customer information un-encrypted, making it vulnerable to accidental and criminal breaches...

Cirrity Launches Desktops as a Service (DaaS) With Secure, Compliant Cloud

Grazed from MarketWire.  Author: PR Announcement.

Cirrity, the secure and compliant cloud services provider, has added Desktops as a Service (DaaS) to its cloud-based solutions.  Cirrity's DaaS solution provides a complete virtual workspace from the cloud, delivering Windows desktops and applications as an easily managed, unified cloud service. Powered by industry-leading Desktone technology -- a multi-tenant, grid-based platform purpose-built for cloud-hosted desktops -- Cirrity's DaaS solution eradicates the barriers to virtual desktop adoption and enables a risk-free, incremental evolution of the next-generation workspace.

"Cirrity's DaaS solution improves desktop accessibility and security while also supporting disaster recovery strategies," says Andrew Albrecht, COO of Cirrity. "If employees rely on desktops located in the office but physically can't get to their computers, the disruption to business operations is immediate. With Cirrity's DaaS solution, the desktop resides in Cirrity's secure, compliant cloud infrastructure built on enterprise-class hardware. Employees can access their desktop from any device, anywhere, anytime."...

Dell updates private cloud to become PCI compliant

Grazed from NetworkWorld. Author: Brandon Butler.

Looking to solidify its refocused efforts on private cloud platforms, Dell today rolled out new features to improve security and manageability of its offerings. Dell now offers a payment card industry (PCI)-compliant cloud computing service. It also rolled out a new choice that allows customers to rent Dell-owned and operated hardware in their data centers. Dell is also expanding its cloud-based applications, adding a disaster recovery as a service (DRaaS) option.

The moves come months after Dell announced plans to refocus its cloud computing strategy more on its private cloud business, instead of the public cloud market. The company had been developing an OpenStack-powered public cloud, but it halted those development efforts to focus on private and managed clouds this summer...

CISO Perspectives on Compliance in the Cloud and Managing Risk

Grazed from TechNet. Author: Adrienne Hall.

Regulatory compliance and managing security risks are two important challenges facing IT professionals today. From the Chief Information Security Officers (CISOs) we talk to, there’s steady interest in hearing more on these topics. Perhaps not surprisingly, security executives often turn to their peers for information and insights on the challenges they face.

Who could be a better source of perspectives and best practices than others working through the same issues? At Trustworthy Computing, we’re fortunate to have access to some of the best and brightest security minds – including security executives from around the world as well as our own internal experts...

Addressing PCI compliance in hybrid clouds

Grazed from GigaOM.  Author: Editorial Staff.

Cloud computing solves a number of problems, but compliance is not one of them. If anything, cloud computing complicates compliance, with shifting responsibilities for everything from user data to the physical data center. Hybrid clouds further cloud a murky situation by providing additional overlap and confusion.

Earlier this year, the PCI Security Standards Council released a set of guidelines outlining roles and responsibilities for compliance in public cloud scenarios. Since that time, a number of businesses and service providers have implemented those recommendations and attempted to extend those recommendations into more-complicated hybrid cloud environments...

Bare-metal servers in the cloud aid performance, compliance

Grazed from TechTarget. Author: Beth Pariseau.

It sounds like an oxymoron, but some cloud providers offer bare-metal servers -- and some organizations consider them an appealing alternative to shared infrastructure. Cloud service providers that offer bare-metal servers include IBM's SoftLayer Technologies Inc., Rackspace Hosting Inc. and Internap Network Services Corp. While bare-metal servers stem from a traditional managed hosting business for these vendors, newer offerings have a single interface for managing cloud and bare-metal assets, and they allow for more flexibility with bare-metal servers than was traditionally available in hosting environments.

"Just a few days ago, I said we needed a bigger RAID 10 array because our database size is increasing, and in about four hours I had a completely new database server," said Hrishi Dixit, chief technology officer (CTO) of LearnVest Inc., a financial planning services startup based in New York, which uses Internap's Agile Hosting service for both bare-metal servers and cloud computing...