Compliance

Chef Announces New Compliance and Application Automation Capabilities for AWS

Grazed from Chef

Chef, the leader in Continuous Automation, today announced new capabilities designed to further accelerate enterprise adoption of Amazon Web Services (AWS) by addressing users' compliance and containerized application lifecycle control concerns. Building on AWS OpsWorks for Chef Automate announced in 2016, new functionality includes Chef Automate with integrated compliance.

"As enterprises accelerate their migration to the cloud, working with DevOps leaders like Chef is crucial," said Scott Wiltamuth, Vice President of AWS Dev and Management Tools, Amazon Web Services, Inc. "Chef is providing valuable on-ramps for enterprise customers who are migrating workloads from on-premises data centers to AWS. We are pleased to see Chef's compliance-as-code capabilities as part of AWS OpsWorks for Chef Automate."

"When AWS launched OpsWorks with Chef Automate we immediately jumped on that," said Eric Schneider, CTO of Verisk. "It is one less component that we had to worry about. The experts at Chef and AWS are worrying about it for us, and that allows us to focus what is important for us and our customers."

Atlantic.Net Talks Cloud Hosting, HIPAA and HITECH Compliance

Grazed from VMblog.com



If your company is in the market for a Cloud Hosting, Managed Hosting, Dedicated Hosting, or HIPAA-Compliant Hosting provider, you may have already come across Atlantic.Net.  I recently sat down with the company's VP of Marketing, Adnan Raja, and asked him some questions about the company and their services.  

VMblog:  Tell us a little bit about Atlantic.Net and its history.

Adnan Raja:  Atlantic.Net was founded in 1994 by Marty Puranik as an ISP. Under Marty's leadership, Atlantic.Net has led the way in changing and adapting to new technologies, consistently introducing new services and solutions. Atlantic.Net is now a market leading cloud hosting provider, specializing in on-demand, private, and hybrid cloud hosting solutions. We operate our own SSAE 16 SOC 1 SOC 2 datacenter facilities, with presence in six international data centers.

WSM Announces Penetration Testing and Mitigation Services, plus Compliance Testing for Credit Card Processing

Grazed from WSM International

WSM International, a specialized cloud and IT integrator, introduces two new services to ensure cloud and IT infrastructure security, compliance and efficient operation:

  • Penetration testing services to assess IT security vulnerabilities and help protect data;
  • Payment Card Industry Data Security Standard (PCI DSS) compliance testing service.

Both services address the top security concerns found in the recent user survey by 451 Research: preventing infiltration of enterprise IT systems by those with malicious intent; and complying with security standards. 

CareCloud Announces SSAE 16 SOC 1 Cloud Security Compliance

Grazed from CareCloud

CareCloud, the platform for high-performing medical groups, today announced that it has successfully completed its first Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organization Control (SOC) 1 report. This voluntary attestation allows medical groups and their auditors to quickly verify that CareCloud has the proper internal controls and processes needed to ensure the highest quality and security of services provided.

"Our clients depend on us to deliver a quality, secure information technology infrastructure to support their financial, administrative, and care delivery processes," said Ken Comée, CEO of CareCloud. "With this independent audit, we're giving them the external validation they need for their financial statements while reinforcing the steps we take every day to protect the integrity and security of their data."

OCR Issues Guidance on HIPAA and Cloud Computing

Grazed from JDSupra. Author: Editorial Staff.

On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The Guidance includes “frequently asked” questions and answers for covered entities and business associates who use cloud products and services.

The Guidance focuses on cloud computing services provided by third-party cloud services providers (“CSPs”). The Guidance notes that “CSPs generally offer online access to shared computing resources with varying levels of functionality depending on users’ requirements.” ...

Cloud Computing: When Compliance Comes Down to Security

Grazed from CloudComputingExpo. Author: Fouad Khalil.

In the business world, it's hard to throw a rock without hitting a compliance requirement. All must be obeyed, but some call for a high level of control and auditability. Governing bodies are exerting their authority like never before, increasing the number of auditors and handing out heavy fines - sometimes as much as $1 million. This has become the new norm, and it isn't likely to turn around any time soon. It's important, then, to be aware of the primary threats that could undermine compliance efforts. The top three such issues are discussed below.

The Challenges of SOX

Public companies in the U.S. as well as foreign companies listed on U.S. exchanges are required by Sarbanes-Oxley (SOX) to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation...

Read more from from the source @ http://www.cloudcomputingexpo.com/node/3900000

ISO Compliance in the Cloud - why should you care?

Grazed from CCI. Author: Editorial Staff.

Issues around mobility and multi-tenancy, identity and access management, data protection and incident response and assessment all need to be addressed. And with multiple modes – SaaS, PaaS, IaaS, public, private, hybrid – creating added complexity in how security and compliance is carried out and by whom, this can lead IT leaders to think twice about leveraging cloud...

Organisations already in the processes of implementing ISO 27001 to audit and report on the state of controls within their environment will know the immense amount of work required. However, while addressing compliance in the cloud is undoubtedly tough, it doesn’t have to be an obstacle...

VMblog's Expert Interviews: CloudPassage Talks about Security and Compliance in the Cloud

Grazed from VMblog.com

Whether new infrastructure is spun up in the cloud or whether new applications are launched in a rapid development environment, companies should be implementing security best practices and compliance checks as early and often as possible.  But, is that happening?  To find out more about compliance in the cloud and beyond, I recently spoke with Bart Westerink, senior director of security and compliance at CloudPassage, to dig in deeper and find out what we need to know.

VMblog:  To kick things off, give us some background on CloudPassage and tell us what type of problems you're solving?

Bart Westerink:  The migration from traditional servers to agile, elastic infrastructure is putting a huge strain on enterprise compliance efforts. Servers and workloads that spin up automatically and on-demand make it difficult to manage and verify access controls, user privileges and security configurations. Implementing continuous monitoring and logging, while maintaining an accurate inventory of systems are also huge challenges. Compliance teams are being forced to expend lots of manual effort to keep up, which threatens to erase the business benefits of moving to agile infrastructure in the first place.

 

Cloud Computing: The Compliance Oriented Architecture - are we there yet?

Grazed from ComputerWeekly. Author: Clive Longbottom.

Over a decade ago, Quocirca looked at the current means of securing data, and decided that there was something fundamentally wrong. The concept of solely relying on network edge protection, along with internal network and application defences misses the point. It has always been the data that matters - in fact, not really even the data, but the information and intellectual property that data represents.

To our minds, enterprise content management (ECM) has not lived up to expectations around information security: it only dealt with a very small subset of information; it was far too expensive; and has not evolved to support modern collaboration mechanisms. It is also easy to circumvent its use, and far too easy for information assets to escape from within its sphere of control...

The ups and downs of cloud compliance

Grazed from TechTarget. Author: Mike Chapelle.

Compliance doesn't need to slow down cloud adoption, but it should remain a high priority in cloud-enabled IT environments. Federal and state laws that protect information security and data privacy differ widely and are becoming increasingly complex. The global picture is even more difficult to unravel.

As enterprises around the world adopt cloud computing strategies, regulated data -- such as personally identifiable information, health records and credit card numbers -- increasingly passes through the control of a wide range of service providers. Multinational corporations must take time to understand the data security ramifications of cloud computing decisions and move forward in a manner that maintains compliance with applicable security and privacy regulations...