4 tips for regulatory compliance

August 10, 2011, 3:15 PM — Cloud computing seems simple in concept, and in actual fact, simplicity of operation, deployment and licensing are its most appealing assets. However when it comes to questions of compliance, once you scratch the surface you'll find more questions than you asked in the first instance, and more to think about than ever previously.

Position many auditors--and CIOs

That's a position many auditors--and CIOs and CEOs--find themselves in today. They want to know how to leap into cloud computing after a fashion that preserves their good standing in regulatory compliance. Here are four tips for keeping tabs on compliance in the cloud, from analysts, vendors and consultants.

Multi-tenancy and de-provisioning as well pose challenges. Public cloud providers use multi-tenancy to optimize server workloads and keep costs down. Nevertheless multi-tenancy means you're sharing server space with other businesses, so you should know what safeguards your cloud provider has in place to prevent any compromise. Depending on how critical your data is, you may as well want to use encryption. HIPAA, for instance, requires that all user data, both moving and at rest, be encrypted.

Employee leaves the company

"When an employee leaves the company, what you'd like is to push a button and that person gets de-provisioned from their Windows account and any internal enterprise applications, their mobile phone gets wiped of corporate information, and they're blocked from the company's SaaS applications, " says Tom Kemp, CEO of Centrify, a provider of identity management and compliance tools. Today, automated de-provisioning can't span both cloud and on-premise systems, he says.

Like it or not, you're an early adopter. Your decisions about what applications to move to the cloud and when to move them will benefit from an understanding of new and/or modified standards that are now evolving for cloud computing.

Major goal of the Cloud Security Alliance

Bringing visibility to users is a major goal of the Cloud Security Alliance, a three-year-old organization fast gaining popularity among users, auditors and service providers. A major goal of the CSA is development of standardized auditing frameworks to facilitate communication between users and cloud vendors.