- What is SharePoint 2010? Vision and Reality
view comments - Knowledge Management in 2012? Probably Dead
view comments
- Is There A Business Case For Using SharePoint as an Enterprise CMS?
view comments
- iPad 3 vs. New Samsung Tablet: War Starts in February
view comments
- Wrapping Your Head Around the SharePoint Beast
view comments
- 5 Critical Steps to SharePoint Information Architecture Planning
view comments
- SharePoint Implementation the Right Way
view comments
- Information Architecture - SharePoint's Story
view comments
Receive
the Free CMSWire NewsletterTop Considerations for Compliance in the Cloud
Cloud computing has been the hot new thing on the market for a while now. It’s what has the enterprise buzzing and apprehensive. It’s what has those in charge of governance concerned. Overall, working in the cloud is the best and worst thing that ever happened to the enterprise.
How one uses the cloud is most dependent how compliant you intend to be. Once you understand the individual compliance regulations and specific requirements, it’s likely that you (and your data) can live comfortably on the cloud.
1. Choosing the Right Neighborhood
There are few generalities about cloud computing, but there are three basic types of systems that can be used:
- Infrastructure as a Service (IAAS)
- Platform as a Service (PAAS)
- Software as a Service (SAAS)
In addition, there are four different neighborhoods on the cloud, or rather, deployment models:
- private cloud
- community cloud
- public cloud
- hybrid cloud
As you might have guessed, different systems and modules offer different types of customer control and place different obligations and responsibilities upon both customers and service providers with respect to security and compliance.
2. Meeting the Neighbors
But compliance isn’t the only thing to think about when choosing how and where to set up shop on the cloud. Like any real estate, it’s important to think about its proximity to the places you go, the quality of the roads, can the neighbors see over the bushes, and reputation of the neighborhood — in other words, consider vendor lock-in, portability of data and applications, interoperability, data privacy, and data repatriation.
3. Selecting the Governing Body
The rules that govern on the cloud are similar to how an HOA may impose rules. (No holiday wreaths and only white lights can be strung.) On the cloud, if you’re public or private, there are specific laws and regulations, and the related regulatory guidance and requirements that can affect an organization. From HIPAA, GLBA, and PCI DSS — your organization will need to examine the ins and outs of each to figure out what security controls are already in place and what’s needed to get the rest up to code.
4. Preparing for the Home Inspection
Once up to code, however, it’s important to understand that it will be necessary, even required, to assess the control state for the cloud service several times a year — on a regular basis. For example, PCI DSS requires quarterly vulnerability scans be conducted for systems.
The Cloud Security Alliance's forthcoming version 2 guidance, a sort of cloud owner’s manual, will provide extensive discussion of compliance and audit concerns related to cloud computing, along with many other areas of security concern and is worth checking out.
5. Selecting the Mortgage
Living on the cloud requires some long-term commitment. Is your neighborhood the place where your data can grow old? Are you still going to be able to meet compliance as your company grows or shrinks? What about the economy?
The housing metaphor, though getting old, is quite suitable for deciding to store and manage your company’s information on the cloud. Like any document management solution, however, being prepared is half the battle. Preparing to live in the cloud, is a perfect time to take inventory of how your company currently stays compliant. What do they do know and how will it have to change according to where and how they want to live? Take the time to figure out the issues now and it will save you the time, money and trouble it could cost you once the moving truck has arrived.
Real estate on the cloud may be abundant, but like any neighborhood, the misbehavior of one can affect many. By not properly complying may ruin it for the rest of us.
Email ItFeatured Events View all
| Add event
| 
RSS
- Feb 22, 2012 – Intelligent Content Palm Springs 2012
- Feb 26, 2012 – SPTechCon - Sharepoint Conference San Francisco 2012
- Mar 6, 2012 – Get Social with Microsoft & Telligent in Dallas
- Mar 8, 2012 – Get Social with Microsoft & Telligent in New York
- Mar 14, 2012 – Get Social with Microsoft & Telligent in Irvine
Who's Hiring? View all
| Post a job
| RSS
- Technical Writer in Charleston at Blackbaud
- Interaction Designer in Maryland at Inmedius
- Project Manager in London at Brandworkz
- Sales Director, Consumer Electronics at Synacor
- Regional Sales Manager - East Coast at Elcom
- Communications and Web Content Manager in New York- at Common Ground
- Business Development Specialist in Boise at Balihoo
- Director of Corporate Marketing in Charleston at Blackbaud
