Public cloud providers have been fighting a battle about their lack of preparedness for enterprise compliance, and it is costing them revenue opportunities and credibility gains.
And why wouldn’t it be? No corporate executive wants to face his board trying to explain why a particular cloud vendor was not certified for compliance, or why a major data breach occurred on the cloud network that is going to cost the company millions.
Enterprise concerns about cloud compliance remain major impediments to public cloud adoption. "We take compliance extremely seriously at Google," said Google spokesperson Tim Drinan. To this end, Google is certified with FISMA (the Federal Information Security Management Act), a compliance security standard intended to safeguard government information, operations, and assets from outside threats and attacks.
But compliance with one set of regulations still won’t attract the broader enterprise market, which consists of many different industry verticals and compliance standards. Depending on the makeup of its customers, a public cloud provider might have to offer compliance with HIPAA (Health Insurance Portability and Accountability Act), ITAR (International Traffic in Arms Regulations), SOX (Sarbanes Oxley Act), PCI (Payment Card Industry), or some other regulation.
“We began our cloud offering in the aerospace industry, where our original expertise came from, but now we are pursuing new clients from different industry verticals,” said Alan Gilbert, marketing executive at supply chain public cloud provider Exostar. He says that his company is frequently required as part of the RFP (request for proposal) process to demonstrate or obtain compliance for regulations. “It is a cost of doing business,” he said. “Our customers expect us to be fully compliant in their industries, and we have to demonstrate that we are.”
So is the public cloud push for compliance making a difference?
Public cloud providers understand this; and the more they’re able to demonstrate a complete set of regulatory and security capabilities to their enterprise prospects, the more often they’re winning enterprise business.
Of course, the price of compliance isn’t cheap. Public cloud providers have learned that they must take the following steps to ensure success:
Invest in compliance. Earning regulatory and security certifications in different industry verticals is time-consuming and expensive -- but it’s the cost of admission if you want to do big business with enterprises.
Retain auditors and perform annual regulatory and compliance reviews. Enterprise prospects expect to see third-party-documented proof that the cloud provider conforms to industry standards and regulations.
Ensure that regulatory and security standards are captured in application code that is part of the cloud. Cloud providers, especially those offering SaaS (software-as-a-service) public cloud services, are expected to incorporate logic in their apps to accommodate industry guidelines and regulations -- and to keep them current.
Best of breed public cloud providers are pursuing these steps and will likely be the final survivors as less-compliant solutions fall to the wayside. “Today, we are compliant in government, but there are still other industry verticals we have to certify on,” Google’s Tim Drinan acknowledged.
Like Google, virtually no public cloud provider will tell prospective customers that they can comply with regulatory requirements from every enterprise industry vertical -- but the best will get there. As this happens, comfort levels with public clouds will rise in executive suites.
Mary true but you agree that it has to get updated regularly but the issue is that it does not. That is where the initial problem lyes. If we can get that sorted quickly the most of the other issues will dry up since everything is based on the start.
The real lock-in involved in most "cloud" offerings isn't compliance, it's data costs. It's really easy to put the data out there a little bit at a time, and the incremental costs are manageable, until that day you realize you've got a couple of terabytes of data out there eating your lunch every month. Now, just try to get that data out of there. The transfer costs associated make it simpler and cheaper to just leave the stuff where it is. And that's where it will stay, eating your lunch every month. Still, I wonder about the point of expecting your vendor to do your compliance due diligence for you. If you're compliant, what they're storing or processing is already encrypted, logged, and carefully watched every moment. If there's a breach, it's because the customer screwed up, not the vendor. Let's put the blame squarely where it belongs, and use any compliance the vendor brings as an add-on to our own efforts, rather than as a replacement. Charity begins at home, and so should data security.
When it comes to cloud one thing that scares me is, after the migration is done if there is a change of ownership what would happen to the security... terms and conditions... coming out of the existing cloud vendor....
It seems that compliance is never strong enough--because new circumstances keep surfacing and compliance must keep up with them.
I am not sure how it can be made more proactive because I know that entire organizations already dedicate themselves to nothing but compliance--and are an "industry in themselves.
To be honest Mary, I dont think the current compliance is strong enough. That is why there are so many bottlenecks. I would preffer that if they can re-design or re-organize the current compliance in a much moree suitable manner after analyzing the past issues, it would be much better for the future.
Yes, this is the old standardization argument--and the biggest impediment is political because vendors don't want to make it that easy for you to switch.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The average yearly tuition cost for brick-and-mortar colleges and universities in the US today is more than $20,000, an expense that has increased 1,120 percent since 1978. By comparison, students of all ages can often earn an online education for one fourth of this annual cost -- and more businesses are starting to acknowledge online degrees.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
If you listen to the hype, clouds are everywhere. But if you look at the data, it turns out most customers say they still wouldn't use cloud computing for mission-critical apps or data. What's holding them back? Fritz investigates.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
Microsoft's recent decision to bundle its Office software with business partner offerings indicates that cloud software may be in the news, but licensed packages are still in demand for failover.
The sooner purveyors of cloud computing services can pass muster, security-wise, with financial services companies, the sooner cloud computing will really go mainstream.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
