IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
This is the type of analyst report headline that cloud computing vendors don't want to read: "Empty Promises and Tough Luck: Yankee Group Exposes the Cloud's Fine Print."
If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.
There's no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether they're lured by its compelling cost savings or its perceived advantages, security leaders are probing the capabilities and restrictions of the cloud. At the same time, security and compliance concerns remain issues holding large enterprises back from capitalizing on the cloud's benefits.
There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.
Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.