07-19-12 | Blog Post

Cloud Computing and Compliance

Blog Posts

It’s time to clear up any confusion still out there about service providers and cloud computing – we’ve seen misinformed individuals step forward with several different ideas about the industry. Many think cloud computing is any company that provides an application or service online, which it is. But from a managed hosting provider’s perspective, we provide something a little different.

One use of cloud computing is Software-as-a-Service (SaaS), which is another term for any application available via the Internet. This application is hosted on a remote server. While often used for business, many well-known, consumer-based applications, including Dropbox, Google Apps and Netflix, are categorized under this heading as well.

SaaS cloud computing requires vendors to manage the application code (the website, applications, anything that drives the user experience) and database (data storage). The operating system, server, network, internet connection, electrical and facility management are typically expected to be managed by vendors, or outsourced to a managed hosting provider (like Online Tech). All of these components comprise something we call the Internet Delivery Stack, seen below:

  • User
  • Application Code
  • Database
  • Operating System (OS)
  • Server
  • Network
  • Internet Connection
  • Electrical
  • Facility

With Infrastructure-as-a-Service (IaaS), cloud computing means you outsource your OS, server, network, Internet connection, electrical/facility and other infrastructure needs out to a managed hosting provider. Our data centers provide storage, networking and servers that can be accessed online and used to run your applications/store your data.

And that’s what Online Tech offers as a cloud hosting provider – our secure, audited and fully redundant data centers house all types of data and applications. But that’s all we do. We don’t touch your applications, database or affect the user experience. We just provide well-run, fully owned and operated hosting facilities with disaster recovery and other managed service options to give you, potentially a SaaS company, the ability to outsource and focus on developing your applications.

Now let’s throw in security and compliance as a concern. If you store, collect, or process protected/patient health information (PHI) and/or credit cardholder data (CHD), you have to meet HIPAA and PCI compliance, respectively. If you decide to manage OS, servers, network, Internet connection, electrical/facility yourself, you need to meet many stringent requirements to keep ongoing monitoring and compliance in check. That means investing in physical, administrative and technical security safeguards, including capital, daily log monitoring and review, etc., which can add up significantly in costs, time and staff hiring/training.

But if you partner with a hosting provider that not only can provide infrastructure, reliable Internet connections, servers, networks, etc., in addition to proven compliance, you can save yourself the in-house investments and take advantage of theirs. Just be sure to do your due diligence and check for their third party independent audit report, last dates of their staff security training, documented security policies, data center security, and, as in the case of HIPAA hosting, their business associate agreement. If you don’t, you could put your company in an unfortunate position in the event of a data breach. A little forethought can prevent a compliance violation and save you resulting litigation, fines, PR and remediation.

Keeping in mind the differences between SaaS and IaaS cloud computing is important as a vendor, a managed service provider and consumer to make informed choices about compliance, security and outsourcing.

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved