04-26-13 | Blog Post

Pairing Cloud Computing Benefits with Security and Compliance

Blog Posts

Private Cloud ComputingThe added business value of cloud computing is multi-faceted, as Online Tech’s co-CEO Mike Klein outlined in a previous article, The Six Benefits of Cloud Computing, which I’ll summarize here:

Lower Costs
Pooling of computing resources means better efficiency and use of the entire shared IT infrastructure, since only what is needed is distributed to applications on-demand.

Lower Maintenance Costs

  1. Save on hardware upfront and maintenance costs since the cloud uses less physical resources.
  2. If you outsource to a cloud service provider (CSP), you save on server, storage, network and virtualization staffing.

Cap-Ex Free Computing
The cloud allows you to eliminate the capital expense associated with building the server infrastructure.

Faster Deployment
Instead of installing and networking a new hardware server, a new server can be brought up and destroyed in a matter of minutes with the cloud.

By buying the minimal amount of resources needed, you can easily add storage, RAM and CPU as application demands grow.

Resiliency and Redundancy
With a private cloud, you get automatic failover between hardware platforms, as well as disaster recovery services that bring up your server set in a separate data center in the event of an anomaly at your primary data center.

Yet even with these benefits, concerns around data and application security cause CIO hesitation in adopting the cloud for mission-critical support. The following articles offer insight on cloud security, from the e-commerce, retail and banking industries that deal with credit cardholder data, to the healthcare industry that deals with protected health information (PHI) of patients.

Overcoming Healthcare CIO Challenges with Secure & Scalable HIPAA Hosting
Big data is the big thing nowadays – analyzing and applying the mass amounts of health information collected daily is one way to improve patient care; an important objective not only due to the obvious but also necessary to keep up with the evolving healthcare payment model as it moves away from pay-per-service to patient health improvement.

But supporting all this big data and processes requires a robust IT system – one solution is a high-capacity HIPAA cloud; ideal for massive storage or synchronization. The cloud is highly scalable and grows with changing storage requirements. If outsourced, ask your HIPAA cloud provider if they also provide IT disaster recovery, a HIPAA requirement. … Continue reading →

State of Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security
Only 43 percent of organizations audit or assess cloud computing resources before deployment. While vetting cloud computing providers for security may seem time-consuming, organizations should ask if their cloud infrastructure as a service providers (IaaS) can provide an updated audit report of their services and data center facilities. What types of audits should you look for in a cloud computing/data center provider?

The Statement on Standards for Attestation Engagements No. 16 replaced SAS 70 in June 2011. A SSAE 16 audit measures the controls relevant to financial reporting; it verifies that the controls and processes set in place by a data center are actually followed. There are two types:  … Continue reading →

Your Cloud Hosting Provider May Be PCI Compliant But That Doesn’t Mean You Are
Compliance is non-transferable, is the jist of the PCI SSC’s recent supplement on PCI cloud computing guidelines for merchants (e-commerce, retail, franchise and anyone that deals with credit cardholder data). Directly referencing merchants that work with cloud service providers (CSP’s), the supplement lists a number of challenges of working with CSPs, one being important enough to single out in standard 5.1:

What does “I am PCI compliant” mean? Essentially, even if you contract with a cloud hosting provider that has successfully achieved an attestation of compliance with PCI DSS version 2.0, meaning they were independently audited and reviewed by a Qualified Security Assessor (QSA), this does not mean you as the merchant/client automatically achieves PCI compliance. A PCI cloud computing service provider can fulfill a number of the PCI technical requirements, but you still need to do due diligence to maintain your organization’s security and compliance. … Continue reading →

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved