Attempting to achieve an adequate level of compliance in the cloud can leave providers and customers scratching their heads -- and for good reason. There is a dizzying number of acronyms to refer to a wide variety of cloud computing regulations and requirements that both parties must address, and it's a task that induces a lot of stress and skepticism in potential customers. Customers worry that moving their data to the cloud not only can compromise their industry-specific compliance requirements, but also put them at risk for security breaches. This cloud compliance guide will clarify where the bulk of the responsibility lies when attempting to achieve cloud compliance, what customers expect from providers, and what advantages and obstacles initiatives like HIPAA and FedRAMP introduce.
Cloud compliance: Who's responsible?
Cloud computing regulations, security and compliance have always been concerns for customers hesitant to embrace the cloud. But is the customer or the provider ultimately responsible for ensuring that the cloud meets the requirements of such regulations and policies as the Payment Card Industry Data Security Standard (PCI DSS) or the Federal Security Information Management Act (FISMA)? In this section of our guide, we help clarify these types of questions and delve into which entity is responsible for what.
Some enterprise customers feel inclined to reach out to providers for help with achieving cloud compliance, but they may be looking for assistance in the wrong place. This article can help providers learn just how involved they should be with compliance issues. Continue Reading
When customers have industry-specific cloud computing regulations and compliance requirements, such as those for handling credit card information, data protection becomes increasingly important. Providers and customers are both responsible for creating a PCI-compliant cloud, and this article can help clarify the guidelines that outline where a customer's responsibility ends and a provider's begins. Continue Reading
Maintaining FISMA compliance falls on the shoulders of cloud providers catering to the public sector, and continuous monitoring is imperative to achieve this goal. An ongoing monitoring approach replaces static risk assessment with a strategy involving dynamic, real-time security tactics. This tip details what it takes to achieve a successful monitoring strategy. Continue Reading
2What customers want-
Accommodating customers: How far should you go?
In the world of cloud computing, providers do their best to accommodate customers, but they also have to look out for what is in the best interest of their own business. This section of our guide explores how providers can do right by their customers without jeopardizing their goals and objectives at the same time.
Customers demand transparency from providers in relation to the risk factors involved with the cloud. They also don't want to feel overwhelmed, and providers don't want to disclose everything behind their cloud operations either. A thorough audit strategy could be the key to accommodating all of these needs. Continue Reading
When cloud services started being used for business-critical applications, enforcing cloud governance became a high priority. Creating application-centric policies is one road to enforcement, and providers must give customers the correct tools to support these changing environments. In this tip, learn about different policy types and how to help customers keep up with shifting requirements. Continue Reading
Regulatory bodies are often too ambiguous about what's required to be "cloud-compliant" -- something that is hindering adoption. In this expert response, find out what providers can do to help remedy this difficult situation and put customers at ease. Continue Reading
Can FedRAMP compliance boost adoption?
Former U.S. CIO Vivek Kundra issued the Cloud First policy in 2010, mandating that all federal agencies give preference to cloud-based technologies over on-premises products. The Federal Risk and Authorization Management Program (FedRAMP) was created to support this plan and standardize agencies' security requirements. In this section of our guide, explore how your cloud offerings can become FedRAMP-compliant and what challenges lie in the complex authorization process.
Meeting FedRAMP requirements can be a complicated task, but it is a burden providers must bear if they want to have a chance of attracting government customers. In this tip, providers will learn how to gain FedRAMP authorization and about the various obstacles they may encounter along the way. Continue Reading
Although federal agencies are required to only work with FedRAMP-compliant providers, state and local governments will likely be encouraged by providers that an agency like the Department of Defense or the Central Intelligence Agency has received approval to use. Learn more about the perks of FedRAMP compliance, along with other ways to attract government customers, in this article. Continue Reading
HIPAA: Improving healthcare's relationship with the cloud
Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) partly to standardize the security and privacy requirements of healthcare-related data systems. Compliance with HIPAA is mandatory for healthcare organizations, meaning it's also a non-negotiable for cloud providers looking to attract them. In this section of our guide, Dr. Peter Tippett, vice president of Verizon's healthcare solutions group, discusses the unique relationship between HIPAA, providers and customers.
In this Q&A, Tippett discusses Verizon Terremark's HIPAA-compliant data centers. Tippett also addresses the role HIPAA business associate agreements play in offering these services, the development of these special data centers, liability issues and how customers are responding to these new offerings. Continue Reading
In this Q&A, Tippett explains how providers can attract niche healthcare customers and assure them that their data is safe in the cloud. Tippett also delves into why healthcare professionals may have no choice but to start embracing the cloud and how providers can make the transition as painless as possible for them. Continue Reading