Cloud security has evolved to provide better data and access management for public cloud delivery models. But even with more control and visibility into the data placed in the cloud, many organizations still have cloud security issues that impact compliance. Certain industries such as finance, healthcare and retail are bound by strict compliance and location regulations around data management and personally identifiable information.
By Emily Wells
So what are some factors to consider before deploying a cloud solution to make sure that it will meet your compliance requirements?
1. User and access management
Some organizations have multiple individuals and teams that operate portions of their applications in the cloud. The ability to define access rules and grant or deny access for users can be critical to the security of your data.
2. Firewalls and other network access devices
Many environments use hardware or software firewalls and VPN appliances to protect access to server resources or define network access policies across application components.
3. Separation of resources (network, compute, storage)
Often, applications with specific compliance requirements need to employ dedicated hardware or single-tenant environments. These requirements may affect your ability to use public cloud services if the appropriate segmentation is not available.
4. Encryption management tools
Many organizations require levels of encryption for both data-in-flight and data-at-rest, to protect data in multi-tenant environments. Tools to enable such services, such as key and certificate management, can accelerate adoption of cloud for organizations with these security needs.
5. Compliance certifications and vendor/buyer responsibilities
Organizations with specific compliance needs, such as PCI-DSS or HIPAA may require certifications or Reports on Compliance (RoC) to determine exactly which requirements are met by the provider and which remain the buyer’s responsibility.