Storage News

Meeting Compliance Standards in the Cloud

Auditors hold businesses to defined standards, and security audits for cloud data is more difficult because those standards just don't exist for cloud environments. This Network World report suggests that businesses need to be careful what data they submit to clouds and be sure data subject to compliance standards such as HIPAA, PCI and Sarbanes-Oxley can be provably handled within those standards.

"Complicating the issue is how identity and access management is handled so unauthorized users can't get in to corporate cloud resources, he says. 'I'm not aware of anybody who's pulled off a really effective identity and access management in the cloud,' Richter says.

"That said, he thinks it's possible to use private clouds for even the most sensitive information. 'The most robust private cloud I am aware of, yeah, I would be confident putting my most valuable data there,' he says. Part of that is the level of control the business retains over the data, the applications and the infrastructure in a private cloud. 'You can put more trust in what you are doing,' he says.