Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    chatgpt image jul 13, 2026, 04 23 45 pm
    How Data Analytics Helps Companies Improve User Engagement
    19 Min Read
    chatgpt image jul 13, 2026, 03 59 46 pm
    How Data Analytics Improves Multi-Location Search Strategies
    10 Min Read
    cybersecurity efforts
    How Behavioral Analytics and AI Are Redefining Cybersecurity for Boca Raton Businesses
    14 Min Read
    data driven risk management in heatlhcare
    How Data Analytics Is Changing Healthcare Risk Management
    17 Min Read
    big data and customer service outsourcing
    How Data Analytics Improves Customer Service Outsourcing
    18 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security
Best PracticesBig DataBusiness IntelligenceData ManagementInside CompaniesITPrivacySecurity

Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security

onlinetech
onlinetech
6 Min Read
SHARE

The latest report from the Ponemon Institute, located in Traverse City, Michigan, sought to analyze trends in cloud computing security among organizations that use software as a service (SaaS) and infrastructure as a service (IaaS). Only half of organizations are assessing the effect of the cloud on the ability to protect confidential information, and similarly, 51 percent are concerned about the security of cloud computing resources, per usual.

The latest report from the Ponemon Institute, located in Traverse City, Michigan, sought to analyze trends in cloud computing security among organizations that use software as a service (SaaS) and infrastructure as a service (IaaS). Only half of organizations are assessing the effect of the cloud on the ability to protect confidential information, and similarly, 51 percent are concerned about the security of cloud computing resources, per usual.

Cloud Security

State of Cloud Security; Source: The Ponemon Institute

Only 43 percent of organizations audit or assess cloud computing resources before deployment. While vetting cloud computing providers for security may seem time-consuming, organizations should ask if their cloud infrastructure as a service providers (IaaS) can provide an updated audit report of their services and data center facilities. What types of audits should you look for in a cloud computing/data center provider?

SSAE 16
The Statement on Standards for Attestation Engagements No. 16 replaced SAS 70 in June 2011. A SSAE 16 audit measures the controls relevant to financial reporting; it verifies that the controls and processes set in place by a data center are actually followed. There are two types:

More Read

AI startups and ChatGPT
New AI Startups Surpass ChatGPT for Legal Solutions
More Attorneys Embrace Data Analytics With Expert Witness Research
Can Big Data Help Bridge the Workplace Skills Gap?
What You Need to Know About Talend’s New Community for Big Data Innovation
5 Reasons Why You Should Store Big Data In The Cloud
  • Type I – A data center’s description and assertion of controls, as reported by the company.
  • Type II – Auditors test the accuracy of the controls and the implementation and effectiveness of controls over a specified period of time.

SOC 1
The first of three new Service Organization Controls reports developed by the AICPA, this report measures the controls of a data center as relevant to financial reporting. It is essentially the same as a SSAE 16 audit.

SOC 2
SOC 2 measures controls specifically related to IT and data center service providers, and gives the most insight into your service provider’s ability to secure your data in their hosting environment. The five controls are security, availability, processing integrity (ensuring system accuracy, completion and authorization), confidentiality and privacy. There are two types:

  • Type I – A data center’s system and suitability of its design of controls, as reported by the company.
  • Type II – Includes everything in Type 1, with the addition of verification of an auditor’s opinion on the operating effectiveness of the controls.

SOC 3
This report includes the auditor’s opinion of SOC 2 components with an additional seal of approval to be used on websites and other documents. The report is less detailed and technical than a SOC 2 report, but can be used for marketing.

For e-commerce and healthcare cloud users, industry-specific compliance is required. To best ensure security, seek the following audits and audit reports from your HIPAA or PCI hosting provider:

HIPAA
Mandated by the U.S. Health and Human Services Dept., the Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information (PHI), or patient health data (medical records).

When it comes to data centers, a hosting provider’s facilities, solutions and staff need to meet HIPAA compliance in order to ensure sensitive patient information is protected. A HIPAA audit conducted by an independent auditor against the OCR HIPAA Audit Protocol can provide a documented report to prove a data center operator has the proper policies and procedures in place to provide HIPAA hosting solutions in fully HIPAA compliant data centers.

The recent final HIPAA omnibus rule mandates that HIPAA cloud providers, are, in fact, considered business associates – and subsequently, are held responsible for compliance, same as covered entities and subcontractors.

No other audit or report can provide evidence of full HIPAA compliance.

PCI DSS
The Payment Card Industry Data Security Standard was created by the major credit card issuers, and applies to companies that accept, store process and transmit credit cardholder data.

When it comes to hosting providers, they need to prove they have a PCI compliant data center facility with an independent audit conducted by a QSA (Quality Security Assessor) to prove they have achieved an attestation of compliance with the latest PCI DSS version 2.0 standards. They should also know what specific technical, physical and administrative security services can help your company fulfill the 12 PCI requirements.

Trusting your mission critical data and applications to a managed cloud hosting provider without the above audits and audit reports is akin to gambling when the risks are simply too high – when the lifeblood of your business is uptime and availability, you need to invest accordingly. Likewise, partnering with a cloud provider that prioritizes compliance and security will help your company win in longevity.

References

Security of Cloud Computing Users Study (PDF)

The post State of Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security appeared first on Managed Data Center News.

TAGGED:cloud computingcloud securitydata in the cloudIaaSsaas
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

chatgpt image jul 15, 2026, 03 28 38 pm
How Cloud Technology Helps IT Asset Recovery Services
Cloud Computing Exclusive IT Security
chatgpt image jul 13, 2026, 04 23 45 pm
How Data Analytics Helps Companies Improve User Engagement
Analytics Big Data Exclusive
chatgpt image jul 13, 2026, 04 19 58 pm
Can AI Help Companies Improve PPC Fulfilment?
Artificial Intelligence Exclusive
chatgpt image jul 13, 2026, 04 14 54 pm
How AI Helps Companies Adapt to Fulfillment Strategy Changes
Artificial Intelligence Exclusive

Stay Connected

1.2KFollowersLike
33.7KFollowersFollow
222FollowersPin

You Might also Like

What is Cloud Computing

1 Min Read

How fast is 3G and what is 3.5G and when will 4G really be here?

6 Min Read

Please Don’t Let the Cloud Ruin SaaS

3 Min Read

Zynga: A Big Data Company Masquerading as a Gaming Company

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai chatbot
How AI Website Chatbots Improve Customer Support and Lead Generation
Chatbots Exclusive
ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-26 SmartData Collective. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?