Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security

The latest report from the Ponemon Institute, located in Traverse City, Michigan, sought to analyze trends in cloud computing security among organizations that use software as a service (SaaS) and infrastructure as a service (IaaS). Only half of organizations are assessing the effect of the cloud on the ability to protect confidential information, and similarly, 51 percent are concerned about the security of cloud computing resources, per usual.

State of Cloud Security; Source: The Ponemon Institute

Only 43 percent of organizations audit or assess cloud computing resources before deployment. While vetting cloud computing providers for security may seem time-consuming, organizations should ask if their cloud infrastructure as a service providers (IaaS) can provide an updated audit report of their services and data center facilities. What types of audits should you look for in a cloud computing/data center provider?

READ

Dropbox or Box - Which Cloud Storage For Small Businesses

SSAE 16
The Statement on Standards for Attestation Engagements No. 16 replaced SAS 70 in June 2011. A SSAE 16 audit measures the controls relevant to financial reporting; it verifies that the controls and processes set in place by a data center are actually followed. There are two types:

Type I – A data center’s description and assertion of controls, as reported by the company.
Type II – Auditors test the accuracy of the controls and the implementation and effectiveness of controls over a specified period of time.

SOC 1
The first of three new Service Organization Controls reports developed by the AICPA, this report measures the controls of a data center as relevant to financial reporting. It is essentially the same as a SSAE 16 audit.

SOC 2
SOC 2 measures controls specifically related to IT and data center service providers, and gives the most insight into your service provider’s ability to secure your data in their hosting environment. The five controls are security, availability, processing integrity (ensuring system accuracy, completion and authorization), confidentiality and privacy. There are two types:

Type I – A data center’s system and suitability of its design of controls, as reported by the company.
Type II – Includes everything in Type 1, with the addition of verification of an auditor’s opinion on the operating effectiveness of the controls.

READ

Middle East Focus: Moving to the Cloud Computing

SOC 3
This report includes the auditor’s opinion of SOC 2 components with an additional seal of approval to be used on websites and other documents. The report is less detailed and technical than a SOC 2 report, but can be used for marketing.

For e-commerce and healthcare cloud users, industry-specific compliance is required. To best ensure security, seek the following audits and audit reports from your HIPAA or PCI hosting provider:

HIPAA
Mandated by the U.S. Health and Human Services Dept., the Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information (PHI), or patient health data (medical records).

When it comes to data centers, a hosting provider’s facilities, solutions and staff need to meet HIPAA compliance in order to ensure sensitive patient information is protected. A HIPAA audit conducted by an independent auditor against the OCR HIPAA Audit Protocol can provide a documented report to prove a data center operator has the proper policies and procedures in place to provide HIPAA hosting solutions in fully HIPAA compliant data centers.

The recent final HIPAA omnibus rule mandates that HIPAA cloud providers, are, in fact, considered business associates – and subsequently, are held responsible for compliance, same as covered entities and subcontractors.

READ

Why It's Difficult to Make the Cloud Secure

No other audit or report can provide evidence of full HIPAA compliance.

PCI DSS
The Payment Card Industry Data Security Standard was created by the major credit card issuers, and applies to companies that accept, store process and transmit credit cardholder data.

When it comes to hosting providers, they need to prove they have a PCI compliant data center facility with an independent audit conducted by a QSA (Quality Security Assessor) to prove they have achieved an attestation of compliance with the latest PCI DSS version 2.0 standards. They should also know what specific technical, physical and administrative security services can help your company fulfill the 12 PCI requirements.

Trusting your mission critical data and applications to a managed cloud hosting provider without the above audits and audit reports is akin to gambling when the risks are simply too high – when the lifeblood of your business is uptime and availability, you need to invest accordingly. Likewise, partnering with a cloud provider that prioritizes compliance and security will help your company win in longevity.

References

Security of Cloud Computing Users Study (PDF)

The post State of Cloud Security: Vetting Applications and Cloud Providers for Compliance and Security appeared first on Managed Data Center News.

You must log in to post a comment.

Data Mining Can Be a Game Changer for Small Businesses

Modern Mac Malware Is Worse Than Your Wildest Dreams

Education and the Blockchain – Should We be Teaching Blockchain in Schools?

Big Data is Bridging eCommerce and Fulfillment for Young Entrepreneurs

3 Ways that Big Data is Transforming the eCommerce Sector

How the Internet of Things is Changing Big Data Analytics

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

6 Ways Big Data Analytics Is Changing the E-Commerce Industry

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

Current Landscape and Applications of Blockchain Explained

How Big Data Is Driving Airline Loyalty Programs

The Enterprise Graph – From Connections To Customer Insights

Can Smart Data Ensure Cybersecurity and Data Protection?

5 Ways Big Data Is Transforming Finance

Big Data is Cutting Spreads and Making Forex Trading More Cost-Effective

Why Every College Student Should Study Predictive Analytics

Dark Data: The hidden billion dollar opportunity

Quality vs Quantity in Customer Service Analytics

4 Customer Retention Metrics for Data-Driven Ecommerce

Emotions: The Next (but not new) Frontier in Artificial Intelligence & Cognitive Computing

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How big data is affecting social media metrics and Facebook ad strategies

Report: Brands Use Advanced Analytics to Reach Double Digit Growth

Dark Data: The hidden billion dollar opportunity

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How to Be a Text Analytics Rock Star in your Organization

Text Analytics: It’s Not Just for BIG Data

The Smart Data Lake Imperative

Data-Driven Facts for Better Blogging

How to Make Site Search a Conversion Tool

Get The Best Out Of Your Marketing Strategy By Integrating Analytics

The Types of Simple Queries Businesses Need to Ask that Spark Growth

How Did Big Data Create a Modern Day Manufacturing Workforce?

The 7 Biggest Data Trends to Watch in Finance for 2017

Taking Data Visibility to the Office Walls

What Led to the Recent Huge Buzz Around Analytics?

Data Mining Can Be a Game Changer for Small Businesses

How the Internet of Things is Changing Big Data Analytics

Could the Julia Language Fill an Untapped Void for Big Data Programmers?

Big Data is Streamlining International Trade Faster than We Expected

Data Mining Can Be a Game Changer for Small Businesses

Overcoming the Challenges of Big Data Clustering

5 Challenges Your Company Has to Overcome to Succeed in Data Mining

The Data Is In: Finding Affordable Car Loans

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

How Human Centered Design and Big Data Are Merging in 2017

How to Scale Your Big Data Project Effectively

How to Overcome Data Visualisation Problems

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Taking Data Visibility to the Office Walls

6 Key Capabilities an Embeddable Analytics Software Should Deliver

Dropbox or Box – Which Cloud Storage For Small Businesses

Overcoming the Challenges of Big Data Clustering

What is an Enterprise Data Warehouse?

How Much Is Data Center Downtime Costing You?

Social Media and Big Data Are Creating a New Generation of Millionaires

Can Smart Data Ensure Cybersecurity and Data Protection?

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

Are Instagram Stories a Big Data Goldmine?

The 7 Biggest Data Trends to Watch in Finance for 2017

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Thinking Efficiency: IT, OT, And The Issue Of Migration

Is Big Data Security Still Lacking?

Data Mining Can Be a Game Changer for Small Businesses

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

Musk vs. Zuckerberg: Who’s Right About AI?

Artificial Intelligence Can Be Our Best Travel Guide

The Enterprise Graph – From Connections To Customer Insights

Will Predictive Analytics and POS Save Small Retailers from Extinction?

Leveraging The Cloud, New Technology and Video To Effectively Manage A Growing Global Workforce

In a World Full of Data, Can Analytics See the Market Trends?

Key Points from Microsoft Dynamics 365 Tech Conference

Customer Feedback and Data Analysis: The Keys to a Good Customer Retention Rate

How Businesses Can Profit From Mobile Apps