Compliance in the Cloud Raises Several Questions

Lora Bentley

Everything seems to be moving in the direction of cloud computing. In a recessionary economy, it's only to be expected. The cloud is less expensive, requires less hardware, less software, fewer people... But that doesn't mean it makes compliance any simpler. In fact, it may complicate compliance more than we realize.


That's probably why groups like the Computer Security Institute have been asking questions about compliance in the cloud for months now, and why the Cloud Security Alliance is set to launch soon. In September, CSI's Sara Peters asked simply, "How do you prove compliance in the cloud?" She noted:

[M]y guess is that organizations [using the cloud] have neither the authority nor the ability to establish log settings, maintain logs, or view logs of any activity conducted on that virtually infinite infrastructure.This is particularly worrisome if you are (and I really hope you aren't) using cloud computing services for storing sensitive/protected data.

Next month, Proskauer Rose attorneys Tanya Forsheit and Nolan Goldberg will participate in a session at CSI SX: Security Exchange on that very topic, but I have an opportunity to speak with them Friday afternoon regarding what the compliance concerns are with cloud computing as well as how those who take advantage of the cloud should approach those concerns. It's a starting point, at least.


Stay tuned for their insight.

Add Comment      Leave a comment on this blog post
Apr 5, 2010 11:19 AM John Minary John Minary  says:

Very interesting article, raising loads of issues. Agree with most and for me can really distort the boundries regarding compliance. Like the idea of early intervention, and having a clear defined purpose on both sides. Strong leadership called for within the business using the application. Putting aside compliance issues, why wouldn't you use the cloud for all your applications though? Surely that would create some massive segmentation problems? If you are saving its not safe, why use it for anything in the first place! Will look forward to your next.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.