Companies are surrounded by worrisome and growing compliance requirements, from Sox bills, PCI DSS standards to HIPAA Bill/hitech Act (tiyatien information Marvell for economic and clinical Tiyatien And the red flags rules of the Federal Trade Commission (FTC). At the same time, as the number of available cloud service providers grows, businesses have many options, and there are, of course, many issues to consider about cloud compliance compliance. While there may be many benefits to migrating services to the cloud, this does not exempt companies from certain responsibilities. It is noteworthy that companies are still required to comply with a wide range of compliance and law, and it seems that services are still within the company. In some cases, as with the PCI DSS standard, there is a clear tendency to outsource certain services to reduce the company's compliance scope. It is noteworthy that the PCI range of the company is significantly reduced (though not completely) by outsourcing the credit card processing process to a third-party provider. However, the Federal Trade Commission's red Flag rule is not the case, as the FTC enforces that any outsourced service must maintain the same or better security level as the internal implementation of the enterprise. When you start evaluating migration services to the cloud, it is important to consider several cloud compliance issues: 1. Will the data migrated to the cloud be under any compliance or related requirements? This data includes information such as personally identifiable information (PII), personal health information (PHI), or corporate finance. 2. If the answer to these questions is yes, what are the compliance requirements and what control measures are required? 3. Does the cloud service provider really provide the approved or equivalent control required by your organization's data? 4. Do cloud service providers have the necessary policies, processes, and procedures to properly maintain these controls? 5. Does the supplier have adequate disaster recovery and business continuity processes to meet the business needs of your organization? 6. What happens if a cloud service provider goes bankrupt? Will the company's data be sold as a provider's assets to creditors or auctioned off? 7. If I decide to change my service provider, is it easy to export my data using the available formats? 8. Is the supplier willing to modify its default terms of service to ensure or provide service level agreements (SLAs) around issues 3rd through 7th? The last question is particularly important because many cloud service providers refuse to sign anything other than the default contract. In this way, they are excluded from the potential compliance service providers for data-related services. Several cooperation requirements, such as the Hipaa/hitech Act and the Union Trade Commission guidelines, require that an enterprise must contract with its service provider to require appropriate controls, procedures and procedures to be consistent with each compliance guidance requirement. ClassSimilarly, if the provider is unable to meet the 3rd to 7th issue, you should delete them from your organization's business considerations list. Failure to meet requirements is a problem, especially when faced with PCI DSS standards and Hipaa/hitech bills. As a result, you will soon find that the choice of cloud service providers is effective, at least in the short term. Despite rumours that several large cloud service providers are working to revamp their systems to meet these compliance requirements. A handful of cloud service providers in the health-care sector have specifically established applications to meet the needs of the healthcare industry, but I have not seen any security assessments of these applications to determine their effectiveness. In the meantime, I recommend that you send these questions to the provider you are evaluating, just as you would send a request for information (RFI) for any other outsourced project, choosing the best provider to meet your requirements. If no one is satisfied, evaluate ways to remove or confuse related data, such as hashing or encrypting data before migrating it to the cloud, so your organization can still get business returns from the cloud. "Editorial Recommendation" cloud-based network threat management hacker attack re-renovation cloud computing security crisis How to view cloud security? Secure the network to create a safe "cloud computing" environment cloud computing trustworthy three areas of security technology challenges Network Qin grabbed a bit of "cloud security" market cloud security Company-Panda Security released the latest 2012 product line cloud computing Core in the power Management cloud computing security is not secure? 43% Enterprises questioned "responsible editor: Shang Micro TEL: (010) 68476606" Original: Cloud Security road where data protection is critical return network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.