Phil Cox, a contributor to SearchCloudComputing.com, recently shared some advice that will be helpful to those faced with understanding the challenges of cloud compliance.
In his tip, he focuses on the five major questions that every organization should ask before it moves into public cloud computing services. As Cox writes, “virtually every regulation requires organizations to adequately protect their physical and informational assets. To do this, there is an implied or assumed ability to control and prove:
- What information is stored on a system?
- Where is the information stored?
- Who can access the system?
- What they can access?
- Is the access appropriate?
All these questions imply some level of ownership of the assets in question, and that is where cloud compliance issues become apparent. In a public cloud environment, you are able to answer the first of those questions with certainty; the other four, however, end up posing a compliance problem.”
Read the rest of the cloud computing tip for Cox’s advice, and make sure to address compliance requirements in cloud computing contracts.