SearchSecurity.com's special news series, "Eye On" looks at the emerging compliance issues due to the explosion of enterprise adoption of cloud computing services. In the U.S., the federal government is attempting to speed cloud security assessments for agencies by adopting a set of standards. In the U.K. a cloud maturity model has been created by one organization to help small and midsized businesses cope with evaluating cloud providers. Meanwhile enterprises are seeking increased transparency from cloud providers and the payment card industry is attempting to address the use of cloud-based payment systems for merchants.
In this part:
Industry experts and cloud service providers are hopeful about the prospects of a new federal program that sets cloud computing security standards, but they also note some potential pitfalls. For one security expert, the program represents a lost chance to improve cybersecurity.
Cloud security transparency today equates to a non-disclosure-agreement discussion between an enterprise and service provider over the provider’s controls. The end result may satisfy the customer and lead to business for the provider, but the process isn’t efficient for either side.
Enterprises need cloud security transparency and must understand cloud provider security in order to move forward with engagements.
Merchants interested in outsourcing their payment processes or looking to reduce internal architecture complexities have been turning to cloud providers, but experts caution that no matter where the credit card data resides, the merchant ultimately is fully responsible for safeguarding the information and maintaining cloud PCI DSS compliance.
Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.
In nearly every survey about cloud computing, security tops the reasons why companies hesitate to adopt cloud-based technologies, and rightly so; if you cannot be sure how your data will be treated, and that it will be adequately protected, then it would be foolhardy to go blindly into the cloud, even if the economic benefits look attractive.
CAMM, a new cloud maturity model, may be the key to helping organisations, and especially SMBs, evaluate the security of cloud providers.