Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Cloud compliance is the general principle that cloud-delivered systems must be compliant with standards that the cloud customers face. This is a very important issue with new cloud computing services, and it is something that lots of IT professionals look at very closely.
The term 'cloud compliance’ can relate to many different industry standards and regulations that cloud customers need to comply with.
For example, in the healthcare industry, a set of laws called HIPAA make stringent guidelines and security protocols mandatory for certain kinds of patient health data. Another example is new financial privacy regulations that have stemmed from changes in the finance world over the last couple of decades.
Essentially, cloud customers need to look at the effective security provisions of their vendors the same way they would look at their own internal security. They will need to figure out whether their cloud vendor services match the compliance that they need. There are several ways to go about this. In some cases, companies can just look for vendors that certify compliance, and choose their services without any further input. However, sometimes clients may need to actually get involved in accessing the cloud vendor's security, to make sure that it complies with the industry standards and regulations.
In assessing cloud security, experts suggest that cloud customers ask certain kinds of questions, such as -- where is the data going to be stored? And who will be able to access it? In addition, companies are choosing between public, private and hybrid cloud computing services. This is also relevant to security, in that private cloud solutions can sometimes be more secure than public cloud solutions. In public cloud services, clients essentially share the same data platforms, and that means that in some cases, there is a concern about data crossover or unauthorized access.
One way to think about this is in an analogy to housing, where private cloud systems would resembled gated mansions and public systems resemble connected apartments. There will be more security issues in a set of connected apartment units, where there's less separation between different tenants. Cloud compliance will remain an issue as engineers and designers work on how to provide the most secure and best options for customers.