Welcome!

Virtualization Authors: Pat Romanski, Yeshim Deniz, Carmen Gonzalez, Liz McMillan, Brian Vandegrift

Blog Feed Post

Canadian Cloud Insights: Cloud Data Compliance

As the name suggests our Canadian Cloud Insights service will furnish Cloud Providers, vendors and entrepreneurs with the critical market knowledge needed to meet customers needs and outsmart the competition.

For example as TELUS described in this press release earlier in the year, the primary resistance area for Cloud Computing is the risks to regulatory compliance presented by data hosting fears:

“87 per cent of Canadian business and IT leaders have significant concerns about public cloud’s ability to handle data in compliance with regulations and legislation.”

Therefore the high ground in selling these services will be achieved through the right trusted brand, abilities with the latest best practices and international standards and also implementation of the latest technology innovations.

With such an important and adoption jamming area it also means it is a very fertile product innovation focus, driving new IPR that will power a new generation of Cloud managed services; two examples being Key and Log Management Services:

Key Management Services - 

A number of start-ups have emerged to address the Cloud data security issue, principally using encryption to protect data before it leaves the local site.

Examples include Vaultive and as they describe here central to this protection is management of the encryption keys:

“Regardless of the actual jurisdiction of where the data resides, control to access the data remains with the organization that holds the encryption key.”

Open standards like KMIP have been developed for this best practice, and so Cloud Providers can adopt and offer this type of capability.

Log Management Services -

Similarly services to manage the various system logs of Cloud Providers, and also in-house systems, will provide a foundation mechanism for achieving compliance.

The primary method of compliance is the audit and certification process, and to date the inability to effectively audit the Cloud environment has been the hurdle to compliance.

Logs can track user access, record updates and deletions, and many other events that when combined with other tools can achieve the main goal of these systems: Legally admissible and verifiable transactions.

With these types of innovations matured and deployed by Cloud Providers, so we’ll see the concerns identified by TELUS reduced and more readiness to adopt Cloud services.

Stay tuned for further Cloud Insights into this strategically important category.


Read the original blog entry...

More Stories By Cloud Ventures

The Cloud Ventures Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net