A guide to cloud compliance on SoftLayer
To ensure that data is secure in data centers and cloud, providers must adhere to certain compliance standards and regulations. These standards ensure trust that data and security practices are meeting expectations in the data center.
There are a multitude of industry and federal regulations that could potentially impact a cloud service provider.
The SoftLayer compliance department works with independent auditors and third-party organizations to meet the industry’s most stringent guidelines to provide you reports and information for your own compliance needs. SoftLayer uses the NIST SP 800-53 catalog of security and privacy controls originally defined for the US federal government. SoftLayer certifications, attestations and compliance capabilities include the following:
• Service Organization Controls 2 (SOC2) – SoftLayer provides a comprehensive SOC2 Type II report for all of its data centers, evaluating controls and their effectiveness. Each control is tested through independent examination of processes including validation of system components, logs and records. The SOC 2 Examination and Compliance Report is regulated by the American Institute of Certified Public Accountants (AICPA) Trust Services. The Trust Services Principles are used to define adequate control systems and establish industry standards for services providers such as SoftLayer to protect their customers’ data and information.
• Safe Harbor – SoftLayer has certification indicating that they provide privacy protection as defined by the US Department Of Commerce’s Safe Harbor directive. Safe Harbor is a framework to bridge the differences between the EU-US and Swiss-US approaches to privacy. It provides a streamlined means for US organizations to comply with EU data privacy directives and Swiss data protection laws. Certifying to the Safe Harbor will assure that EU organizations know that your company provides adequate privacy protection, as defined by the directive.
• Cloud Security Alliance–STAR Registrant – The Cloud Security Alliance is a non-profit organization that works to promote the use of best practices for providing security assurance in cloud computing. Cloud Security Alliance’s mission is Security, Trust, and Assurance Registry (STAR), which is a freely accessible registry that documents the security controls provided by various cloud computing services .
• Payment Card Industry (PCI) Compliance – PCI Compliance and network security are of primary concern for credit card data processing in business. To ensure consistent standards, PCI Security Standard Council incorporated best practices to protect cardholder data and recommend validation from a third-party Qualified Service Assessor (QSA). SoftLayer helps customers’ internal security controls to meet PCI compliance by assisting with third-party auditor security guidelines and providing proof of physical and environmental controls maintaining strict information security policies.
• HIPAA Compliance – The US Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The SoftLayer cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side.
SoftLayer provides a security-rich environment for deploying and running customer workloads. This is achieved through a combination of:
• Certified physical and logical security of the SoftLayer data centers
• Architecture and operational responsibilities in the SoftLayer offerings
• Additional security capabilities delivered by IBM Business Partners
Please write your comments below or connect with me on Twitter @@santureddy1982.