Public, Private & Hybrid Cloud: Why Compliance (Done Right) is the Easy Part
Regardless of the provider, all providers operate under the following model - the provider is responsible for the physical infrastructure, the shared networking, the computing, storage and the hypervisor. Everything that sits on top of a basically virtual machine and the guest instance is the responsibility of the customer. This includes securing data, the application code, the application framework and the Operating Systems that is sitting on top of the infrastructure itself.
Depends on how an organization views this - it provides the flexibility to enforce consistency and a similar level of controls as the organization does in its other environments, including in its data centers. However, it's extremely challenging to achieve this using the traditional network and system security controls. And compliance with industry regulations - such as SOX404, PCI DSS, GLBA - is still an organization's responsibility.
All of this requires a new way of thinking.
In this informative webinar we will deliver practical advice on achieving and continually maintaining compliance with industry regulations when operating under any type of distributed computing environment, including private, public and hybrid-cloud environment.
Viewers will learn:
- The compliance challenges organizations face integrating cloud services with their data centers
- How to assess the compliance posture of your infrastructure, even if it's distributed across the data center, public cloud services, offsite facilities, IaaS and PaaS installs and hosted applications
- How compliance automation works to integrate legacy infrastructures with cloud-based ones - and ensure compliance requirements aren't overlooked
- Why focusing on security across your hybrid IT infrastructure is the best way to alleviate many compliance headaches
Background
Regardless of the provider, all providers operate under this model.
The security and compliance requirements in any form of cloud environment haven't changed. We still need - strong access controls, privileged accounts monitoring, multi-factor authentication, user auditing, device verification, file integrity monitoring etc. We need to reduce the attack surface on a continual basis and find ways to implement corporate policies and ensure compliance in a consistent manner. All of this - basically anything that sits on top of a virtual machine and the guest instance is the responsibility of the customer.
No comments:
Post a Comment