Cloud-10 Regulatory Compliance - Revision history

Shankar Babu Chebrolu: /* R3: Regulatory Compliance */

2010-04-12T13:46:54Z

‎R3: Regulatory Compliance

Shankar Babu Chebrolu: /* R3: Regulatory Compliance */

2009-12-22T21:10:49Z

‎R3: Regulatory Compliance

Shankar Babu Chebrolu: Created page with '==R3: Regulatory Compliance == Category:OWASP Cloud ‐ 10 Project NOTOC '

2009-11-16T14:39:23Z

Created page with '==R3: Regulatory Compliance == Category:OWASP Cloud ‐ 10 Project __NOTOC__ <headertabs/>'

New page

==R3: Regulatory Compliance ==

[[Category:OWASP Cloud ‐ 10 Project]]

__NOTOC__
<headertabs/>

← Older revision		Revision as of 13:46, 12 April 2010
Line 2:		Line 2:

	Customers are ultimately responsible for the security and compliance with regulatory laws (e.g., SOX, HIPAA etc) of their own applications that are hosted in cloud. Data stewards and application owners must plan to put timely audits in place to ensure proper controls in the applications and infrastructure that is hosted at a cloud provider. Companies that are planning to adopt cloud (SaaS, Iaas, Paas etc) must ensure that their cloud provider understand the respective roles and responsbilities (RACI etc) in helping out customers in maintaining required compliance with the appropriate regulatory laws and standards (government and commercial).		Customers are ultimately responsible for the security and compliance with regulatory laws (e.g., SOX, HIPAA etc) of their own applications that are hosted in cloud. Data stewards and application owners must plan to put timely audits in place to ensure proper controls in the applications and infrastructure that is hosted at a cloud provider. Companies that are planning to adopt cloud (SaaS, Iaas, Paas etc) must ensure that their cloud provider understand the respective roles and responsbilities (RACI etc) in helping out customers in maintaining required compliance with the appropriate regulatory laws and standards (government and commercial).
		+	IT managers are likely to push back on cloud adoption due to the fear of losing control of their resources to outside cloud providers who can change the underlying technology or implementation or both without customer’s consent which may have implications on regulatory compliance due to lack of transparency (Sullivan, 2009; Chow et al., 2009). IT organizations should analyze whether or not a move to the cloud makes sense with a risk management framework that incorporates data protection and compliance requirements and by making sure that the data protection, availability and key management expectations are well defined into the service level agreements (Getgen, 2009).


Line 19:		Line 20:
	Cloud Security Alliance. http://www.cloudsecurityalliance.org/csaguide.pdf		Cloud Security Alliance. http://www.cloudsecurityalliance.org/csaguide.pdf

		+	O'Sullivan, D. (2009). The internet cloud with a silver lining. The British Journal of Administrative Management.

		+	Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., & Molina, J. (2009). Controlling data in the cloud: Outsourcing computation without outsourcing control. Paper presented at the CCSW '09: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago, Illinois, USA
		+
		+	Getgen, K. (2009, October). 2009 Encryption and key management industry benchmark report. Trust Catalyst white paper on Risk Management for data protection.

← Older revision		Revision as of 21:10, 22 December 2009
Line 1:		Line 1:
	==R3: Regulatory Compliance ==		==R3: Regulatory Compliance ==

		+	Customers are ultimately responsible for the security and compliance with regulatory laws (e.g., SOX, HIPAA etc) of their own applications that are hosted in cloud. Data stewards and application owners must plan to put timely audits in place to ensure proper controls in the applications and infrastructure that is hosted at a cloud provider. Companies that are planning to adopt cloud (SaaS, Iaas, Paas etc) must ensure that their cloud provider understand the respective roles and responsbilities (RACI etc) in helping out customers in maintaining required compliance with the appropriate regulatory laws and standards (government and commercial).



		+	References:

		+	Anthes, G.. (2009, January). SaaS Realities. Computerworld, 43(1), 21-22. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1626575741).

		+	Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).

		+	Gartner: Seven Cloud-Computing Security Risks. http://www.cio.com/article/423713/Gartner_Seven_Cloud_Computing_Security_Risks?page=1&taxonomyId=1419
		+
		+	Google: Cloud computing more secure than traditional IT. http://www.computerweekly.com/Articles/2009/07/21/236982/cloud-computing-more-secure-than-traditional-it-says.htm
		+
		+	Top five cloud computing security issues. http://www.computerweekly.com/Articles/2009/04/24/235782/top-five-cloud-computing-security-issues.htm
		+
		+	Cloud Security Alliance. http://www.cloudsecurityalliance.org/csaguide.pdf

Cloud-10 Regulatory Compliance - Revision history

Shankar Babu Chebrolu: /* R3: Regulatory Compliance */

Shankar Babu Chebrolu: /* R3: Regulatory Compliance */

Shankar Babu Chebrolu: Created page with '==R3: Regulatory Compliance == Category:OWASP Cloud ‐ 10 Project __NOTOC__ '

Shankar Babu Chebrolu: Created page with '==R3: Regulatory Compliance == Category:OWASP Cloud ‐ 10 Project NOTOC '