Cloud Compliance and Security

Cloud Compliance

Moving applications to the cloud and accessing the benefits means first evaluating specific data security issues and cloud security issues.
When enterprises move applications from on premise to cloud-based, challenges arise from data residency, industry compliance requirements, privacy and third party obligations concerning the treatment of sensitive data. Corporate policies or the regulations of the governing jurisdictions impact the way sensitive data is managed including where it is located, what types of data can be collected and stored and who has access to it. These issues can determine the degree to which organizations can realize the value of cloud computing.

Cloud security issues fall primarily into three areas:

  • Security : Sensitive enterprise data always under your control
  • Privacy : Governing Data Sovereignty & Residency
  • Compliance : Compliance to Industry Regulations

Cloud Compliance

Highly regulated industries, such as financial services and healthcare, must comply with numerous regulations. These data compliance regulations offer specific guidance on handling personal information and cloud compliance for sensitive data, and companies are bound to ensure that their information security policies and IT systems comply with the guidelines.

Examples of industry regulations that encompass information related to cloud compliance standards include:

  • Healthcare : HIPAA & HITECH (Health Insurance Portability and Accountability Act & Health Information Technology for Economic and Clinical Health Act)
  • Financial : GLBA (Gramm-Leach-Bliley Act)
  • Retail : PCI DSS (Payment Card Industry Data Security Standard)
  • Manufacturing and Defense : ITAR Compliance (International Traffic & Arms Regulations)
  • Education : FERPA (Family Educational Rights and Privacy Act)
  • Government : CJIS (Criminal Justice Information System Database), FISMA (Federal Information Security Management Act) & FedRAMP (Federal Risk and Authorization Management Program)

CloudMoyo can help organizations meet their regulatory standards while leveraging cloud applications.


CloudMoyo Compliant Cloud Assessment

The Cloud Security and Compliance Assessment is a consulting assignment designed to assess an enterprise’s security status by identifying the potential data security risks involved in moving applications/data to the Cloud.

This enables clients to:

  • Identify existing security strategy and overall approach to security, including regulatory compliance, policies and processes such as backup, disaster recovery, data life cycle management etc.
  • Identify the physical location of all stored data including backup and disaster recovery copies, servers, workstations and interconnecting networks used for the targeted workloads, and the specific security policies and requirements that apply to these workloads.
  • Discover exposure & draw a strategy to ensure complaince

Deliverables include an executive summary, comprehensive report and a meeting with the customer to review the Compliant Cloud Assessment. It contains:

  • Executive Summary Report that addresses the scope, approach, high-level findings and recommendations.
  • Comprehensive report that includes a summary and review of the analysis performed, the security requirements applicable for Cloud Service Provider, a gap analysis identifying differences between current security position and pre-defined policy, and a set of recommendations on the Cloud implementation necessary to meet these requirements.
  • Project Debrief – Session with senior management following the submission of the final report.