Dealing with cloud computing security risks and regulations has never been easy. Davey Winder on CloudPro likened the development of cloud standards and best practices to herding cats, bordering on very difficult to impossible, as the technology does not recognize international or industrial boundaries. Where hosted data physically resides can end up being a big problem for businesses, especially as conflicting local laws brush up against more stringent industry regulation. While Winder previously said data sovereignty is nothing new and has always been a challenging topic, certain aspects have changed in recent years to make it central to cloud compliance efforts.
"What I am saying now is that both the cloud industry itself, and the understanding of those companies looking to exploit it, have matured to the point where regulatory compliance is not only possible but practical and straightforward," he wrote. "Whether you are a U.S.-based business needing to comply with homegrown compliance issues, or a European one covered by ever-tightening EU regulation, there is a cloud solution available and these are not exactly hiding from view."
The root problem, according to Winder, is that many are misinformed about the cloud and believe it is difficult to regulate and secure. This may be partially due to big players at the forefront of the cloud provisions business not being providers of this service, but he said this will come in time. Until then, it is about understanding how the cloud can be kept safe and secured and research different options through individual companies. Asking questions of service providers is now essential and he said any potential cloud service provider that thinks of any as "awkward" is not one that should be trusted.
Domestic hosting doesn't cost a fortune, Winder said, which is good for companies that need to be without boundaries to be successful and complaint in their cloud storage, but he said there is still a long way to go in the industry in general.
"It's an evolutionary process and one that has yet to climb the curve and reach the other side," he wrote on CloudPro. "But it's far from being in such a state that the cloud still has data protection hazard warning signs plastered all over it."
TechTarget said in the EU Data Protection Directive, member regions need to be sure there is an adequate level of protection from their provider if data is moving to another country. This means for now, each company using cloud computing in this way will need to perform their own diligence and compliance checks to make sure nothing is going on with their data to make the susceptible to fines or violations.
Cloud Security News from SimplySecurity.com by Trend Micro.