Data security and compliance standards in the cloud have been hot topics lately, with several organizations emerging in recent years to establish best practices for the technology. But, according to one expert, a standard that may help cloud vendors enhance their security practices already exists.
In a recent interview with Infosecurity, NeoSpire senior director of client services and security Sean Bruton asserted that the PCI Data Security Standard could serve as a template for cloud computing security and virtualization standards.
Though the PCI DSS was originally designed to protect credit card information, the latest iteration of the standard also address data security challenges in the cloud and virtualized environments. This means cloud vendors could look to the PCI DSS to determine whether they are employing adequate data protection practices and determine whether such practices are compliant.
“The report on compliance is important to have … [because] if you are not getting a PCI compliance report from your vendor, you’re not going to know which of the areas you can depend upon them for compliance, or which ones are being left on your shoulders,” Bruton told the news provider.
The notion of data security compliance in the cloud is a tricky one, given that there is no government or industrial regulatory body governing the technology. While myriad standards exist that address data loss and the types of information an organization must maintain, how they relate to the cloud is unclear for the most part.
However, the PCI Council isn’t the only group looking to establish cloud standards. The Cloud Security Customer Council recently announced the approval of several working groups that will explore various issues in the cloud. This could eventually lead the CSCC to lay ground rules regarding the cloud’s interoperability and security.
Additionally, the Institute of Electronics and Electrical Engineers and the Open Data Center Alliance have both revealed separate plans to establish cloud standards as well.