From time to time, organizations are asked to provide access to data for legal reasons. Those requests can be more complicated when the data is in the cloud. But a new report sheds some light on one critical aspect of such requests.
Thomas J. Trappler | 14 May | Read more
The fact that regulations evolve at a much slower pace than cloud computing technologies can lead to confusion regarding how to meet regulatory requirements in the cloud. If a client moves a regulated function to the cloud and later falls out of compliance due to a shortcoming on the cloud vendor's part, the client remains accountable. So it's essential to have as much clarity on these issues as possible. Recognizing this challenge with regards to the handling of credit card data, the Payment Card Industry (PCI) Security Standards Council has recently issued guidance on how to apply PCI Data Security Standards (PCI DSS) in the cloud.
Thomas J. Trappler | 07 Mar | Read more
The main focus of a cloud computing contract is on vendor responsibilities, but it's appropriate to consider what the client remains responsible for.
Thomas J. Trappler | 26 Jun | Read more
At the end of my Cloud Expo West presentation last week, I was asked, "How can we verify that a Cloud provider actually has all of these infrastructure and security mechanisms in place?" It's a great question, one that deserves a fuller answer than I was able to give in the time available.
Thomas J. Trappler | 29 Nov | Read more