Which regulatory requirements do worry about in cloud?
* Sarbanes Oxley Act (SOX)
* Health Insurance Portability and Accountability Act (HIPAA)
* Payment Card Industry Data Security Standard (PCI- DSS)
* Federal Information Security Management Act (FISMA)
* Gramm-Leach-Bliley Act
* European Union Data Protection Directive
Here are four widely applicable tips for avoiding compliance problems in cloud:
* Ensure provider maintains regulatory controls on an ongoing basis.
* Nail down where data will be stored.
* Minimize your scope.
* Service level agreements (SLAs) tend to be treated as boilerplate documents. SLA should make clear how cloud service provider will ensure that your environment is segmented from other customers', and where your data can (and can't) be geographically located.
* Traditional Application Service Provider (ASP) model - physically separate servers are provided for client's environment.
* Use service in a compliant manner.
* Virtualized servers - individually dedicated to a particular client, including any virtualized disks such as SAN, NAS or virtual database servers.