Cloud-10 Regulatory Compliance

From OWASP
Revision as of 16:10, 22 December 2009 by Shankar Babu Chebrolu (Talk | contribs)

Jump to: navigation, search

R3: Regulatory Compliance

Customers are ultimately responsible for the security and compliance with regulatory laws (e.g., SOX, HIPAA etc) of their own applications that are hosted in cloud. Data stewards and application owners must plan to put timely audits in place to ensure proper controls in the applications and infrastructure that is hosted at a cloud provider. Companies that are planning to adopt cloud (SaaS, Iaas, Paas etc) must ensure that their cloud provider understand the respective roles and responsbilities (RACI etc) in helping out customers in maintaining required compliance with the appropriate regulatory laws and standards (government and commercial).


References:

Anthes, G.. (2009, January). SaaS Realities. Computerworld, 43(1), 21-22. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1626575741).

Business: Pain in the aaS; Computer security. (2008, April). The Economist, 387(8577), 86. Retrieved August 9, 2009, from ABI/INFORM Global. (Document ID: 1469385981).

Gartner: Seven Cloud-Computing Security Risks. http://www.cio.com/article/423713/Gartner_Seven_Cloud_Computing_Security_Risks?page=1&taxonomyId=1419

Google: Cloud computing more secure than traditional IT. http://www.computerweekly.com/Articles/2009/07/21/236982/cloud-computing-more-secure-than-traditional-it-says.htm

Top five cloud computing security issues. http://www.computerweekly.com/Articles/2009/04/24/235782/top-five-cloud-computing-security-issues.htm

Cloud Security Alliance. http://www.cloudsecurityalliance.org/csaguide.pdf