- Mike Chapple, University of Notre Dame
In this month's Beyond the Page, we examine the ins and outs of staying compliant with industry laws and standards, and keeping corporate assets secure, when using cloud-based services. Mike Chapple, senior IT director for service delivery at the University of Notre Dame, reviews the factors enterprises must consider when moving workloads and data to the cloud and also how to establish a “shared responsibility” relationship with a cloud-service provider. Watch Chapple’s video, and read his feature and technical tip, to get up to speed on what needs to happen to ensure both compliance and security.
Who does what in cloud data compliance? In this presentation, Chapple reviews four things InfoSec pros should consider before they use cloud-based services for storing corporate workloads and assets.
Staying in compliance and keeping corporate data secure in the cloud isn't easy but Chapple shows it can be done. It takes a shared approach to security, good documentation, and a few more critical steps. Watch this video and learn them all.
Cloud compliance ups and downs
You may be outsourcing IT services and sending data to the cloud. But that doesn't mean you're outsourcing responsibility for its security or for compliance to regulations governing it. Yet once you put corporate assets in the cloud knowing where they are, and how they’re protected, becomes a real challenge.
In this feature, Chapple explains the questions corporations need to consider when they decide to adopt cloud-based services. He looks at a variety of cloud-computing security concerns, such as the impact on regulated data (like credit card numbers or health records), and outlines the ramifications of cloud on compliance to industry regulations. He advocates a shared responsibility model for ensuring the security and privacy of the information corporations remain responsible for, even after cloud providers get involved.
Uncover the key to cloud security compliance
Employing the shared responsibility model is the key, Chapple explains, for ensuring regulatory compliance and security in cloud computing environments. Cooperation between providers of cloud-based services and enterprise customers is critical but the exact nature of that cooperation varies, depending on the type of regulation, scope of the cloud service and data involved. The most important determinant? The type of cloud platform your organization chooses for storing, processing and transmitting regulated information.
About the Author
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity, and the author of several information security titles, including the CISSP prep guide and Information Security Illuminated.
Read the full October 2015 edition of Information Security magazine
Encryption can aid cloud compliance and data protection; here’s how
Get up to date on the main risks of using cloud
Not all fears about security in the cloud are fact-based
Dig Deeper on Cloud Computing SLAs and Legal Issues
What are the cloud compliance issues organizations have to deal with?
Does encrypting data make access harder for regulators?
Is information security gap analysis important for HIPAA compliance?
How should companies handle SaaS compliance?