Formulating universal standards in any area is a difficult task. Standards such as HIPAA and PCI DSS took years to forge and are constantly under scrutiny for adjustments. Add in the profit motive for those organizations that only want their standards applied and the task of creating a new universal standard becomes nearly impossible. According to Char Sample, CERT security solutions engineer, these challenges have resulted in the current lack of cloud compliance standards, which adds another layer of complexity to enterprise migrations to the cloud beyond the already daunting technical and security aspects.
In this video interview, Sample discusses whether standards for cloud compliance can be achieved. She also covers a broad swath of cloud-related topics, including the changing role of the IT security pro in enterprises. The results of the 2012 Verizon DBIR are discussed, namely that cloud was not a major topic in the report. Sample opines that was the case for two reasons: first, hackers are still looking for the big blow to cloud security that makes everyone take notice; and second, cloud isn't at the forefront of the security landscape because so many enterprises haven't full embraced the cloud yet. With cloud adoption rates continually on the rise though, all of these issues will rise to the surface sooner rather than later.