Auditability and Compliance in the Cloud
One of the nagging negative aspects of cloud computing is its ability, or lack thereof, to allow for adequate auditability and to ensure regulatory compliance issues are being addressed. It might surprise some skeptics that a significant portion of the SaaS community is comfortable with what their service providers offer in that regard.
One of the nagging negative aspects of cloud computing is its ability, or lack thereof, to allow for adequate auditability and to ensure regulatory compliance issues are being addressed. It might surprise some skeptics that a significant portion of the SaaS community is comfortable with what their service providers offer in that regard.
Now that cloud computing has passed the implement-it-quick-before-anyone-notices phase, so that a lot more management types are involved in the cloud discussion, including those hard heads in security, audit and compliance issues are coming to the fore. And rightly so: It's not an easy thing to turn over financial or business processes to strangers, or a decision to make lightly.
Audit and compliance issues can vary depending on the type of cloud computing you're considering implementing. For example, infrastructure-as-a-service generally allows for more control on the part of the customer. On the other hand, software-as-a-service locks down processing on the vendor's site, application features are mostly standard, and customization is generally limited.
So it is interesting to note that in a recent InformationWeek Analytics survey, more than half of the SaaS users (54%) indicated that, in terms of their comfort level with the service's overall auditability and compliance features, they were "as comfortable as we are with our internal systems." Another 8% claimed they were "more comfortable."
Of course, a not insignificant percent, almost a third (31%), said they were "less comfortable" with the service's audit and compliance features when compared with their own systems. (Puzzlingly, 7% answered, "don't know," to which I would respond: Get out technology, quick!)
Cloud vendors are responding to customers' anxieties (at least the savvy ones are) by making their processes, including security procedures, more transparent. Auditability and compliance features should be understood and agreed upon before a cloud computing engagement is undertaken.One of the nagging negative aspects of cloud computing is its ability, or lack thereof, to allow for adequate auditability and to ensure regulatory compliance issues are being addressed. It might surprise some skeptics that a significant portion of the SaaS community is comfortable with what their service providers offer in that regard.
About the Author
You May Also Like