Contact Us

Compliance Do’s and Don’ts: What Your Cloud Provider Needs to Show You

Compliance means a lot of different things to a lot of different companies and people. And as much as compliance can sometimes be no more than a checklist, it’s always an important consideration when thinking about the cloud and your business, especially as you are deciding on a vendor. There’s a few important Do’s and Don’ts when looking at potential cloud companies to partner with, so knowing where you stand with regards to compliance is important.


Never assume that you are fully aware of every compliance issue related to your business. There are just so many, and they are always updating: from HIPAA to PCI to NIST to FISMA to SarsOxley, SAS70 & SSAE-16 – the list goes on and on.


Consider a cloud provider as your guide through the compliance labyrinth. Be open about your business goals, how your business runs, and the savvy provider will be able to properly navigate through the different compliance requirements and architect an environment that best serves your business while ensuring your infrastructure underpinning your business is fully compliant.


Definitely question any provider who provides a simple answer with regards to compliance.


It’s important to integrate with a provider who understands what the different types of compliances there are, but also the multiple levels within each kind of compliance. PCI Level 4 is vastly less restrictive than PCI Level 1, for instance.


Simply looking at compliance from a technology perspective doesn’t nearly capture the scope of how it will impact your business and work load.


Compliance is, to some extent, less about technology and more about access controls, procedures and policies. Finding a cloud provider that is amenable to adapting to your own protocols, or complements your own practices is a chief concern.


Simply trusting a provider to provide a technology architecture solution that meets your business needs without having the ability to build the cloud your way can lead to a lot of compliance pain later.


Make sure your hosting provider is capable of segregating your traffic from other clients, can implementing multiple levels of firewalls in your environment, offers intrusion detection services, provides log management services, and actively reported on reports to you on all these services.

Having access to the team at the cloud provider that does goes a long way to meeting your own compliance goals, while simultaneously offsetting the amount of work you will have to do.

For instance, if your business is just starting up and in an industry that requires compliance, working with the cloud provider giving you access to their reports, QSA’s, as well as their internal auditing teams who have already gone through the rigors and protocols of compliance documentation and work for you. Compliance is always tricky, but can be less of a burden with the right cloud partner.

What complianceissues are currently affecting the way your business approaches cloud infrastructure? Let us know @CloudGathering

By Jake Gardner

Posted on August 1, 2012 in Cloud Computing Industry

Share the Story

About the Author

Responses (5)

  1. […] Want to know more about cloud compliance? Read about what the Do’s and Don’ts are here. […]

  2. […] Want to know more about cloud compliance? Read about what the Do’s and Don’ts are here. […]

  3. BYOD: Is There a Security Risk? Gathering Clouds
    January 30, 2013 at 9:13 am ·

    […] Policy development is, of course, a critical step toward increased security. And as’s Michelle Boisvert notes, the cloud can also help IT departments overcome what she calls “the BYOD-security conundrum.” Boisvert says that’s partly because cloud computing can change the way IT departments deal with security concerns. Additionally, a well-managed cloud service can provide additional layers of data protection suited to a particular business’ needs. [See Compliance Do’s and Don’ts: What Your Cloud Provider Needs to Show You] […]

  4. […] [See Compliance Do’s and Don’ts: What Your Cloud Provider needs to Show You] […]

  5. […] LogicWorks Rate this:Share this: Pin ItMoreEmailPrintDiggShare on TumblrPocket Tags: access control, cloud […]

Leave a reply

Back to Top