Wednesday, July 27, 2011

Security and Compliance in the Cloud

I was reminded by many local IT leaders today while attending a Cloud information session that security and compliance is still top of mind when discussing Cloud IT.

The table below is the latest research I have done into vendor claims around compliance.


As it seems is always the case with Technology, the devil is in the details.  If you have ever worked with PCI compliance you know that Infrastructure is just a piece of the puzzle.  Vendors like Amazon and Microsoft can and do meet infrastructure requirements for PCI compliance.  Does this mean that if I host my e-commerce site on Amazon's EC2 Cloud Service I'm suddenly PCI compliant?  Not by Amazon alone.  You have solved some of the puzzle but you still have to deal with data storage, encryption, etc.  These are application level issues and things that Amazon's EC2 does not address (by design).

It doesn't mean Public Cloud Providers are not serious about security or compliance (quite the opposite actually).  It simply means Cloud providers are not silver bullets in the security or compliance category and you still need to engineer an appropriate solution to meet any security or compliance requirements you have.  Public cloud providers can still be used to achieve compliance across a number of initiatives.

Cloud providers add some impressive tools to your toolbox - use them wisely.

-Kris
Posted by at No comments:
Labels:

Monday, July 25, 2011

Small Business in the Cloud

I spoke with a client today who is a local health care professional who owns his own business and is frustrated by the amount of technology he has to work with and how archaic it is to administer.

He has a typical small business - 5 employees, 10 PCs and Small Business Server to tie everything together.

I spoke with him about the path to Cloud Computing for small business.

As someone in modern Healthcare he relies on many core technology systems to run and manage his business.  Some of these are still semi-hardwired to his physical equipment/space.

We talked about slowly removing workloads form the Server so that some day he doesn't need it anymore.  Office 365 will be a good start by quickly moving Email and document collaboration off of the server.  Next we will move file storage.  Last but not least we will start to identify applications that can be hosted in the Cloud at a reasonable price and redundancy footprint.

Cloud infrastructure is not a silver bullet but it is a very useful toolbox for the IT professional to solve problems more efficiently that was has typically been available for small businesses.

I am working on a Small Business Server in the Cloud offering so stay tuned for that update.

-Kris
Posted by at No comments:
Subscribe to: Posts (Atom)