Sharing the Governance Burden

Infrastructure as a Service provider Databarracks launches new compliance white paper.

  • 11 years ago Posted in

Databarracks has launched its white paper, ‘Sharing the Governance Burden: Getting Compliant in the Cloud’. Written by regulatory expert Colin Bycroft, the paper examines four key governance standards and the split of responsibilities between a business and it’s Cloud Service Provider (CSP).
“The complexity of compliance in a cloud environment necessarily increases the number of potential failure points when compared with traditional IT solutions. There is a greater need for transparency and control as systems become more diffuse and stakeholders more varied, which can be a daunting prospect for those considering the move to cloud services,” explains Bycroft. Through this paper, he aims to cut through the noise and give recommendations for the smooth implementation of core governance standards including ISO 27001, PCI-DSS and the Government information security Business Impact Level 3.


The paper makes clear the need for a strong relationship between an organisation and its CSP. Bycroft continues: “The process of compliance should very much be a collaborative one; by outsourcing some or all of your systems you can lose direct access, so being able to trust your provider to understand and comply with governance standards is imperative.


“A move to cloud services requires an organisation to truly realise how risks to their business will increase or evolve over time, in order to identify weaknesses and employ the necessary processes to maintain watertight security. A good service provider will help you to do this; a bad (or badly managed) provider could end up being a weak link in the chain.”


Peter Groucutt, Managing Director at Databarracks agrees, stating: “Compliance isn’t something new. These problems and processes have always existed but in the past, organisations have had to deal with them alone. With cloud services, the CSP takes some of that onus from the customer, and the responsibility is shared. Obviously, the ultimate responsibility remains with the business to undertake internal risk assessments and identify the controls and SLAs and technical requirements, but we as a provider need to take an equally active role in the process.


“Some governance standards are very prescriptive –if the service provider has the correct accreditations you can tick the box and your governance is satisfied. Others, like ISO27001 for information security for example, require in-depth identification of the individual risks and what processes are in place to mitigate them. This is where the definition of service and division of responsibilities between the two parties becomes crucial. IT departments need to be aware of the questions they should be asking their CSP, in terms of data retention and deletion policies for example, and the service provider needs to understand and be able to satisfy those requirements.”


Bycroft concludes: “Essentially, every business has its own specific governance standards it needs to comply with. These processes can be difficult and time consuming, requiring continued review. Actually, working with a knowledgeable and experienced CSP can alleviate a lot of the stress involved by transferring certain responsibilities from the business to the service provider, so long as responsibilities are clearly and concisely defined.”
 

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...