Creating compliance in the private cloud

By: Bill Kleyman| - Leave a comment

We all know that cloud computing has come a long way. We’ve got new ways to connect, new ways to delivery data, and a lot more user distribution. In an ever-connected world, the user and the organization are demanding a persistent connection regardless of device, location, or even data type. That means that both cloud and the data center model had to adapt to these new types of demands.

And, spend around cloud infrastructure continues to increase. Consider this, according to a recent IDC report, total spending on cloud IT infrastructure (server, storage, and Ethernet switch, excluding double counting between server and storage) grew by 24.1% and reached $32.6 billion in 2015. Furthermore, for the five-year forecast period, IDC expects that cloud IT infrastructure spending will grow at a compound annual growth rate (CAGR) of 15.1% and will reach $53.1 billion by 2019 accounting for 46% of the total spending on enterprise IT infrastructure.

So, we know that we’re deploying more workloads, more applications, and more use-cases into a cloud ecosystem. All of these technology trends require fast response times, vast stores of data, and a highly elastic backbone of networks and servers.  Not only can cloud deliver on the technology requirements, but it can also serve an important financial model: funding through operational expenses instead of capital expenses.

It is the combination of a technology shift and a financing shift that puts cloud computing on the forefront of CEOs minds, because it opens up new possibilities to reinvent business.

Well, this worked for a lot of organizations. They were able to deliver applications, desktops and rich content via the cloud to a dispersed user and an ever-growing organization. But it wasn’t perfect…I know, what in IT ever really is? Still, the cloud model was only partially evolved since many eager cloud adopters were still limited in what they could do. Healthcare, pharmaceuticals, some public organizations, government, and other compliance or regulation-bound entities just couldn’t utilize the full capacity of the cloud.

So can compliance and regulations live in the cloud? Believe it or not – there are new services and evolving models which now support a more compliancy-oriented infrastructure. Here are a few ways to create compliance in a private cloud:

  • Deploying next-generation security technologies. Next-generation security technologies are those that include agentless technologies, advanced integrated firewalls, and IPS/IDS solutions. Most of all – these solutions are capable of running directly on the hypervisor. How does this help with compliance? Well – for example – by deploying network security technologies coupled with virtual firewall services, you’re able to utilize real-time traffic filtering throughout your virtual infrastructure. This type of traffic control and segmentation allows you to manage which VMs live on which hosts and the kind of data being passed through.
  • Learning to enforce PCI-DSS, HIPAA, and SOX. To enforce compliance – you’ll need to ensure that all systems bound to regulation are compliant and operational. In working with cloud and compliance – the right security architecture is what makes all of the difference. Not only can your security platform monitor your VMs at the hypervisor level – you begin to introduce features which specifically help to enforce PCI-DSS, HIPAA, Sarbanes-Oxley compliance standards. Granular – access-level controls – alongside advanced network security configuration capabilities for each VM individually – helps create a truly powerful security architecture.
  • Implementing disaster recovery methodologies. Your virtual architecture has become a critical component for your business. So what happens when there’s an emergency? What happens when you need to tie-in your security environment? When working with compliance, DR becomes an important consideration. Through it all – it’s important to work with security systems which can directly integrate into logging platforms like Syslog or Splunk. From there, new security solutions now support disaster recovery sites which allow:
    • Real-time replication of security settings
    • Virtual firewall and security rules
    • Antivirus schedules
    • Parameters to disaster recovery sites

As more organizations move towards a cloud model – there will be new rules written around cloud computing. Major movements are happening now where data centers are becoming more compliant and a lot more secure. As more users connect to obtain information via a cloud model – there will be a need for optimized security and data segregation. The future of the cloud compute model is looking to be a bit friendlier towards compliance-driven workloads.

Topics: , ,


About The Author

Bill Kleyman

CTO at MTM Technologies

Bill is an enthusiastic technologist with experience in datacenter design, management, and deployment. His architecture work includes large virtualization and cloud deployments as well as business network design and implementation. Bill enjoys writing, blogging, and educating colleagues around everything that is technology. During the day, Bill is the CTO at MTM Technologies, where he interacts with enterprise organizations and helps align IT strategies with direct business goals. Bill’s whitepapers, articles, video blogs and podcasts have been published and referenced on InformationWeek, NetworkComputing, TechTarget, DarkReading, Data Center Knowledge, CBS Interactive, Slashdot, and many others. Most recently, Bill was ranked #16 in the Onalytica study which reviewed the top 100 most influential individuals in the cloud landscape, globally.

Articles by Bill Kleyman
See All Posts