Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cloud computing may spawn compliance as a service

No silver bullet for cloud compliance, says IDC

With the growth of cloud computing, enterprises may soon be having conversations about compliance as a service as they seek to deal with the legislative and compliance requirements around protecting personally identifiable customer data.

According to Peter Coffee, director of platform research at Salesforce.com, no matter how much the IT industry thought government regimes were out of touch with their legislation when it came to technology, compliance and legislation could not be avoided when it came to cloud computing.

“[Governments] have the gun and can put us in jail if we fail to respect their rules, no matter how much we feel they may be out of date,” he said at IDC’s cloud computing summit in Sydney.

“There are composite solutions [to compliance issues]: build the application in the cloud using nothing but anonymous tokens to identify customers… but that is not trivially easy to do,” he said.

“Instead, compliance as a service maybe be offered where [the service provider] acts as an intermediate layer of your application that takes care of a variety of things. They could indemnify the customer against any issues around personally identifiable information crossing boundaries.”

Under such a compliance service, a service provider would accept the burden of knowing the rules, court precedents and regulations which are industry-specific, Coffee said. Responsibility to sanitise data wherever it left the country over a broadband link would move from the customer to the service provider.

“Layers upon layers of new services will emerge representing new layers of expertise and therefore new layers of profitability for those providing services with that kind of value. I think that’s happening now and more so all the time.”

Linus Lai, associate consulting director at IDC, said that the government, defence, health care and banking sectors in particular were subject to compliance issues around data privacy and protection laws and standards.

Given the potential liability costs for a compliance service provider and the sheer number of regulations enterprises faced, providing a one stop shop compliance service would be a significant challenge.

“Compliance with regard to cloud computing is largely around the location of customer data, but at last count there were more than 1000 different types of regulation and compliance standards that relate to IT,” he said.

It was more likely that the fact that compliance touched areas as broad as IT security, enterprise search, data retention and archiving, that service organisations would likely continue to provide specialised services around compliance, Lai said.

“There is no silver bullet for compliance,” he said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IDC, Salesforce.com

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cloud computing, compliance, IDC, salesforce.com
Latest Blog Posts
Whitepapers
  • Top 5 Threat Protection Best Practices
    Small businesses are especially vulnerable to computer viruses and lost or stolen data, since they typically lack the IT resources to deal with these threats. Inadequately protected computers open the door to annoying infections, or worse, serious business disruption. Below are five simple and effective strategies to help you protect your business against an ever-increasing number of threats.
    Learn more »
  • Case Study: Keeping information on the move: Clearswift protects Maman, the logistics experts
    Time is money. Every minute a consignment is held up in transit costs money and causes problems. Web and email are mission critical business tools that enable Maman, and their customers, to efficiently collaborate with partners across the globe. Spam, and other web based threats can result in delays that ultimately lead to missed deadlines - keeping the lines of communication open is therefore a key priority for Maman. Read on.
    Learn more »
  • Oracle IT Modernization Series Modernization: The Path to SOA
    More and more organizations are looking to service-oriented architecture (SOA) as the basis of their future computer architecture. Recognizing that legacy application design and implementation approaches have led to applications that are costly to operate and maintain, hard to change, and rely on a dwindling set of skills, organizations are hoping that SOA provides a key component of the answer to these problems. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources