Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cloud computing may spawn compliance as a service

No silver bullet for cloud compliance, says IDC

With the growth of cloud computing, enterprises may soon be having conversations about compliance as a service as they seek to deal with the legislative and compliance requirements around protecting personally identifiable customer data.

According to Peter Coffee, director of platform research at Salesforce.com, no matter how much the IT industry thought government regimes were out of touch with their legislation when it came to technology, compliance and legislation could not be avoided when it came to cloud computing.

“[Governments] have the gun and can put us in jail if we fail to respect their rules, no matter how much we feel they may be out of date,” he said at IDC’s cloud computing summit in Sydney.

“There are composite solutions [to compliance issues]: build the application in the cloud using nothing but anonymous tokens to identify customers… but that is not trivially easy to do,” he said.

“Instead, compliance as a service maybe be offered where [the service provider] acts as an intermediate layer of your application that takes care of a variety of things. They could indemnify the customer against any issues around personally identifiable information crossing boundaries.”

Under such a compliance service, a service provider would accept the burden of knowing the rules, court precedents and regulations which are industry-specific, Coffee said. Responsibility to sanitise data wherever it left the country over a broadband link would move from the customer to the service provider.

“Layers upon layers of new services will emerge representing new layers of expertise and therefore new layers of profitability for those providing services with that kind of value. I think that’s happening now and more so all the time.”

Linus Lai, associate consulting director at IDC, said that the government, defence, health care and banking sectors in particular were subject to compliance issues around data privacy and protection laws and standards.

Given the potential liability costs for a compliance service provider and the sheer number of regulations enterprises faced, providing a one stop shop compliance service would be a significant challenge.

“Compliance with regard to cloud computing is largely around the location of customer data, but at last count there were more than 1000 different types of regulation and compliance standards that relate to IT,” he said.

It was more likely that the fact that compliance touched areas as broad as IT security, enterprise search, data retention and archiving, that service organisations would likely continue to provide specialised services around compliance, Lai said.

“There is no silver bullet for compliance,” he said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IDC, Salesforce.com

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cloud computing, compliance, IDC, salesforce.com
Latest Blog Posts
Whitepapers
  • Case Study: NZ Bus Develops Applications 60% Faster, Improves Database Performance by up to 35%
    Key Benefits: Developed applications 60% faster, Created development and test environments in minutes compared to days and weeks previously, Reduced server costs by 30% with server virtualisation, Saved NZ$40,000 in database administrator training costs, Provided high availability features that keep the database and core applications up and running in the event of a server failure, Introduced compression capabilities that improved database performance by 30% to 35%. Read on.
    Learn more »
  • HP Imaging and Printing Services
    According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.
    Learn more »
  • Collaborative software delivery: Managing today’s complex environment to improve software quality
    IBM Rational Team Concert software can help simplify, automate and govern the delivery process. Based on the open standards Jazz platform, it offers a lean collaborative application life cycle management (ALM) solution with integrated planning, work-item tracking, version control, build management and reporting.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments