Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Overcoming Compliance Issues in Cloud Computing
  • Critical Vulnerability
  • Data Breach

Overcoming Compliance Issues in Cloud Computing

5 years ago Tripwire Guest Authors
Overcoming Compliance Issues in Cloud Computing

The benefits of organizations moving some or all their IT workloads to the cloud are well-known and numerous. There are several challenges to successful cloud adoption, though, and one of the most important of them is compliance. Whether your cloud use case is low-cost data storage, scaling your infrastructure for critical business apps or disaster recovery, this article helps inform you about and overcome compliance issues in cloud computing.

Why Compliance Matters in the Cloud

Several different industry regulations govern how organizations should manage and secure sensitive data. Depending on your company’s industry and service type, you may need to comply with regulations such as HIPAA, GDPR, PCI DSS or SOX.

Such regulations enforce guidelines, practices and policies that help to protect peoples’ sensitive data and improve information security. Being compliant means that you can pass an audit of your IT security processes, software and workflows such that they fall in line with the rules of relevant regulations.

Non-compliance with regulations can result in hefty fines, lawsuits and damage to organizations’ reputations. The COVID-19 pandemic and its changes to the way people work have resulted in even the most cautious companies shifting some services to the cloud. Quickfire cloud adoptions, whether due to COVID or a pressing desire to scale IT services, often come at the cost of neglecting compliance.

Knowing about the main compliance issues in cloud computing and how to overcome them better equips your business to benefit from a successful and secure cloud implementation.

1. Data Security Responsibility

There are three main cloud service models delivered to companies over either public Internet connections or private connections. These are as follows:

  • IaaS: Storage, network or virtualization accessible as pay-as-you-go services.
  • PaaS: Hardware and software packaged and delivered as a solution stack via an Internet connection on which developers can build and manage applications.
  • SaaS: Entire applications delivered as a service via a web browser.

Some organizations think the shared responsibility model means that responsibility for compliance is also shared. The most important thing to note is that while responsibility for application, platform and infrastructure security differs between different service models, data security is always YOUR responsibility. Your business as a cloud customer must assume responsibility for compliance because compliance is ultimately about securing sensitive customer information.

Solution:

  • Increased awareness: All IT decision-makers need to be aware of the organization’s constant responsibility for data security and compliance—even when you’re using computing resources that belong to a cloud provider. Aside from awareness of the responsibility, key stakeholders should also understand the relevant regulations that an organization must comply with.
  • Compliance-forward planning: Basing all your cloud infrastructure decisions with compliance front-of-mind rather than as an afterthought will ensure that the responsibility for data security isn’t neglected.

2. Diverse Cloud Implementations

The diversity of cloud services available from multiple providers typically results in a diverse multi-cloud implementation. Flexera’s 2021 State of the Cloud Report found that enterprises use an average of 2.6 public clouds and 2.7 private clouds. A multi-cloud implementation adds to the complexity of ensuring compliance because there are more moving parts.

Solution:

  • Cloud Monitoring: A cloud monitoring platform or tool can provide the transparency and level of monitoring needed to keep track of sensitive data and maintain compliance within a multi-cloud implementation.
  • Encryption: A complex multi-cloud setup is susceptible to issues with unencrypted data in transit. Therefore, it’s critical to always enforce encryption for data in motion (and data at rest). 

3. Improper Access Controls

Many breaches of compliance regulations occur due to improper access controls. This commonly happens when the wrong person gets access to sensitive data, for instance, or when credentials are shared among many users.

Solution:

  • IAM: A robust Identity and Access Management (IAM) solution improves data security in the cloud by giving you precise control over who and what interacts with your data from a single dashboard.   
  • Least Privileges: Users of a cloud system should only get access to the data they need to do their job. A key part of avoiding compliance issues is limiting who can access sensitive data regardless of where it’s stored. 

4. Regulation Ambiguity and Overlap

Anyone who has ever been tasked with understanding regulations and implementing their recommendations is familiar with the problem of ambiguity. Added to this ambiguity is the fact that some regulations overlap, with many enterprises needing to comply with several regulations.

The regulatory ambiguity and overlap can cause both confusion and compliance fatigue. This fatigue is amplified when you add the cloud to your infrastructure.

Somewhat ironically, PCI DSS mandates that its controls should be “implemented into business-as-usual (BAU) activities as part of an entity’s overall security strategy.”. A natural response to that mandate is for IT stakeholders to wonder how to maintain business as usual while trying to comply with several overlapping regulations.

Solution:

  • Reduce scope: Not all data has compliance requirements. It makes sense to store sensitive data in fewer systems and locations to reduce the burden of implementing compliance controls across a complex multi-cloud setup. 
  • Automated compliance: Automated compliance monitoring and testing enable organizations to reduce compliance fatigue by automating the processes and checks needed to maintain data security.

Closing Thoughts

Cloud adoption amplifies your compliance challenges, but it doesn’t need to be an insurmountable obstacle to a successful cloud implementation. Familiarity with the main cloud compliance issues and their potential solutions provides a good foundation.

Another useful tool in your cloud compliance arsenal is a configuration management solution. Tripwire’s Configuration Manager helps you detect misconfigurations in multi-cloud environments. You can learn more about it here: https://www.tripwire.com/products/tripwire-configuration-manager/worry-less-about-cloud-security.

About the Author: Ronan Mahony is a freelance content writer mostly focused on cybersecurity topics. He likes breaking down complex ideas and solutions into engaging blog posts and articles. He’s comfortable writing about other areas of B2B technology, including machine learning and data analytics. He graduated from University College Dublin in 2013 with a degree in actuarial science, however, he followed his passion for writing and became a freelance writer in 2016. In his spare time, Ronan enjoys hiking, solo travel, and cooking Thai food.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Overcoming Compliance Issues in Cloud Computing” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Compliance, COVID-19, Critical Severity, Encryption, Low Severity, Medium Severity, TripWire

Continue Reading

Previous Effective Adoption of SASE in 2021
Next #TripwireBookClub – The Crypto Dictionary

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

20 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

23 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT