Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Cloud Compliance Best Practices: A Quick Overview
  • Data Breach

Cloud Compliance Best Practices: A Quick Overview

5 years ago Tripwire Guest Authors
Cloud Compliance Best Practices: A Quick Overview

Cloud compliance is more important than ever, especially as businesses and organizations continue to engage in remote and digital work practices due to COVID-19. Even before the pandemic, more and more companies were migrating to the cloud. 

But what exactly is cloud compliance, and what are some best practices you should keep in mind if you’re shopping for a provider or looking to enhance your current computing system?

Cloud compliance refers to the need for organizations and cloud computing providers to comply with applicable regulatory standards of cloud usage established through industry guidelines and local, national, and international laws. Examples of such compliance requirements include:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Gramm-Leach-Blilely Act (GLBA)
  • General Data Protection Regulation (GDPR)
  • Sarbanes-Oxley (SOX) Act of 2002
  • National Institute of Standards and Technology
  • California Consumer Privacy Act (CCPA)

Consequences of non-compliance include failed audits, financial penalties, and legal ramifications such as steep fines and even jail time.

So, how prevalent are cloud computing services? The answer: Very. In fact, about 92% of organizations are using some type of cloud service today. And you’ve likely heard of some of the top cloud providers in 2021:

  • Microsoft Azure
  • Amazon Web Services
  • Google Cloud Platform
  • Alibaba Cloud
  • IBM
  • Dell Technologies/VMware

Why is Cloud Computing So Important?

Cloud computing has revolutionized the way companies and organizations are doing business. First, let’s highlight the many benefits. These include:

  • Cost-effectiveness: With a cloud service provider, you only pay for what you use, which means you don’t have any extra, unnecessary costs.
  • Digital transformation: This one may go without saying, but to compete in today’s market, going digital is essential since it can save you time and money.
  • Creating in-house solutions: Cloud solutions can help a business develop in-house solutions and apps, which is also cost-effective because you’re only creating and paying for something you need.
  • Backup and recovery of data: This is one of the biggest benefits. Not only does cloud computing offer more accessibility and usability, but it also allows users to access data and information from anywhere, which is especially important as many employees are continuing remote work due to COVID-19. Also, since your data is stored in multiple places, it’s not especially useful to criminals in the event of a breach (although we still recommend cybersecurity insurance as a precaution). And you can recover your information in the event of a disaster. 
  • Scalability: This allows you to add or remove services based on your current needs.

Other advantages include faster developer and enhanced security. Some cloud solutions also provide unlimited storage, which can be a top priority.

And the benefits of cloud computing are proven. In fact, 94% of businesses say they’ve seen a security improvement after moving to the cloud, and 91% of businesses said the cloud makes it “easier to meet government compliance requirements.”

Cloud Compliance Challenges/Risks

Even though cloud computing is an effective solution, there are still a number of relevant challenges. These may include:

  • Visibility into hybrid networks
  • Multi-cloud approach
  • Automation

And as with every piece of technology, there are always risks. With cloud computing, that includes loss of visibility, potential compliance violations, insider threats, and contract breaches.  

Cloud Compliance Best Practices

In order to mitigate those challenges and risks and to help ensure that your company or organization is in compliance with cloud best practices, we’ve put together a helpful list.  

Assemble and train the right team

Whether you already have a cloud provider in place or you’re looking to implement one, it’s important to have the right people in place. Employees with cybersecurity experience provide valuable insight and experience. IT professionals, network administrators, penetration testers, and cybersecurity engineers are just some examples of positions that can contribute to a successful cloud compliance team.  

Research top trusted cloud providers

Top providers are proven and experienced. They may help you meet global compliance requirements such as ISO 27001, PCI DSS, HIPAA, and FedRAMP.Plus. You can even select services from various cloud providers in order to find an efficient, cost-effective solution that works for your company or organization.

Understand the shared responsibility model

It is important to note that cloud users bear shared responsibility for the security component. A Tripwire article (“The Cloud’s Shared Responsibility Model Explained”) distinguishes between “Security of the Cloud” (the cloud service provider’s responsibility) and “Security in the Cloud” (the user’s responsibility).

Here is an quick look at components of the shared responsibility model from Amazon Web Services:

Amazon Customer
HardwareSoftwareSecurity of the cloud Managing the guest operating systemOther software applications and IT controlsSecurity in the cloud

Analyze contracts and service-level agreements

As with any service-level agreement or contract, it’s important to carefully read the terms and conditions, appendices, etc. — essentially anything and everything that could potentially affect your cloud security. According to Kinsta, “62.7% of cloud providers don’t specify that customer data is owned by the customer. This creates a legal gray area where a provider could claim ownership of all your uploaded data.”

Before you invest in a cloud solution, make sure to do your homework and research top providers. Cloud compliance is essential — and it can save you from hefty fines, audits, or other unfortunate consequences for you and your business.

About the Author: Michelle Moore, Ph.D., is academic director and professor of practice for the University of San Diego’s innovative online Master of Science in Cyber Security Operations and Leadership program. She is also a researcher and author with over two decades of private-sector and government experience as a cybersecurity expert.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Cloud Compliance Best Practices: A Quick Overview” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Compliance, COVID-19, Finance, Google, Goverment, Microsoft, Privacy, TripWire, VMWARE

Continue Reading

Previous No More Ransom Saves Victims Nearly €1 Over 5 Years
Next Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT