ARTICLE
Demystifying Public Cloud Compliance

Taking an All-Of-The-Above Approach to Public Cloud Compliance

Read the article

Share this story

Read Time: 3 minutes

Create confidence through improved business best practices

The word compliance strikes fear into many readers. Are we in compliance? Can we prove it? Are we trying to be compliant with the right regulations? What happens if we fall out of compliance? Can we afford to invest in compliance? Can we afford not to?

Public cloud compliance doesn’t have to be a scary thing. It’s really about safety in numbers. Compliance is just a set of best practices developed by the many organisations and experts over the years. They made the mistakes so you don’t have to.

Sure, many regulations pre-date cloud computing, but they still apply. Adopting the cloud doesn’t have to make compliance harder and, in many ways, it makes compliance easier. Your cloud provider, be it Amazon Web Services, Microsoft Azure, or Google Cloud, is responsible for the compliance of their part of the equation. That means they address physical security, data centre access, networking infrastructure, and at least for managed instances, operating systems and patches.

As a cloud user, you are responsible for less, but still a significant amount. This is called the Shared Responsibility Model, where the provider is responsible for security OF the cloud and the customer is responsible for security IN the cloud.  

The good news is that, when it comes to compliance, the cloud vendors are all rock solid.

The public cloud shared responsibility model.

There are dozens of security standards and regulations that address compliance, and some overlap but others are focused on unique requirements. For example, PCI-DSS (Payment Card Industry Data Security Standard) is focused on credit card and financial data.

So how do you choose the compliance standard that you should follow in the public cloud? Some are obvious. For example, you’re an e-commerce retailer, you need to follow PCI-DSS.

The point is, you don’t want to be surprised, especially if there is a security breach, that your public cloud environment is not in compliance with the right standard or standards. You also want to be able to prove that you were indeed compliant with a standard, on a specific date, should you ever get audited. This could mitigate against serious fines.

Fortunately, there is a cloud compliance tool, called CloudCheckr Total Compliance, that not only scores your cloud infrastructure according to the big compliance standards out there, but also several that are specific to countries, states, and industries.

You can pick your favourites and see a plot over time, showing your progress towards 100% compliance with the standards that matter to you. Any misconfigurations are highlighted, along with remediation steps. A good number of CloudCheckr’s 600+ Best Practice Checks support Self-Healing Automation for one-click or even zero-click correction.

Rate the Article

Click the link below to rate this article

Rate this article
Have you also seen...
Test your Email Security Now

This tool tests if your email server is correctly configured to stop common threats.

Learn more
Remote working ‘Must Have' Technologies

90 days no cost, no commitment, no fuss technology deals for remote working quick wins

Learn more
Bright Security - Web Application Security: Top Threats and 6 Defensive Methods

Top Threats and 6 Defensive Methods

Learn more
Teams: the one-stop IT app

The one-stop IT app

Learn more
AppJacking

Mitigating risk from endpoint apps

Learn more
Cloud Technology Skills Shortages

Find help fast!

Learn more
About Libraesva

An email content gateway solution ESVA – Email Security Virtual Appliance – won the Computing Security Award as ‘Antispam of the Year’ solution 2014-2016

It was recognised by the prestigious Virus Bulletin as one of the best and effective systems of protection and analysis of email content, Libra ESVA was selected by Securefort to address email security in the SMB sector.

Learn more
You can’t protect what you can't see!

30 days no cost, no commitment, no fuss technology deals for remote working quick wins:

Learn more

We're a community where IT security buyers can engage on their own terms.

We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.

Other articles in this category
Cloud Management
+
Cloud Cost Optimisation

7 Best Practices for Reducing Your Cloud Bills

Monday, March 01, 2021
Interested in what you see? Get in touch, and let's start a conversation Get in touch