June 29, 2012 Leave a comment
- The lack of cloud security standards and the expanding range of cloud providers complicate RFPs.
- The Current Analysis Cloud Security Study shows IT SPs ahead of carriers and the U.S. ahead of Europe.
The decision to migrate to the cloud is complicated by the expanding number and variety of cloud service providers (typically carriers, IT SPs, vendors, or dedicated cloud SPs), each with its own legacy of strengths and weaknesses, coupled with a dearth of specific cloud security standards to put into a request for proposal (RFP). Apart from PCI DSS in the retail sector and FedRAMP for the delivery of cloud services to the U.S. government, security standards pertaining to cloud services are related to general business process quality (ISO9000), data center management processes (ISO27001-5), auditing (SSAE 16), and a slew of more vertical industry-specific requirements around handling of sensitive personal data. Corporate customers are still relying on best-practice guidelines from standards bodies such as NIST in the U.S. and ENISA in Europe, as well as the user/industry forums such as the Cloud Security Alliance with its Cloud Matrix tool. Still, what does the cloud security playing field look like from the service provider side? How can they assess their service offerings to amorphous customer requirements, as well as the other providers in the market? Read more of this post