There is a common perception among organizations that compliance with industry regulations, especially when using a public cloud model - is a shared responsibility model.
See Also: 2016 Social Engineering Report
Regardless of the provider, all providers operate under the following model - the provider is responsible for the physical infrastructure, the shared networking, the computing, storage and the hypervisor. Everything that sits on top of a basically virtual machine and the guest instance is the responsibility of the customer. This includes securing data, the application code, the application framework and the Operating Systems that is sitting on top of the infrastructure itself.
Depends on how an organization views this - it provides the flexibility to enforce consistency and a similar level of controls as the organization does in its other environments, including in its data centers. However, it's extremely challenging to achieve this using the traditional network and system security controls. And compliance with industry regulations - such as SOX404, PCI DSS, GLBA - is still an organization's responsibility.
All of this requires a new way of thinking.
In this informative webinar we will deliver practical advice on achieving and continually maintaining compliance with industry regulations when operating under any type of distributed computing environment, including private, public and hybrid-cloud environment.
Viewers will learn:
- The compliance challenges organizations face integrating cloud services with their data centers
- How to assess the compliance posture of your infrastructure, even if it's distributed across the data center, public cloud services, offsite facilities, IaaS and PaaS installs and hosted applications
- How compliance automation works to integrate legacy infrastructures with cloud-based ones - and ensure compliance requirements aren't overlooked
- Why focusing on security across your hybrid IT infrastructure is the best way to alleviate many compliance headaches