Skip to main content

Defining Compliance as a Service (CaaS)

Cloud computing by its very nature spans different jurisdictions. 

The laws of the country of a request’s origin may not match the laws of the country where the request is processed, and it’s possible that neither location’s laws match the laws of the country where the service is provided.

Compliance is a complex issue that requires considerable expertise.

A Compliance as a Service application would need to serve as a trusted third party, because this is a man-in-the-middle type of service.

CaaS may need to be architected as its own layer of a SOA architecture in order to be trusted. 

A CaaS would need to be able to manage cloud relationships, understand security policies and procedures, know how to handle information and administer privacy, be aware of geography, provide an incidence response, archive, and allow for the system to be queried, all to a level that can be captured in a Service Level Agreement.  CaaS has the potential to be a great value-added service.

In order to implement CaaS, some companies are organizing what might be referred to as “vertical clouds,” clouds that specialize in a vertical market. 

Examples of vertical clouds that advertise CaaS capabilities include the following:

  • athenahealth (http://www.athenahealth.com/) for the medical industry
  • bankserv (http://www.bankserv.com/) for the banking industry
  • ClearPoint PCI Compliance-as-a-Service for merchant transactions under the Payment Card Industry Data Security Standard
  • FedCloud (http://www.fedcloud.com/) for government
  • Rackserve PCI Compliant Cloud (http://www.rackspace.com/; another PCI CaaS service)

It’s much easier to envisage a CaaS system built inside a private cloud where the data is under the control of a single entity, thus ensuring that the data is under that entity’s secure control and that transactions can be audited. Indeed, most of the cloud computing compliance systems to date have been built using private clouds.

It is easy to see how CaaS could be an incredibly valuable service. A well-implemented CaaS service could measure the risks involved in servicing compliance and ensure or indemnify customers against that risk. 

CaaS could be brought to bear as a mechanism to guarantee that an e-mail conformed to certain standards, something that could be a new electronic service of a network of national postal systems—and something that could help bring an end to the scourge of spam. 

Labels:

Comments

Post a Comment

Popular posts from this blog

2.1 VIRTUAL MACHINES PROVISIONING AND MANAGEABILITY

In this section, we will have an overview on the typical life cycle of VM and its major possible states of operation, which make the management and automation of VMs in virtual and cloud environments easier than in traditional computing environments As shown in Figure above, the cycle starts by a request delivered to the IT department, stating the requirement for creating a new server for a particular service.  IT administration to start seeing the servers’ resource pool, matching these resources with the requirements, and starting the provision of the needed virtual machine.  Once provisioned machine started, it is ready to provide the required service according to an SLA, or a time period after which the virtual is being released.
Post a Comment
Read more

2.2 VIRTUAL MACHINE MIGRATION SERVICES

Migration service, in the context of virtual machines, is the process of moving a virtual machine from one host server or storage location to another; there are different techniques of VM migration, hot/life migration, cold/regular migration, and live storage migration of a virtual machine. In process of migration, all key machines’ components, such as CPU, storage disks, networking, and memory, are completely virtualized, thereby facilitating the entire state of a virtual machine to be captured by a set of easily moved data files. 2.2.1. Migrations Techniques Live Migration and High Availability Live migration (which is also called hot or real-time migration) can be defined as the movement of a virtual machine from one physical host to another while being powered on.  Live migration process takes place without any noticeable effect from the end user’s point of view (a matter of milliseconds).  One of the most significant advantages of live migration is the fact that it facili...
Post a Comment
Read more

Open SaaS and SOA

A considerable amount of SaaS software is based on open source software.  When open source software is used in a SaaS,  it referred to as Open SaaS.  The advantages of using open source software are that systems are much cheaper to deploy because you don’t have to purchase the operating system or software, there is less vendor lock-in, and applications are more portable.  The popularity of open source software, from Linux to APACHE, MySQL, and Perl (the LAMP platform) on the Internet, and the number of people who are trained in open source software make Open SaaS an attractive proposition.  The impact of Open SaaS will likely translate into better profitability for the companies that deploy open source software in the cloud, resulting in lower development costs and more robust solutions. SOA (Service-Oriented Architecture): SOA is an architectural approach for designing and developing software systems that are composed of loosely coupled services.  In an SO...
Post a Comment
Read more