Skip to main content

Defining Compliance as a Service (CaaS)

Cloud computing by its very nature spans different jurisdictions. 

The laws of the country of a request’s origin may not match the laws of the country where the request is processed, and it’s possible that neither location’s laws match the laws of the country where the service is provided.

Compliance is a complex issue that requires considerable expertise.

A Compliance as a Service application would need to serve as a trusted third party, because this is a man-in-the-middle type of service.

CaaS may need to be architected as its own layer of a SOA architecture in order to be trusted. 

A CaaS would need to be able to manage cloud relationships, understand security policies and procedures, know how to handle information and administer privacy, be aware of geography, provide an incidence response, archive, and allow for the system to be queried, all to a level that can be captured in a Service Level Agreement.  CaaS has the potential to be a great value-added service.

In order to implement CaaS, some companies are organizing what might be referred to as “vertical clouds,” clouds that specialize in a vertical market. 

Examples of vertical clouds that advertise CaaS capabilities include the following:

  • athenahealth (http://www.athenahealth.com/) for the medical industry
  • bankserv (http://www.bankserv.com/) for the banking industry
  • ClearPoint PCI Compliance-as-a-Service for merchant transactions under the Payment Card Industry Data Security Standard
  • FedCloud (http://www.fedcloud.com/) for government
  • Rackserve PCI Compliant Cloud (http://www.rackspace.com/; another PCI CaaS service)

It’s much easier to envisage a CaaS system built inside a private cloud where the data is under the control of a single entity, thus ensuring that the data is under that entity’s secure control and that transactions can be audited. Indeed, most of the cloud computing compliance systems to date have been built using private clouds.

It is easy to see how CaaS could be an incredibly valuable service. A well-implemented CaaS service could measure the risks involved in servicing compliance and ensure or indemnify customers against that risk. 

CaaS could be brought to bear as a mechanism to guarantee that an e-mail conformed to certain standards, something that could be a new electronic service of a network of national postal systems—and something that could help bring an end to the scourge of spam. 

Labels:

Comments

Post a Comment

Popular posts from this blog

2.1 VIRTUAL MACHINES PROVISIONING AND MANAGEABILITY

In this section, we will have an overview on the typical life cycle of VM and its major possible states of operation, which make the management and automation of VMs in virtual and cloud environments easier than in traditional computing environments As shown in Figure above, the cycle starts by a request delivered to the IT department, stating the requirement for creating a new server for a particular service.  IT administration to start seeing the servers’ resource pool, matching these resources with the requirements, and starting the provision of the needed virtual machine.  Once provisioned machine started, it is ready to provide the required service according to an SLA, or a time period after which the virtual is being released.
Post a Comment
Read more

1.2 ROOTS OF CLOUD COMPUTING

We can track the roots of clouds computing by observing the advancement of several technologies, especially in hardware (virtualization, multi-core chips), Internet technologies (Web services, service-oriented architectures, Web 2.0), distributed computing (clusters, grids), and systems management (autonomic computing, data center automation).  Below Figure shows the convergence of technology fields that significantly advanced and contributed to the advent of cloud computing. . We present a closer look at the technologies that form the base of cloud computing, with the aim of providing a clearer picture of the cloud ecosystem as a whole. 1.2.1 From Mainframes to Clouds 1.2.2 SOA, Web Services, Web 2.0, and Mashups 1.2.3 Grid Computing 1.2.4 Utility Computing 1.2.5 Hardware Virtualization 1.2.6 Virtual Appliances and the Open Virtualization Format 1.2.7 Autonomic Computing ______ Cloud computing has its roots in several technologies and developments, including virtualization, gr...
Post a Comment
Read more

2.1.1 VM Provisioning Process

  Steps to Provision VM. Here, we describe the common and normal steps of provisioning a virtual server: Firstly, you need to select a server from a pool of available servers (physical servers with enough capacity) along with the appropriate OS template you need to provision the virtual machine. Secondly, you need to load the appropriate software (operating system you selected in the previous step, device drivers, middleware, and theneeded applications for the service required). Thirdly, you need to customize and configure the machine (e.g., IP address, Gateway) to configure an associated network and storage resources. Finally, the virtual server is ready to start with its newly loaded software. These are the tasks required or being performed by an IT or a data center’s specialist to provision a particular virtual machine.
Post a Comment
Read more