RSA analysts: Visibility key to cloud computing compliance

During a recent panel at the RSA Conference 2011, panelists explained to audience members that visibility and transparency for cloud providers’ infrastructure and security controls are key for regulatory compliance.

"The first key is getting visibility," said Dennis Morreau, senior technology strategist in the office of the CTO at RSA. "That will let you decide what circumstances you want to avoid and what you need to mitigate.”

According to Christopher Day, a chief security architect, providing visibility into the hardware, hypervisor and application levels is the most important step for vendors and consumers.

Another expert explained that currently, many consumers or businesses are told “[they] shouldn’t care what makes something work,” by vendors. This is problematic, as companies are unaware if their managed IT service is violating compliance standards.

A recent article supports this last point, focusing more on how companies need to be aware of cloud computing contracts and the accessibility companies have with their vendors. Without certain provisions in a contract, companies can simply lose access to their data once a deal is signed with a service provider.