Creating compliance in the private cloud
We all know that cloud computing has come a long way. We’ve got new ways to connect, new ways to delivery data, and a lot more user distribution. In an ever-connected world, the user and the organization are demanding a persistent connection regardless of device, location, or even data type. That means that both cloud and the data center model had to adapt to these new types of demands.
Well, this worked for a lot of organizations. They were able to deliver applications, desktops and rich content via the cloud to a dispersed user and an ever-growing organization. But it wasn’t perfect… I know, what in IT ever really is? Still, the cloud model was only partially evolved since many eager cloud adopters were still limited in what they could do. Healthcare, pharmaceuticals, some public organizations, government, and other compliance or regulation-bound entities just couldn’t utilize the full capacity of the cloud.
So can compliance and regulations live in the cloud? Believe it or not – there are new services and evolving models which now support a more compliancy-oriented infrastructure. Here are a few ways to create compliance in a private cloud:
- Deploying next-generation security technologies. Next-generation security technologies are those that include agentless technologies, advanced integrated firewalls, and IPS/IDS solutions. Most of all – these solutions are capable of running directly on the hypervisor. How does this help with compliance? Well – for example – by deploying a kernel mode virtual firewall, you’re able to utilize real-time traffic filtering throughout your virtual infrastructure. This type of traffic control and segmentation allows you to manage which VMs live on which hosts and the kind of data being passed through.
- Learning to enforce PCI-DSS, HIPAA, and SOX. To enforce compliance – you’ll need to ensure that all system bound to regulation are compliant and operational. In working with private cloud and compliance – the right security architecture is what makes all of the difference. Not only can your security platform monitor your VMs at the hypervisor level – you begin to introduce features which specifically help to enforce PCI-DSS, HIPAA, Sarbanes-Oxley compliance standards. Granular – access-level controls – alongside advanced/full kernel mode virtual firewall configuration capabilities for each VM individually – helps create a truly powerful security architecture.
- Implementing disaster recovery methodologies. Your virtual architecture has become a critical component for your business. So what happens when there’s an emergency? What happens when you need to tie-in your security environment? When working with compliance, DR becomes an important consideration. Through it all – it’s important to work with security systems which can directly integrate into logging platforms like Syslog or Splunk. From there, new security solutions now support disaster recovery sites which allows you to:
- Real-time replication of security settings
- Virtual firewall rules
- Antivirus schedules
- Parameters to disaster recovery sites
As more organizations move towards a cloud model – there will be new rules written around cloud computing. Major movements are happening now where data centers are becoming more compliant and a lot more secure. As more users connect to obtain information via a cloud model – there will be a need for optimized security and data segregation. The future of the cloud compute model is looking to be a bit more friendly towards compliance-driven workloads.
Bill Kleyman, virtualization solutions architect