Chapter 6. Principle 5: Govern Your Cloud Environment
Although cost efficiencies, elastic resource provisioning, and speed of deployment maybe driving forces of cloud adoption, security and regulatory compliance are often major concerns around cloud deployment. A strong governance framework ensures the review of service levels, manages risk effectively, and certifies that your critical business data is secure—and that you comply with legal requirements and business-specific certifications and attestations.
The essential challenge of cloud compliance is that the customer places vast amounts of sensitive data into the hands of the cloud provider who controls the facilities, thereby trusting the provider to safeguard their data. The customer must do this while also being subject to stringent regulatory requirements (for example, the health industry’s HIPAA and the financial industry’s PCI DSS) and security standards.
Note
Traditional IT management followed industry best practices, such as the Information Technology Infrastructure Library (ITIL), which were developed prior to the emergence of cloud computing as a fundamental way of doing business. Standard ITIL processes, such as Service Catalogs and Service Design, require a lot of adaptation when you move to the cloud.
Data encryption and auditing of the provider’s datacenters might seem to be obvious solutions to the cloud consumer’s quandary. But the nature of the cloud environments, where encryption may even hinder processing ...
Get Five Principles for Deploying and Managing Linux in the Cloud now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
