@CloudExpo Authors: Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Feed Post

Cloud Privacy Contracting

Cloud Archiving and Compliance

The main evolutionary leap in Cloud services will come from a fusion of both legal and technical maturity.

It’s not enough for CSPs to offer contractual SLAs that dictate how efficiently they will run IT resources or how they will handle outages, they also need to stipulate how they will enable and honor data privacy regulations and best practices.

In short they will need to be able to offer contracting terms that aligns with the buyers controlling privacy laws – What I call ‘Cloud Privacy Contracting.’

Cloud Archiving and Compliance
The need for this is defined in the headline CIO.gov document – Best practices for Cloud contracting (44-page PDF).

This defines a range of best practices that a government agency should follow before contracting with a Cloud Provider, including technical support aspects but also ranging into contractual requirements such as Non Disclosure Agreements, Breach Response procedures, and in particular how the CSP would handle direct FOIA requests (Freedom of Information Act).

Consider how the Federal agency and/or the CSP will provide individuals with the right to access and/or amend their records within a CSP environment, under the time frames legally specified in the Privacy Act;

It also calls for E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is available for legal discovery by allowing all data to be located, preserved, collected, processed, reviewed, and produced;

This requires that the CSP has the required data preservation and audit log assurance capabilities so that they can deliver verifiable digital evidence-ready records that can prove their chain-of-custody, and offer an always-on irrefutable record of all transactions.

This can be achieved through an irrefutable association with electronic identity record and integration with external Time Stamping Authorities, by adopting relevant Cloud Archiving and Compliance vendor technologies.

Read the original blog entry...

More Stories By Cloud Best Practices Network

The Cloud Best Practices Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net

CloudEXPO Stories
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by FTC, CUI/DFARS, EU-GDPR and the underlying National Cybersecurity Framework suggest the need for a ground-up re-thinking of security strategies and compliance actions. This session offers actionable advice based on case studies to demonstrate the impact of security and privacy attributes for the cloud-backed IoT and AI ecosystem.
Transformation Abstract Encryption and privacy in the cloud is a daunting yet essential task for both security practitioners and application developers, especially as applications continue moving to the cloud at an exponential rate. What are some best practices and processes for enterprises to follow that balance both security and ease of use requirements? What technologies are available to empower enterprises with code, data and key protection from cloud providers, system administrators, insiders, government compulsion, and network hackers? Join Ambuj Kumar (CEO, Fortanix) to discuss best practices and technologies for enterprises to securely transition to a multi-cloud hybrid world.
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-centric compute for the most data-intensive applications. Hyperconverged systems already in place can be revitalized with vendor-agnostic, PCIe-deployed, disaggregated approach to composable, maximizing the value of previous investments.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in this new hybrid and dynamic environment.
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will detail these pain points and explain how cloud can address them.