The Ultimate Cloud Compliance Cheat Sheet
This is a full review of Threat Stack's cloud compliance series. See how to keep data safe and regulators off your back when dealing with cloud storage and computing.
Join the DZone community and get the full member experience.Join For Free
We write about compliance (and talk to customers about it) pretty regularly, and if you’ve been following our blog over the last two months, then you know we also just did a full series on the topic. In addition, we released the The Threat Stack Compliance Playbook that’s full of practical information you can use to help your company achieve compliance without losing your sanity.
If you haven’t had a chance to dive deep into the series, or would like to read it in its entirety, we put together a quick recap for you.
Compliance Series Blog Posts
How Compliance in the Cloud Can Strengthen Your Business
A lot of people don’t recognize that compliance is and must be a business driver. There’s really no other reason to become compliant. But understanding exactly what compliance can (and can’t) accomplish for your business is a good way to make sure that you are doing it for the right reasons. In this post, we explain how compliance can strengthen your business.
How Does Compliance Differ in the Cloud Versus On-Premise?
Compliance is a different beast in the world of the cloud. In this post, we explain why the Shared Responsibility Model and the changing nature of perimeters affects the requirements and obligations of compliance. In a nutshell? The approach to compliance doesn’t change, but the tooling does. Learn how in this post.
How to Reconcile Different Definitions of PCI DSS and HIPAA Compliance
Unfortunately, many compliance requirements are more gray than black-and-white. In this post, we cover how to reconcile different ideas about what it means to be compliant, focusing specifically on PCI DSS (which is pretty specific, as you’ll see) and HIPAA (which can be quite a bit more abstract and difficult to parse). Knowing what you’re aiming for is the key to success.
Can You Afford NOT to be HIPAA Compliant?
What happens if you aren’t compliant? In the case of HIPAA, put simply, if you deal in any way, shape, or form with healthcare data or companies, you are eligible for auditing. And while the cost of an audit itself could be steep, the fines for non-compliance are much higher. Learn why HIPAA compliance is often a must, not a nice-to-have.
Why You Need to be Compliant Much Sooner Than You Think
Some companies wait until a business need compels them to become compliant. The reality is that waiting until compliance is necessary is risky, since it can leave you scrambling to secure a business opportunity.
The Impact of the Cloud's Shared Responsibility Model on Compliance
Unlike in the on-premise world, both the provider and the user (a company) bear some responsibility for compliance in the cloud. The Shared Responsibility Model states that the provider is responsible for the security of the cloud, while the user is responsible for the security of their assets in the cloud. Understanding this distinction is vital to achieving compliance.
The Importance of Security Monitoring to Achieving Compliance in the Cloud
In addition to file integrity monitoring, you need to implement continuous security monitoring across your cloud infrastructure in order to gain visibility into user and system activity. Monitoring, by itself, meets many compliance requirements (including those of PCI DSS and HIPAA). In this post, we explain what security monitoring entails and how to implement it.
Budgeting for a Compliance Audit: A Practical Framework
One of the biggest hurdles to compliance is the cost involved. And the best way to meet all your compliance requirements without any surprises is to build and follow a realistic budget. In this post, we outline the costs associated with compliance audits in particular and help you accurately estimate the investment required for your company.
File Integrity Monitoring and Its Role in Meeting Compliance
Most compliance frameworks require companies to monitor their key files for changes around the clock. If you don’t know who’s accessing and making changes to your system files, then you don’t really know if you are secure, and you certainly can’t meet compliance. In this post, we outline the role of file integrity monitoring (FIM) in meeting compliance and how to implement it in a cloud environment.
When is Good Enough Good Enough? Meeting Compliance Without Losing Your Mind
How can you strike that challenging balance of being compliant without going overboard and stretching your resources? The fact is, you don’t need to be the most compliant company; you just need to meet the requirements well enough to satisfy regulators, auditors, customers, and stakeholders. In this post, we explain exactly what that means, focusing on PCI DSS and HIPAA requirements in particular.
Allocating Resources for a Compliance Audit: A Practical Framework
Who you have on your team matters when it comes to meeting compliance. The mistake many companies make is not understanding who needs to be part of the decision-making process and allocating their time up front. In this post, we go over the roles and skillsets that need to be brought in, and explain how to make the necessary organizational investment.
What Questions Do You Still Have About Compliance?
Thanks so much for joining us on this series.
While the series has come to its end, that doesn’t mean we won’t be continuing our coverage on compliance in future blog posts and other content. So, if you still have some burning questions about meeting compliance in the cloud, tweet us @ThreatStack, or send an email to firstname.lastname@example.org. That way, we can be sure to cover your questions in the future (or shoot you an email back if there’s a specific use case or product-related question you’d like answered).
Published at DZone with permission of Anthony Alves, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.