Security of a Higher Level – Unparalled Security and Compliance with the Enterprise Cloud

Security of a Higher Level – Unparalled Security and Compliance with the Enterprise Cloud

In our first three installments of the TBS Whitepaper Series by Jay Ethridge and Joe Jezior of Technology & Business Solutions (TBS) we’ve defined cloud computing and explored the differences between private and public cloud environments, and examined how public enterprise cloud hosting delivers a true reduction in costs, not just a transfer from in-house expenses to third-party charges. In this fourth installment in the series, we explore the security and compliance advantages of enterprise cloud hosting.

Files

A Platform That Shares

Rightly so, many businesses worry about third-party providers managing and controlling their most precious corporate data, especially financial and personnel-related documentation and systems. And so, cloud hosting providers – those that promise to safely guard and deliver critical data at all times – should indeed be held to very high expectations for software, hardware, and infrastructure security.

As examined throughout this series, private cloud hosting providers – those that build unique and dedicated server environments on a client-by-client basis – deliver a wide range of security configurations to their clients. Many private cloud environments are very secure, to be sure, but just as many are not so robust. (Remember, remote servers sitting in your brother-in-law’s closet constitute a private cloud.) This is because private cloud providers do NOT deliver their security environment as a “platform” – one industry-leading template securely deployed to all users all the time (more about this below) – but instead they create unique installations in reaction to each individual client’s stated requirements, know-how, and budgets.

So, in private cloud environments, security certificates may be deployed differently from client to client. Different software packages, versions, and configurations are available, and a range of security hardware may be used. The result is the availability of varying security standards based upon each client’s expressed needs. This “lowest common denominator” approach means you may not be sure what you’re really buying from a private cloud provider when it comes to the security, until they build your cloud for you. Such case-by-case deployment is typically costly as well, because private cloud hosts CAN NOT share single security platform costs among all clients. Because unique security arrangements are built for each individual client, that client alone bears all the associated costs.

Conversely, public enterprise clouds are built to the highest security standards because they deliver their solutions as “platforms” to ALL cloud users simultaneously. In this way, every public enterprise cloud user gains the benefits of the very best performance, security, and delivery, because their cloud platform is the very same one available to thousands (and sometimes hundreds of thousands) of other users too. Simply put, when cloud delivery is platform based the requirements of a large “public” community ensure the very best levels of security are available to all.
 

Business Model Demands the Best

It’s more than that, though.

The business model behind public enterprise cloud delivery demands the very best security, software, and infrastructure. Because enterprise cloud providers engineer and deliver their environments to support thousands of users, they must deploy the latest, most stable, and secure software on the market, and the very best security certificates. If they don’t, their entire customer base experiences the negative results. And, as enterprise cloud infrastructures must scale frequently and securely without interruption for current users as the client base grows – it’s not uncommon, for instance, for TBS to add hundreds of new users in a 48-hour span – public clouds must leverage the very best hardware to meet these growing demands.

And, as public cloud providers only charge users by “the drink” – meaning clients pay for just what they consume – small to mid-sized organizations reap tremendous value from accessing the security, reliability, and robustness of such enterprise systems.

An excellent example of this exponential buying power is illustrated by examining how enterprise clouds meet the most stringent regulatory demands for the handling and safeguarding of financial data.

All publicly traded companies are bound by Sarbanes Oxley audit requirements. For these companies, if their financial data is hosted via the cloud, this means their cloud provider must meet SAS 70 Type II (“Statement on Auditing Standards”) requirements to ensure complete SOX compliance. According to the AICPA, auditors of public financial data must also obtain evidence directly from third-party providers when assertions in financial statements are “affected” or handled by service organizations, like cloud hosts of accounting software. The American Institute of Certified Public Accountants further notes that “because many entities use these service organizations, a number of user auditors may visit the service organization, require the assistance of service organization personnel, and disrupt the business of the service organization.”

The solution? Just as they do with their security, software, and hardware standards, public cloud providers typically conform to the very highest controls for financial regulatory compliance. By doing so, public cloud providers build to the “highest denominator,” creating one vigorous compliance environment for all clients and users, thereby avoiding visits from literally hundreds of client auditors, as the AICPA notes.

Examples include:

SAS 70 Type 2 – The strongest standard for Sarbanes-Oxley financial compliance, Type 2 environments not only deliver all of the proper controls for the handling of financial data, they also ATTEST that these procedures are being followed. The very best Type 2 environments also regularly update their controls to meet yearly changes in SOX and other requirements.

MA 201 – Viewed by many as the next regulatory wave for maintaining the most secure employee records, this Massachusetts state requirement demands that businesses keep all personnel data confidential by creating and attesting to vigorous controls. Currently, no fewer than seven additional states are considering the adoption of MA 201-like regulations for businesses and their service providers. Only the very best public enterprise cloud provides like TBS currently offer this forward-thinking standard.

As the largest provider of cloud hosting for Deltek software, minority-owned TBS serves hundreds of customers with thousands of users across the globe. We know that public enterprise clouds ensure the most secure delivery with the very best regulatory compliance. Stay tuned to this white paper series. In the coming months we’ll continue to explore these important cloud computing topics:

To craft an enterprise cloud model tailored to your organization's needs, contact TBS or call 703.444.6562.

tags: 
Cloud Computing
Compliance
Enterprise Cloud Hosting