It used to be that meeting cloud compliance requirements for standards such as PCI and HIPAA meant having isolated, on-premises infrastructure. When these compliance standards were first created, the only way to keep information secure was to make sure that it wouldn’t be accessible from the internet.
Things have changed since the days when on-premises infrastructure was considered the best choice for security. Now, there are many new security measures for business infrastructure that didn’t exist before. These security measures are now strong enough that it’s possible to meet compliance standards such as PCI or HIPAA on a public cloud infrastructure.
The New Standard for Compliance
One of the major things that has changed in recent years is the understanding of IT security among the creators of compliance standards. Decades of intrusion attempts and data breaches have highlighted the vulnerabilities of on-premises infrastructures that were once thought secure, and the strength of the cloud.
In fact, as noted in one Gartner article, “externally provisioned, multitenant services are not only highly resistant to attack, but also are a more secure starting point than most traditional in-house implementations.” In other words, the cloud is actually more secure than the average on-premises infrastructure.
These revelations have spurred changes in compliance standards such as ISO 27001 to be more accepting of cloud infrastructure security. ISO 27001, a global security management standard, serves as a baseline for other standards to be matched to.
How WHOA Drives Compliance and Security
WHOA is an ISO 27001-compliant cloud service provider that builds each cloud environment from the ground up to be secure. Here’s are a few ways that WHOA drives ISO compliance and security in the cloud:
- Encryption. WHOA partners with Vormetric to provide data-at-rest encryption for all of its cloud environments. This encryption meets the data destruction requirements for ISO 27001.
- Perimeter, Per App, and Per Tenant Firewalls. WHOA uses Palo Alto Networks’ industry-leading perimeter firewall technology to keep external traffic from breaching your cloud environment. This is bolstered by per-app and per-tenant firewalls from Alert Logic, which further compartmentalizes data in case of an internal threat.
- IDS Log Management. Another feature of the Alert Logic security is the intrusion detection system and log management that comes as a part of their Cloud DefenderTM platform. This allows for the tracking of threat source IPs, which can aid in preventing future intrusions.
Each of these systems helps to harden the cloud against intrusion attempts, driving security and compliance on the cloud. This may well be part of the reason why the PCI council is warming to the use of public clouds.
Because of strong security tools such as these, the cloud is becoming an increasingly attractive option for companies that are trying to meet strict compliance requirements. However, be sure to check with your cloud provider if they are currently certified in the compliance standards you need to meet.
For more information on how WHOA.com drives security and compliance in the cloud, visit here.