cloud complianceCloud compliance requires control and visibility. The control allows companies to achieve compliance objectives and mitigate risks by remediating SOD conflicts and ensuring the accuracy of records. To do that, however, organizations also need the visibility to be able to monitor and audit transactions throughout their landscape. They need to be able to monitor users throughout multiple apps, departments and locations, and keep track of what data they’re accessing, where they’re moving it, how they’re altering it and so on.

 

Cloud compliance doesn’t just take place on the application level, either — you need control and visibility at every level. From physical controls ensuring uninterrupted service through network security architecture best practices like hardening and segmentation, every layer is implicated in compliance regimes like PCI DSS and SOX.

 

Having Multiple Clouds Makes Cloud Compliance Much More Difficult

 

Every cloud environment has its own configuration, vendor policies and SLAs. Visibility may vary dramatically from one cloud to another. For example, a managed private cloud on dedicated hardware in a provider-owned data center can provide complete visibility, while a public cloud VM will give you no insight into the hardware your landscape is running on. Cloud integration apps — the programs that allow your clouds to communicate together — have their own internal processes too, which are also subject to cloud compliance requirements.

 

The upshot is that it’s much harder to run a compliant multi-cloud environment. Each cloud will require its own monitoring, and some clouds may require extensive configuration to reach compliance standards — or may not be up to them at all. You’ll need a way to integrate all your cloud monitoring into a single control panel (or deal with a complex maze of different monitoring tools) which will pose yet another challenge. And as vendors update their software or alter their business model, maintaining the necessary visibility and control for cloud compliance can become next to impossible.

 

A Single Vendor Environment is Ideal for Cloud Compliance

 

A single vendor managed cloud, designed around the needs of a modern enterprise landscape, greatly reduces the difficulty and cost of cloud compliance. You have a single landscape, governed by a single set of rules. Add in the right compliance monitoring and remediation tools, and you can start treating compliance as a routine business process — not an ongoing, resource-intensive project.

 

 

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.