Archive

3 reasons to consider cloud hosting and security compliance

Share this post:

Deploying software as a service (SaaS) based solutions and IT resources in a cloud environment is definitely cost effective. But it comes with a price of absolute necessity: security. An unsecured cloud deployment poses serious threats as well as major cost implications. That is why it is vital to host applications in secure cloud environments that are certified by a Certification & Accreditation (C&A) process. The C&A certification ensures that the hosted environment is equipped to address any security risks and protect the infrastructure that contains the client applications and data.
I believe that the following are three major reasons for an organization to consider a secure certified hosting environment:

1. Risk management
2. Asset protection
3. Accelerated confidence in cloud deployments

For example, the prominent and trusted certification recognized by federal agencies is the Federal Risk and Authorization Management Program (FedRAMP). It is instituted to ensure consistently secure cloud deployments for the federal agencies.

FedRAMP is supported by the US Chief Information Officer and Federal CIO Council (see CIO.gov). With CIO backing and successful and cost effective deployments, more federal agencies are bound to adopt cloud deployment strategies. This will inevitably result in curtailing unnecessary build and maintain costs and, more important, in improving service efficiencies far more quickly.

FedRAMP is also in compliance with the Federal Information Security Management Act of 2002 (FISMA). I think it is great that FISMA compliance is included because it addresses the national security requirements thoroughly and encourages active involvement of both business and technology leaders of the program.

Cloud deployments are designed to be dynamic, thus allowing organizations to store their data assets “on-prem” or “off-prem” and on multiple disparate devices. The cloud providers in general do not offer to protect customer data, whereas a cloud provider that is certified by a standards committee is required to take measures to secure customer assets. In addition to internal controls, organizations should ascertain asset protection through standards and security compliances.

Even if FedRAMP and similar certifications have a price tag attached to them, I strongly believe that it is a necessary investment. It pays for itself by protecting the infrastructure assets, keeping the risk low and, above all, allowing safe and successful cloud deployments for the service providers and subscribers.

What is your opinion of the C&A and of these key considerations for secure cloud deployments?

Watson Delivery Solution Architect

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, 16.0.0.4. It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading