Meeting data center compliance standards is a challenge -- doubly so with the cloud. Look for vendors that meet...
both performance and compliance needs.
IT administrators in the virtual data center must meet numerous compliance needs that vary depending on business contexts. These standards range from the Sarbanes-Oxley Act and PCI DSS for financial compliance to the Health Insurance Portability and Accountability Act (HIPAA) for medical data compliance.
The number of data center compliance standards and rules is overwhelming. Many admins adapt with a selection of products, methods and policies to ensure they stay within data center compliance guidelines.
These tactics might work well in a traditional data center, but what happens when admins add cloud services? The cloud comes in many different forms -- from infrastructure as a service to software as a service and more. Although the rules for compliance are fixed, cloud services aren't, so it's up to admins to figure out where the gaps are.
Rather than reviewing each and every compliance rule, it's better to step back, look at the larger picture and examine some of the likely challenges.
If admins operate in a business that must meet a compliance standard such as HIPAA or PCI DSS, it makes sense to find a cloud vendor that handles that compliance. A simple Google search returns a large list of cloud vendors that are technically compliant, but further examination of the details proves that it is more complicated.
Every cloud service that offers compliance comes with a set of conditions or restrictions necessary to keep that compliance rating. Rather than simply shopping for cloud vendors based on compliance, admins should base data center compliance decisions on data center needs first. If admins must scale out a compliant application, they should find the best product for the application and then begin the compliance discussion.
Ancillary cloud functions complicate data center compliance standards
Application selection is normally straightforward, but some ancillary functions might not be. Many admins are moving disaster recovery, backups and monitoring off site to the cloud. These types of services require a different way of thinking because even though they aren't client-facing, they still require compliance.
Take backups and disaster recovery, for example. Admins can't assume these critical infrastructure services will fit in the cloud and remain compliant. Often, this isn't a technical challenge, but a data storage challenge. Customer data located outside the primary data center might require additional security or encryption for data at rest.
This isn't a technical challenge for most vendors, but it can -- and most likely will -- add additional costs. Disaster recovery and backup services in the cloud can be extensive, and their scale can lead to costs that break budgets. In an on-premises data center, additional security is often a checkbox or add-on that doesn't require significant effort or cost. When workloads leave the data center, however, additional guidelines and costs apply.
Data center compliance is a tricky subject because it changes based on governing bodies and evolving technologies. It requires a lot of effort to keep track of changing data center compliance standards, and it might seem outside the scope of the traditional admin's skill set, but traditional silos are disappearing.
Organizations have to replicate internal efforts, such as encryption at rest, with cloud-based services or the entire application stack might become uncompliant. This can even include internal resources that were compliant. If admins extend the data center to the cloud, the environment is only as strong as its weakest point, especially from the standpoint of data center compliance standards.
Rules change, so if admins decide to completely migrate an environment to the cloud, they must focus on ensuring the cloud meets the necessary application performance and compliance standards. It's a bit easier when workloads don't span different environments.
It's possible that, as admins move applications and services to the cloud, higher regulation standards will encourage improved data center compliance standards on premises. While this sounds positive, it could also become an expensive task to keep up with as admins plan data center upgrades that meet cloud compliance levels.
The tricky part is that admins often don't have the buying power or ability to install multiple systems like a cloud vendor does. That doesn't mean admins shouldn't try, but they must realize the difference in scale and what that could mean for an on-premises data center compared to the cloud.