Auditable Cloud Services and Industry Compliance

Grazed from Wired. Author: Edwin Schouten.

Cloud computing is a trend towards the industrialization of IT, but this industrialization of IT services also has significant impact on the influence the consumer has on the services. Contracts are standard and cannot be tuned to meet consumers’ wishes; ”what you see is what you get.” But IT still needs to govern regulatory compliance, so how does this work with cloud services?

Cloud in the Financial Sector

I will illustrate this using the regulatory organization from my home country The Netherlands (aka Holland). Recently I was a panelist for a discussion on cloud computing in the financial sector at the national outsourcing congress where I represented the cloud providers. On the panel with me were a representative of consumers, a lawyer and a representative of DNB (De Nederlandse Bank), a public limited company responsible for safeguarding financial stability…

During the panel discussion, DNB underlined its statement in its newsletter, Cloud computing: the risks and how they are supervised, that cloud computing is regarded as a form of outsourcing, covering the same requirements with two in particular:
1. Who has access to the data, where it is physically stored and is it contractually specified that no data is left with the provider once the contract ends or is terminated.
2. DNB must be granted the ‘right to audit’. Outsourcing, including in the form of cloud computing, may not prevent DNB from carrying out its supervisory duties…

Read more from the source @ http://www.wired.com/insights/2012/11/auditable-cloud-services-and-industry-compliance/