Cloud Compliance Catch-22

Grazed from BankSecurityInfo. Author: Peter Spier.

The fact of the matter is that when you and I say "cloud," we may be thinking of two very different things. Partly this stems from the adage "what’s old is new again" (welcome back, centralized computing) and partly from a lack of common definition or standards to provide a ready frame of reference.

Thankfully, the National Institute of Standards and Technology is on the case. With its release of Special Publication 800-146 [see NIST Issues Long-Awaited Cloud Guidance], the term "cloud" is defined as a service that maintains a pool of hardware resources to maximize service and minimize cost while providing a resource efficiency that permits hardware refresh without impact to its users…

Though a mouthful even in paraphrase, this definition should instantly summon references that fit the model and industry terminology such as "high availability" that prove nearly synonymous, albeit not quite as catchy…

Read more from the source @ http://www.bankinfosecurity.com/blogs/cloud-compliance-catch-22-p-1351