- With an increased number of providers not to mention open source itself, the need for transparency of controls is even greater.
- A by-product of OpenStack will be the increase of service provider to sub-service provider relationships (e.g. a SaaS company hosts at an IaaS co-lo and has their systems maintained by a managed service provider. The most important thing for cloud providers is to be able to map out all their customers’ control and compliance requirements ensuring there are no “gaps” where on provider thinks the other is doing (and vice versa).
- Service providers need to carefully evaluate what assurance and compliance tools suit their customers best. This involves doing a requirements and cost-benefit analysis of SAS 70 / SSAE 16 audits and assessments, PCI DSS validation, SysTrust, ISO 27001 certification, or any combination of those and more.
Looking forward to working with #CloudAudit on #OpenStack, good blog post today by @DougBarbin — talked to @Beaker early in the week.