RightScale Blog

Cloud Management Blog
RightScale 2014 State of the Cloud Report
Cloud Management Blog

Add new comment

Hi Phil, Great post. The delineation of responsibilities between service providers and consumers of those services is well described. I think this delineation and the identification of shared responsibility for various controls is often missed when selecting service providers. Following on from the compliance of IaaS cloud offerings is the SaaS offering and the manner in which compliance can be ascertained for the cloud application stack as the cloud infrastructure management environment is all in scope and there's also the consideration of multi-tenanted systems. As for Raf's point on dev/test environments, where a business must use live data for test purposes, cloud infrastructure and the use of snapshots should allow the business create a separate stack with applicable controls in place to perform this function. However, test data (card numbers and other PII) is built to prove the requisite functionality without requiring production data. Andy Mac