Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Compliance in the Cloud | @CloudExpo @DMacVittie #DevOps #Compliance
Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in

Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet compliance requirements.

Which lead us to start poking around a little more. We wanted to get a picture of what was available, and how it was being used. There is a lot of fluidity in this space, as in all things cloud. The fact that DevOps Security plays into the cloud compliance model – particularly in dynamic cloud environments – makes it even more fluid.

We’ve found the following options are the ones most frequently being pursued in cloud deployments for industries that need to meet compliance requirements.

Not in the Cloud
This is the default, and a lot of companies are following it. That is not to say they don’t use the cloud, but that anything that falls under compliance requirements is not moved to the cloud. In its simplest form, only static web sites are moved out to the cloud, or only SaaS, where compliance burdens fall more heavily on the provider are moved out of the datacenter.

Using Guidelines
All of the major vendors have guidelines to compliance for the customers’ part of the shared responsibility model. Since AWS is the largest cloud provider, we’ll link to their section. This requires manual effort and maintenance of scripts, but allows compliance to closely match inside-the-DC compliance. This is arguably the most often followed model.

Outsourcing
There is a healthy consulting business around compliance in the cloud, and a fair number of organizations are using it. By asking someone whose specialty is the nexus of compliance and cloud, the organization gets the results required without burning up a ton of man-hours internally. This too is a popular option, and should your organization go in that direction, there are plenty of resources to help find the consultant/service that best suits a given scenario.

Compliance Tools
There is a growing collection of tools available to help ease the transition to Cloud based compliance. They range from tools that aim to lock down the application itself to tools that run through cloud vendor settings and validate that the clients’ share of infrastructure configuration is compliant.

Due to the rate of change that both agile and DevOps introduce, we see this type of automation as the direction of the future, but it is too early to say how soon in the future. The simple fact is that Security and Compliance teams were already overburdened, and automation is the only thing that will allow them to stay ahead of the curve. The question is how fast the tools can both mature and engender trust amongst those responsible for corporate compliance.

In the End, It Is About the Org
The answer is different for each organization, sometimes even for each application portfolio or even application. We’re just listing the most common paths teams take, so if you’re looking for more options than whatever is currently happening, you have a place to start. There is a decent amount written about each of these options, so researching the one that suits you should not be a problem.

Read the original blog entry...

About Don MacVittie
Don MacVittie is founder of Ingrained Technology, A technical advocacy and software development consultancy. He has experience in application development, architecture, infrastructure, technical writing,DevOps, and IT management. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

Latest Cloud Developer Stories
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for...
Cloud computing is a goal aspired to by all organizations, yet those in regulated industries and many public sector organizations are challenged in adopting cloud technologies. The ability to use modern application development capabilities such as containers, serverless computing...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been designed around data privacy," explained Julian Box, CEO and co-founder of Calligo, in this SYS-CON.tv interview at 21st Cl...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term...
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mis...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
Most Read This Week
ADS BY GOOGLE