|
By Cara Garretson
Security vendor Catbird has released software designed to give cloud computing providers the ability to offer their customers regulatory compliance monitoring and enforcement.
Catbird's vSecurity Cloud Edition, available now, gives cloud computing vendors an answer to their customers' demands for services that are complaint with a host of federal and industry regulations and also protect sensitive data that's been moved into the cloud, according to Catbird officials. The service provides compliance auditing, inventory management, configuration management, change management, access control, vulnerability management, and incident response, the company says.
By being able to offer demonstrable security and compliance to customers, cloud service providers are likely to find that customers are more willing to move their sensitive and competitive data to the cloud, says one analyst.
"It's not an issue of `Can you do that in the cloud?' it's an issue of `Can you get comfortable with it?'" says James Staten, principal analyst with Forrester Research's IT Infrastructure & Operations group. "Securing your application and your data is a handshake, you have to figure out how far the service providers are extending to protect you."
Outsourcing the security of sensitive information to a third-party provider allows IT departments to concentrate on supporting their companies' core competencies, instead of having to become security experts, according to Catbird.
"By freeing IT departments to concentrate on what matters most to the business and leaving security and compliance in the hands of seasoned experts, cloud providers now have an exciting value proposition to offer their prospects," according to officials, adding that Catbird has ten years experience running security in the cloud. The company claims that hundreds of its customers pass their compliance audits thanks to its software.
Among the specifications that vSecurity Cloud Edition offers compliance with are the Sarbanes-Oxley Act, the Payment Card Industry's regulations, the Health Insurance Portability and Accountability Act, the Federal Information Security Management Act, and others, says Catbird.
For each of these specifications, the software provides around-the-clock scanning that flags violations against a pre-set compliance framework; continuous monitoring and real-time inventory management of virtual machines; and a management portal that offers compliance intelligence aggregation, management, and reporting from a single dashboard while maintaining the privacy of company or departmental data, Catbird says.
For customers who are subject to industry or government regulations, being able to prove to internal and external auditors that the regulations governing the treatment of sensitive information are being met can be just as important as securing the sensitive data. Along those lines, the new software also gives cloud computing service providers real-time reporting functions to offer to their customers so that companies can be kept up to date on the status of their compliance and security, the software company says. These reports can be customized for consumption by different audiences ranging from executives to technical administrators.
vSecurity Cloud Edition is currently being offered as a part of Amazon's Web Services' Elastic Compute Cloud (EC2) Web service, as well as by other public and private cloud computing service providers, the company says.
Only registered users can write comments.
Please login or register. |
