A trustworthy cloud also provides scalable security federation to enable the secure sharing of documents across organizational trust boundaries (e.g. outside their firewall) in a manner that is as simple for employees as using consumer solutions such as Dropbox. This capability is especially important for companies in regulated industries such as Healthcare, Accounting, Pharmaceutical and Finance where data privacy and provenance control are mandated.
For example, a trustworthy cloud would enable a publicly traded company to comply with SOX 404 even when a third party cloud provider possesses the data. In HIPAA- or FDA-regulated environments, a trustworthy cloud would allow an organization that uses public cloud services to meet the requirements of HIPAA/HITECH or Business Associate Agreement (BAA) contracts.
With the rapid authorized and unauthorized use of public cloud sharing by their employees, organizations can no longer afford to ignore the data privacy issues these services engender. A trustworthy cloud approach that enforces security on the content itself eliminates the cloud container as a potential point of compromise. This enables organizations to implement and enforce "zero knowledge" encryption that is transparent to employees, and prevents both the cloud service provider and the security vendor from accessing business information.
Sign up for CIO Asia eNewsletters.