Whether you’re in the midst of an audit or a forensic investigation, thorough logs are the key to proving compliance with security regulations. So how do you prove your organization is/was compliant when you aren’t able to maintain logs? This is the nagging question that gnaws hungrily at my weary brain every time I ponder cloud computing.
I am a big fan of cloud computing from a sharing and information architecture perspective, it may not be the right answer for critical information that is subject to regulatory control.
The folks at Google and other cloud computing providers are not going to let compliance issues fall through the cracks for long. Cloud computing can provide similar service and less cost. Who has better understanding of security, your IT staff or the folks at Google?
New Link to the article: http://www.informationweek.com/security/can-you-prove-compliance-in-the-cloud/229209812