By Author: Stefanie Hoffman
Cloud and virtualization are experiencing an uptick like never before, but concerns around regulatory compliance often bring adoption to a screeching halt. In fact, few regulations effectively address data security on the various cloud platforms and many organizations are reluctant to risk being penalized for non-compliance.
VMware Inc. is trying to fix that. The Palo Alto, Calif.-based subsidiary of EMC Corp. recently launched the Compliance Reference Architectures, a set of resources incorporating solution guides and design architectures with the aim of helping partners build and deploy cloud infrastructures that simultaneously meet compliance mandates.
The first, and likely most far-reaching compliance regulation that is being tackled is the Payment Card Industry (PCI) Data Security Standard, a series of 12 guidelines aimed at providing a foundation of security infrastructure for anyone processing or handling credit card data.
Specifically, VMware’s Compliance Reference Architecture for PCI, which incorporates the VMware Solution Guide for PCI and the VMware Architecture Design Guide for PCI, attempts to provide partners with a guide as to how they can deploy VMware vCloud Suite and VMware View in accordance with the associated security requirements.
Among other things, the reference architecture includes Partner Solution Guides that highlight how the company’s security and compliance solution providers can be leveraged when implementing virtualization technologies in heterogeneous environments.
Also with the goal of overcoming compliance challenges, VMware is allowing external audit advisory firms to join the VMware Technology Alliance Partner program and the Consulting and Integration Partner Program—a move that enables partners to combine audit expertise with product knowledge when implementing virtual infrastructure.
And down the road, the company plans to launch similar guides for Federal Risk and Authorization Management Program (FedRAMP), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) Act, and other government compliance standards.
Historically, governance risk and compliance (GRC) solutions haven’t been incredibly profitable for the channel, largely attributed to low demand, lengthy sales cycle, and a complicated deployment process.
But those factors appear to be changing. In recent years, mandates such as PCI and other compliance regulations have been bolstered with more enforcement capabilities—such as fines and loss of credit card privileges– thanks in part to elevated awareness and highly publicized and targeted data breaches.
Meanwhile compliance, once relegated to specific market verticals, now applies to almost all market segments and industries. PCI mandates, for example, are imposed on any business that processes credit cards.
As such, compliance has transitioned from a channel obstacle to an opportunity. While representing a source of frustration for organizations, the beefier mandates and broader application have enabled partners to augment their portfolios with new security solutions, cloud-based GRC products and a host of pre-auditing and reporting services, which have been leveraged to build out entire practices specifically around the compliance market.
That opportunity hasn’t been lost on other industry players. Dell, for example, recently unveiled a new PCI resource center for partners, while LockPath Inc. launched a new cloud-based GRC platform aimed at easing deployment and increasing scalability and cost-effectiveness of compliance solutions.
However, where PCI and other compliance regulations have often fallen short is in addressing new technologies such as cloud and virtualization. And as such, compliance represents one of the remaining roadblocks to adoption of cloud and virtual technologies.
That said, PCI was updated last year to include virtualized environments. However, the guidelines leave a lot of room for interpretation, and how they’re ultimately extended to various platforms and applied will likely be contingent on expertise provided by the channel.
Subsequently, for the GRC market to expand, solution providers will need to continue to find new ways to keep cloud and virtual customers compliant. And the real opportunity for partners, as well as the biggest challenge, will not only be in keeping customers adhering to mandates, but allowing them to transition to cloud and virtual infrastructure in a way that also enables them to effectively leverage all the benefits those technologies.
AltaFlux understands what you and your organization need to excel, and can deliver rapid innovation to unleash your full workforce potential. Together, we can empower your business by streamlining, transforming, and optimizing your key HCM and talent processes with industry-leading SAP SuccessFactors technology—enabling you to adapt at the speed of change.
AltaFlux Corporation is a global HCM cloud consulting partner based in Troy, Michigan. We empower organizations by streamlining, transforming, and optimizing key human capital management (HCM) processes with industry-leading HCM cloud solutions like SAP SuccessFactors, Benefitfocus, WorkForce Software and Dell Boomi.