Regulations and Standards in Public Cloud

Abstract

Security is a critical issue particularly in public cloud as it rests with the cloud providers. During security implementation, prevailing security threats and regulatory standards are borne in mind. Regulatory compliance varies from one cloud provider to another according to their maturity and location of the data center. Thus, subscribers need to verify the security requirement meeting their objective and the one implemented by the public cloud provider. To this end, subscribers need to visit each cloud provider's site to view the compliance. This is a time-consuming activity at the same time difficult to locate on a website. This work presents the prominent security standards suggested by the leading security institutions including NIST, CSA, ENISA, ISO, etc., that are applicable to the public cloud. A centrally-driven scheme is proposed in order to empower the subscriber to know the regulation and standards applicable according to their services need. The availability of an exhaustive list at one place will lower the users hassle at subscription time.