Audit and Compliance

It is likely that each CSP will define its own processes and controls (i.e., compliance), and in the short term this does not present a problem. However, as CSPs start to connect to each other and provide cross-CSP solutions, a uniform compliance framework will become more important to ensure that appropriate security measures are being consistently applied. The adoption of the IT Governance, Risk, and Compliance (GRC) program would a good starting point to gain agreement on the adequacy of security measures since the discussion will be based on standards relevant to the CSP and its customers.

Given the volume and multitenancy of cloud computing, the compliance program for CSPs needs to be more real-time and have greater coverage than most traditional compliance programs.