Open Data Center Alliance, Part 6--Regulatory Framework

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at
By Cameron Sturdevant  |  Posted 2011-06-21 Print this article Print

ODCA part 6 regulatory control

The ODCA includes a "solution stack" diagram to help show where cloud computing might draw additional regulatory attention.

The Open Data Center Alliance Regulatory Framework usage model does a decent job of getting cloud providers to step up to the compliance plate while rightly insisting the cloud consumers are ultimately accountable for risks.

The Open Data Center Alliance (ODCA) Regulatory Framework (RF) publication is among the longest of the organizations usage models by virtue of a two lists that entail a rather frightening global list of regulatory bodies that must be reckoned with when coming up with a comprehensive compliance regime. The good news is that the RF recommendations take up just seven pages of the report. The RF focuses on an ongoing corporate compliance program for cloud environments, which matches best practice guidelines that I've seen for private data center operations. This means that the practices that your organization already follows aren't that different when data and applications are moved to a shared, cloud environment. What changes is that the cloud provider becomes the source of the risk assessment and management data. Thus, IT managers would do well to use the RF as a starting point for exploring the ability of an external cloud provider's ability to satisfy reporting and control requirements.

As I've touched on in earlier posts in this series, IT managers must understand the implications for locating data outside of a private data center. As the RF notes, cloud consumers should take into account the risks associated with data geo-location, data ownership considerations and access controls, or the lack thereof.

Data governance, risk and compliance is a fussy area of work. In acknowledgment of this the ODCA, through the RF, makes recommendations where it sees that open, intellectual property-free implementations can be implemented. IT managers at regulated organizations would be well served to spend some time with the RF and see if the ODCA recommendations make sense if your organization is considering moving regulated data and applications to the cloud.

Table of Contents for the Series:

1. IT Users Band Together: a brief introduction to the ODCA 2. Virtual Machine Interoperability 3. Carbon Footprint 4. Security Monitoring 5. Security Provider Assurance 6. Regulatory Framework 7. Standard Units of Measure for IaaS 8. Service Catalog 9. I/O Controls |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel