Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
Compliance in the Cloud | @CloudExpo @DMacVittie #DevOps #Compliance
Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in

Our work, both with clients and with tools, has lead us to wonder how it is that organizations are handling compliance issues in the cloud. The big cloud vendors offer compliance for their infrastructure, but the shared responsibility model requires that you take certain steps to meet compliance requirements.

Which lead us to start poking around a little more. We wanted to get a picture of what was available, and how it was being used. There is a lot of fluidity in this space, as in all things cloud. The fact that DevOps Security plays into the cloud compliance model – particularly in dynamic cloud environments – makes it even more fluid.

We’ve found the following options are the ones most frequently being pursued in cloud deployments for industries that need to meet compliance requirements.

Not in the Cloud
This is the default, and a lot of companies are following it. That is not to say they don’t use the cloud, but that anything that falls under compliance requirements is not moved to the cloud. In its simplest form, only static web sites are moved out to the cloud, or only SaaS, where compliance burdens fall more heavily on the provider are moved out of the datacenter.

Using Guidelines
All of the major vendors have guidelines to compliance for the customers’ part of the shared responsibility model. Since AWS is the largest cloud provider, we’ll link to their section. This requires manual effort and maintenance of scripts, but allows compliance to closely match inside-the-DC compliance. This is arguably the most often followed model.

Outsourcing
There is a healthy consulting business around compliance in the cloud, and a fair number of organizations are using it. By asking someone whose specialty is the nexus of compliance and cloud, the organization gets the results required without burning up a ton of man-hours internally. This too is a popular option, and should your organization go in that direction, there are plenty of resources to help find the consultant/service that best suits a given scenario.

Compliance Tools
There is a growing collection of tools available to help ease the transition to Cloud based compliance. They range from tools that aim to lock down the application itself to tools that run through cloud vendor settings and validate that the clients’ share of infrastructure configuration is compliant.

Due to the rate of change that both agile and DevOps introduce, we see this type of automation as the direction of the future, but it is too early to say how soon in the future. The simple fact is that Security and Compliance teams were already overburdened, and automation is the only thing that will allow them to stay ahead of the curve. The question is how fast the tools can both mature and engender trust amongst those responsible for corporate compliance.

In the End, It Is About the Org
The answer is different for each organization, sometimes even for each application portfolio or even application. We’re just listing the most common paths teams take, so if you’re looking for more options than whatever is currently happening, you have a place to start. There is a decent amount written about each of these options, so researching the one that suits you should not be a problem.

Read the original blog entry...

About Don MacVittie
Don MacVittie is founder of Ingrained Technology, A technical advocacy and software development consultancy. He has experience in application development, architecture, infrastructure, technical writing,DevOps, and IT management. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

Latest AJAXWorld RIA Stories
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct ...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – N...
"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the ...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored app...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE