2014 Compliance… Change is in the Air

February 14th, 2014   /     /   Company News, Smarter Identity

2014 is going to be a year of change. Two of the key frameworks for cloud service providers (CSP), ISO 27001 and the Trust Services Principles, have new versions out in the wild now and will become the de facto versions later this year. The good news is that the new versions more easily enable CSPs to align various compliance frameworks and move closer to the Holy Grail of compliance; test once, comply many times. We are incorporating these new versions into our controls DNA now, not only so we are not scrambling later this year, but also so we can take advantage of these streamlining opportunities.

But wait there is more, on the privacy front, there are many changes in the 2014 pipeline that could have significant impacts. The biggest of which is the EU Data Protection Reform, which will have a definite impact on US entities that handle EU data. The extent of these changes is not known yet, but we have been working on steps to prepare, including the recent launch of our EU data residency option.

If you have been following the NSA news, it should come as no surprise that these privacy changes are in part linked to concerns over who might be able to tap into your data without your, or the cloud service provider’s, consent, so you will definitely see an uptick in transparency and the control that you have over your personal data as these new regulations roll out. We also recently revised our privacy policy, in order to better speak to these two areas. It would not surprise us if we need to revise this policy once again in the upcoming months.

All these changes translate to the need for users leveraging cloud based services to get more clarity from their CSPs on what that ‘cloud’ symbol on their service diagrams really stand for and how third party enforced frameworks fit into the picture. As standards and regulatory needs change, you should have candid conversations with your CSPs on how they are managing these.

About the Author

Alvaro Hoyos is OneLogin’s Chief Information Security Officer and is tasked with architecting and leading the company’s risk management, security, and compliance efforts. Alvaro also works with prospects, customers, and vendors to help them understand OneLogin’s Security, Confidentiality, Availability, and Privacy posture and how it works alongside, or in support of, customer’s own risk management strategy. He has worked over 15 years in the IT sector and prior to joining OneLogin, spent 8 years working with startups, SMBs, and Fortune 500 companies with their security, compliance, and data privacy efforts.

View all posts by Alvaro Hoyos