2014 Compliance… Change is in the Air

February 14th, 2014   /     /   Company News, Smarter Identity

2014 is going to be a year of change. Two of the key frameworks for cloud service providers (CSP), ISO 27001 and the Trust Services Principles, have new versions out in the wild now and will become the de facto versions later this year. The good news is that the new versions more easily enable CSPs to align various compliance frameworks and move closer to the Holy Grail of compliance; test once, comply many times. We are incorporating these new versions into our controls DNA now, not only so we are not scrambling later this year, but also so we can take advantage of these streamlining opportunities.

But wait there is more, on the privacy front, there are many changes in the 2014 pipeline that could have significant impacts. The biggest of which is the EU Data Protection Reform, which will have a definite impact on US entities that handle EU data. The extent of these changes is not known yet, but we have been working on steps to prepare, including the recent launch of our EU data residency option.

If you have been following the NSA news, it should come as no surprise that these privacy changes are in part linked to concerns over who might be able to tap into your data without your, or the cloud service provider’s, consent, so you will definitely see an uptick in transparency and the control that you have over your personal data as these new regulations roll out. We also recently revised our privacy policy, in order to better speak to these two areas. It would not surprise us if we need to revise this policy once again in the upcoming months.

All these changes translate to the need for users leveraging cloud based services to get more clarity from their CSPs on what that ‘cloud’ symbol on their service diagrams really stand for and how third party enforced frameworks fit into the picture. As standards and regulatory needs change, you should have candid conversations with your CSPs on how they are managing these.

About the Author

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Network World, Infosecurity, eWeek, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

View all posts by Alvaro Hoyos