Cloud and managed services provider ViaWest has strengthened its library of compliance and attestation reports to include several new compliance reporting types for customers using its data centers.
Compliance may not be quite the hot topic it was a few years ago when regulations such as HIPAA and SOX came into being, but it's still of critical importance to many businesses—and particularly to their customers, who would generally prefer not to have their personal information lost or intercepted. Cloud and managed services provider ViaWest knows this, and has expanded its reporting services for its customers using its data centers.
ViaWest typically provides a variety of SSAE 16 (formerly SAS 70) reports to customers, and now it's expanding that portfolio to include dual-standard SSAE 16 and ISAE 3402 SOC 1 Type II, SOC 2 Type II, SOC 3, PCI reports on compliance for Sections 9 and 12, as well as HIPAA reports for physical controls.
"ViaWest is 100 percent committed to delivering transparency through insight into our operations and assurance via third-party assessors that validate ViaWest as a trusted partner," said Mary Sparks, director of compliance for ViaWest, in a prepared statement. "We do this because we understand the mission-critical nature of data to our customers' businesses and the need to meet standards within the ever-changing compliance landscape. We put customer trust first."
And that's the crux of the issue, isn't it? Although cloud computing has gained an enormous number of converts, there is still skepticism about the security of clouds, particularly public clouds. Additionally, there are so many cloud providers entering the market that has become a challenge to determine which of those are to be trusted with customer data and which should be avoided at all cost.
The attestation and compliance reports are being issued by third-party auditors that assess ViaWest's controls and procedures. In this case, it was done by CoalFire Systems.
Using third-party auditors to get SSAE 16 certification can go a long way toward selling customers on the security and compliancy of data centers. Going forward, it may be that customers begin to ask —or even demand—proof of compliance.