Customers expect data centers to be compliant because it is an extension of their IT. Heavily regulated verticals such as the public sector, finance, and healthcare cannot use this infrastructure without compliance certifications. Customers running a hybrid or public cloud infrastructure rely on compliance certifications instead of independent audits to ensure that proper security controls are in place. A number of high profile security breaches, court cases, and global legislative changes have raised awareness of the complexity and risks of running in the cloud. Open a browser and go to https://marketplace.vmware.com.

VMware Cloud (VMC) on AWS is working on implementing the compliance certifications and frameworks by targeting Cloud Security Alliance (CSA) and General Data Protection Regulation (GDPR) first, followed by International Organization for Standardization (ISO), Security Operations Center (SOC), Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry (PCI), the Federal Risk Authorization and Management Program (FedRAMP), and Criminal Justice Information Services (CJIS). Security certifications that exist today are applicable to cloud computing and should be strongly considered. Cloud services will apply the mandated principles of policy, security, strategy, and compliance, which must be followed even by the lightest requirement use cases.