By Susan J. Campbell

Cloud computing – it has been introduced and touted to the masses as the economical, no-strings-attached approach to leveraging features and capabilities that were once only available to the enterprise. Telecom operators driving cloud communications need to be able to make decisions about where and when to comply with governance. The challenge is that compliance is relatively complex.

A recent Alcatel-Lucent Enriching Communications article, Compliance in the Cloud: Risk or Reward?, explored the challenges of compliance in the cloud. The main problem: the standards that exist tend to be more technical and will definitely help to drive compliance and approaches to certification in the future. Global cloud industry associations need a provider framework to navigate the maze of compliance rules to determine best methods. The level of compliance for the telecom operator, however, is closely tied to its partners.

The key compliance challenges for cloud communications relate to protecting privacy, the processing, physical housing, retention, transfer and discloser of data. There is also a challenge to producing the proofs necessary to certify that a service provider is competent. At the same time, the cost of adhering to different national rules and demonstrating that compliance is in place can quickly mount.

With the market growth of cloud communications and cloud services, there is a demand for global compliance. The problem is that data security is actually a touchy subject on a global basis. There are still organizations doing the same things, but not working together to support compliance. And, global scrutiny focuses heavily on Europe as the European Commission launched a public consultation that is expected to lead to a standard legal framework for cloud communications in terms of service level agreements and certifications.

Compliance harmonized across the EU or other markets, however, is unlikely. It is difficult enough for telecom operators to adhere to national compliance requirements and this is still a cost they must bear if they hope to enter the market. Still, global standards do exist, they are just widely abused. Actual certification for any carrier is rare and can be impossible to obtain in countries where multiple sources of energy supply simply don’t exist.

Global cloud industry associations have been formed and do aim to help service providers to navigate the complicated maze of compliance issues. The Cloud Security Alliance (CSA) GRC Stack is relevant as it integrates several initiatives such as CloudAudit to automate cloud GRC processes, and the CSA Cloud Controls Matrix for certifications.

Weak links still exist, however, as certain companies aim to build scale and capability in cloud services. Telecom operators suggest that it can’t be done as cloud computing relies on collaboration. If all partners within the ecosystem are not compliant, the telecom and its market positioning can suffer.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.