By Tony Savoy

Concern around security, privacy and availability of critical business data is a common barrier to public cloud adoption. It doesn’t matter if that data is sensitive, private, or simply development and testing information; IT organizations are still required to sustain strict adherence to corporate security policies or regulatory controls. VMware understands these concerns, and continues to focus on investments in its compliance portfolio to ensure its cloud customers are confident that their data is safe and their cloud platforms can satisfy many of their corporate security and regulatory requirements.

Last week, VMware announced that VMware vCloud® Air™ was officially accepted into the UK G-Cloud 6 program. Operating under the GCloud 6 framework means VMware has been properly vetted by the UK government and able to sell to government and public sector organizations in that region. In addition, we announced the general availability of VMware vCloud® Government Service provided by Carpathia™ in the United States. This service now has FedRAMP Provisional Authority to Operate issued by the Joint Authorization Board (JAB).  These two major achievements show our ability to execute the implementation and sustainment of controls for some of the most heavily regulated workloads in the industry.

In our continued path towards developing more transparency into our operating, security and compliance controls, vCloud Air recently added two new programs to its portfolio: the Cloud Security Alliance Security Trust and Assurance Registry (CSA STAR) and Service Organization Control (SOC) 3. The CSA Consensus Assessments Initiative Questionnaire (CAIQ) provides customers with industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings. Visit the CSA STAR Registry to view VMware’s response to over 250 questions related to cloud security, trust principals, and assurance controls. SOC 3, just like the SOC 2 framework, is composed of a comprehensive set of trust principles including security, availability, processing integrity, confidentiality and privacy. Our SOC 3 report is publically available and can be viewed and distributed freely.

Finally, not only have we been hard at work executing our roadmap of new compliance programs, we continue to stay true to our commitment of sustaining current programs with an annual review cycle.  Over the last few months we completed rigorous independent third-party examinations of vCloud Air for SSAE 16 SOC 1 Type 2, SOC 2 Type 2, HIPAA/HITECH, and ISO 27001. We’ve also updated our ISO 27001 certification to the latest ISO27001:2013 modifications to ensure we’re always keeping up with the latest criteria as standards change. Audit reports for these programs will be shared with prospects and customers under NDA. To review a copy of these reports, contact your VMware sales representative.

In addition to the compliance programs and certifications, vCloud Air employs data and network security measures across physical and virtual domains to minimize security and compliance risks. Learn more about why these changes are influencing consumers to move forward and embrace the cloud.

For more information about VMware vCloud Air, visit, and keep an eye on the blog for upcoming tips and best practices for using vCloud Air

Be sure to subscribe to the vCloud blog with your favorite RSS reader, or follow our social channels at @vCloud and for the latest updates.