Compliance and Cloud: 5 Big Considerations

By: Bill Kleyman | - Leave a comment

Today, cloud computing has helped a number of organizations with their applications, users, and new kinds of applications. However, a big part of the conversation begins around understanding just how much data we’re creating. IoT, virtual reality technologies, and new ways to deliver critical applications have all placed new types of pressures on cloud computing projects. Through it all, organizations are still adopting cloud strategies and looking for ways to leverage the power of cloud services.

Within the cloud segment, spending on public and private cloud IT infrastructure will experience CAGRs of 13.8% and 10.2%, respectively. In 2020, IDC expects service providers will spend $37.5 billion on IT infrastructure for delivering public cloud services, while spending on private cloud IT infrastructure will reach $20.3 billion.

“For the majority of corporate and public organizations, IT is not a core business but rather an enabler for their core businesses and operations,” said Natalya Yezhkova, Research Director, Storage Systems. “Expansion of cloud offerings creates new opportunities for these businesses to focus efforts on core competences while leveraging the flexibility of service-based IT.

Gartner went on to state that, “The market for public cloud services is continuing to demonstrate high rates of growth across all markets and Gartner expects this to continue through 2017,” said Sid Nag, research director at Gartner. “This strong growth continues reflect a shift away from legacy IT services to cloud-based services, due to increased trend of organizations pursuing a digital business strategy.”

However, it’s not always easy to move every workload into the cloud or even leverage every cloud service. For those organizations worried about compliance – cloud can be a challenging maze to navigate. For example, “Financial firms remain under pressure from regulators to improve the effectiveness of their compliance and risk management analysis and reporting,” said Bill Fearnley, research director, Compliance, Fraud and Risk Analytics at IDC Financial Insights. “To stay ahead of bad actors and improve their compliance and fraud detection programs, financial firms are increasing investments in analytics tools and new sources and types of data.”

Today, there are a lot more conversations happening around cloud and of course, compliance and security. Organizations across all verticals and user counts absolutely see how cloud services can act as a direct benefit to their business. But what happens when you’re trying to upload a compliance-bound workload into cloud? What do you do when regulations stop you from using a cloud storage architecture? The good news is that compliance and cloud can get along – but there are some considerations.

  • Know what apps and data points you’re going to leverage. Not only that – also understand your industry. Defining your compliance rules (HIPAA, PCI-DSS, SOX) will allow you to wrap policies around your workloads. From there, it’s important to know what you’re actually hosting or storing. Is it an application? Maybe it’s a database? Or, maybe you’re just trying to offload data. The kind of data set you decide to work with can impact the kind of cloud storage you should use.
  • Selecting the right kind of cloud partner. Jumping from the previous point – various cloud providers might specialize in different compliance methodologies. Some can host HIPAA compliant data, while others can act as secure gateways for PCI-DSS and e-commerce traffic. Make sure you know the capabilities of your cloud provider. The good news is that there are established providers capable of handling a variety of compliance workloads.
  • Controlling the keys to your kingdom. Now, you can own the entire tokenization and encryption process. This means you can upload data into a HIPAA-ready cloud architecture and still control how that information is accessed. New HIPAA rules, for example, allow you to store protected healthcare information (PHI) within a cloud storage provider who has signed a business associate agreement (BAA).
  • Creating monitors and alerts. Not only does this help you stay proactive – this also helps you empower your end-users. Monitors and alerts help you understand where your data is stored, how it’s being accessed, and how to optimize the entire process. Creating a good alerting system not only impacts security, it also helps with end-user data delivery experiences. Furthermore, you can set some specific alerts around compliance-bound data and where it can and cannot be stored.
  • Empowering the end-user. You are now allowing users to access their data from anywhere, any time and any device. Not only does this create a more productive user force – you’re also controlling the entire experience. To the end-user, it’s all seamless. However, administrators are able to see what data points are being accessed, and how well that delivery methodology is working. Finally, you create compliance visibility and can see how cloud-based data sets are being utilized and accessed.

There’s no doubt that the amount of data within the cloud will continue to grow. The important part there is how you’ll be able to take advantage of new kinds of services revolving around cloud storage. Remember, modern cloud technologies will now allow you to scale your data center architecture, and still be compliant.

Topics: ,

About The Author

Bill Kleyman

CTO at MTM Technologies

Bill is an enthusiastic technologist with experience in datacenter design, management, and deployment. His architecture work includes large virtualization and cloud deployments as well as business network design and implementation. Bill enjoys writing, blogging, and educating colleagues around everything that is technology. During the day, Bill is the CTO at MTM Technologies, where he interacts... Read More