Know industry regulations, establish
SLAS & protect your data
Moving some or most of your data to the
cloud is a good way to reduce costs and minimize the amount of physical
infrastructure you have within your facility. However, some companies have
concerns regarding cloud computing that they can’t reconcile. While some of
these worries are related to security or accessing data, one aspect that no
company should overlook is compliance.
The
cloud is maturing, and there are multiple ways to ensure your data is safe even
when it’s hosted in a third-party data center
Whether you work in the health-care,
financial, payment card, or other industries, there’s a good chance your data
is regulated in some way and needs to adhere to certain standards. It’s
difficult enough to maintain compliance when everything is stored in-house, but
when you move data to the cloud, it can become more difficult to manage.
Luckily, the cloud is maturing, and there are multiple ways to ensure your data
is safe even when it’s hosted in a third-party data center. The key to managing
your data and ensuring it is secure in the cloud is to understand what
standards apply to your company and how to keep that data compliant.
Know & understand your industry’s
regulations
It’s nearly impossible to find a cloud
service provider that can sup-port your industry’s regulation and help you
maintain compliance if you don’t know or fully understand what’s expected of
you. Jay Heiser, research vice president at Gartner, says that some of the
blame falls on the regulators themselves and that it would be helpful for them
“to bring more clarity to the targets of the regulation,” but for now, the
responsibility falls on the company to gather the information from available
sources.
With a clear understanding of what
regulations are placed on your business, you can find cloud providers that
support that type of compliance. For instance, some cloud vendors will sign
HIPAA “business agreements, which are contractual arrangements for service
providers to agree to accept some of the risk associated” with storing
healthcare-related data in their data center. Not all cloud service providers
are willing to sign such agreements, but Heiser says that in the last year or
two, he has “seen some increased willingness for generic providers to step up
to these.” And although he says it may only be a small gesture, he sees it as
“an encouraging one.”
HIPAA
Technology Suite
Compare vendors & put a focus on
transparency
When it comes to placing data of any kind
in the cloud and trusting it to a third-party provider, it’s important to make sure
the vendor is transparent in its process and is able to answer any and all
questions you may have. Heiser says the first question a company should ask is
“Can provider give adequate information to a potential buyer so that buyer can
conclude its suitable for [his] purposes?” He says this is a “huge challenge”
right now and you need to be vigilant when comparing vendors and make sure they
are the best it for your specific needs.
It’s
important to make sure the vendor is transparent in its process
Christine Taylor, an analyst at the Taneja
Group (www.tanejagroup.com), says that
“you can do almost anything you need and want to do for compliance,” but agrees
with Heiser that it ultimately comes down to asking the right questions and
getting the right answers. “Can they report to you where the data is located
and what it is? Can they report or allow you to report on user access,
identity, and justification as to why this particular identity can access
certain data?” Taylor asks. You also have to be aware of location-based issues
if your company is multinational. For example, Taylor points out that when you
do business in France, “French law requires that the data physically re-side
within French borders” in many instances. In that specific case, you would need
to search for a provider located in France that is certified to handle your
type of data in order to stay in compliance.
