Cloud Compliance Looms Large for Global Enterprises

Posted by Stephen Zhang on July 25th, 2014

As more and more enterprises move to the cloud, cloud compliance becomes a key tenet for operations. It’s important that data transfers within the cloud are conducted by complying with local and foreign regulations when working with 3rd party services.

According to Freebridge Associates research analyst Christine Zhang, “Cloud compliance is not a paltry issue to be ignored by enterprises. More and more countries and implementing their own cloud compliance regulations, and their penalties encompass substantial fines and if warranted, imprisonment as well”.

Furthermore, It’s important that enterprises first become totally cognizant of which cloud services are being used within their company by their employees. After discovering those services, enterprises should examine the data, which is being transferred by those services. Then onwards, it’s important to know if that data is being transferred in a secure manner. This is especially important for cloud compliance reasons, as highly sensitive data transfers must be done so in appropriate fashion. When sensitive data is transferred with the cloud, its important that companies have access to data being transferred, to prevent leaks and breaches.
 
Furthermore, if one is leveraging external cloud service providers, its important to examine which regulations the providers abide by. Also, when using external cloud service providers, its important to know what type of data should reside on their cloud services, how they’re going to protect it, how they’re going to back it up and how you may reserve the right to audit the security and compliance framework that they build around your data.

Furthermore, things can go awry at times. Thus, its important to create an incident response plan for cloud security episodes. According to a recent Gartner report more than fifty percent of Global 1000 companies will have confidential customer information stored in the public Cloud by the end of 2016”. Thus, when transferring confidential data in the cloud, enterprises should be cognizant whether the data contains private information that can be traced to the identity of the person. If so, appropriate protection measures must be in place.

This is important because many federal governments have already implemented or are soon to implement policies regarding the traceability of personal information to a specific identity. Furthermore, there are many penalties for organizations that fail to protect this sensitive information. Consequently, its important that enterprises prioritize data privacy in terms of both cloud compliance and also as a threat to the enterprise, so they can prevent federal penalties and data breaches that can lead to brand marring and other financial detriments. Ultimately, its more beneficial if organizations start cloud compliance procedures now. Else, they will have to face the penalties, which include fines and/or imprisonment in most countries.

In summary, it’s important that chief information officers and information technology teams work to comply with all data privacy and security regulations present in countries their data is processed or transferred to. Furthermore, due diligence on cloud providers is a must. By undergoing these procedures, enterprises can leverage the positives of the cloud while curtailing any risks and threats to their business.


Author:
Stephen Zhang is a principal security analyst and writer focused on the emerging markets of cloud computing, enterprise security and cloud compliance.