After a company transitions their data into the cloud, a primary concern will be the cloud provider’s approach for complying with international and national laws, including the European Union’s GDPR (General Data Protection Regulation) and USA’s HIPAA (Health Insurance Portability and Accountability Act).

A core cloud provider rule is implementing a self-service interface that eases a customer’s set up, revisions, and termination of their services. It was initially unclear who would be responsible for maintaining a company’s cloud services. Practically speaking, anyone with a company credit card could setup a cloud account. Thus, any department could begin using the cloud, creating a “shadow IT”.

Governance

Oversight provided by the board of directors and senior executives of a company is governance. When this is extended to the cloud, it is called “cloud governance”. It is crucial because if it’s lacking, numerous questions regarding business objectives and cloud management will remain unanswered, making cloud security extremely difficult.  

Prior to making the transition to the cloud, an organization should determine its objectives. These goals should be guided by applicable laws, regulations, and contracts. Cloud governance provides guidance to employees regarding compliance. This will prevent costly mistakes from being made that can lead to legal and economic setbacks.

Laws & Regulations

Every discussion of compliance should begin with laws and regulations. Companies and their attorneys need to address how they will be followed. This must be made clear to employees along with the consequences of not complying. Moreover, the necessary security controls will need to be determined and implemented in order to remain in compliance.

For example, the GDPR requires stringent security regarding personal information. The European Union’s regulations set forth strict requirements controlling the processing and storage of personal data. This may be a potential problem with the cloud because of the way it operates. However, complying with certain controls protecting sensitive information will satisfy GDPR requirements.

Part 2 will continue discuss more aspects regarding cloud compliance and security.

Alpha Business Support

Choosing an expert computer technology-support provider is an important decision for your business. Alpha has been a trusted partner of many companies in the Washington, D.C., Baltimore, and Annapolis areas since 1990 and offer:

• 24/7 Managed Services for Business Computing Systems

• Network and Mobile Computing Support

• Disaster Recovery Planning

• Software Development

For affordable client-focused network consulting services and solutions, please call Alpha today at (410) 295-9500.