While cloud computing has made great strides in the past few years, data security and compliance loom as significant barriers for businesses considering the adoption of cloud-based services.
Existing concerns are compounded by the fact that there is still a lot of confusion regarding legal compliance and privacy issues. There are no all-encompassing, hard-and-fast compliance regulations that apply to all industries across the board; rather, there are different regulatory standards that pertain to specific industries such as healthcare and finance/banking segments.
Federal and state laws, and industry regulations such as HIPAA (Health Insurance Portability and Accessibility Act) and PCI (News - Alert) DSS (Payment Card Industry Data Security Standard), require strict controls on what kind of data can be stored, who can access it and where it can be stored.
Cloud services are a long way away from being fully compliant with all the regulatory requirements, according to Vishal Shah, vice president of R&D at Intelliverse (News - Alert). But organizations can still benefit from them if they’re able to differentiate between the types of data and applications that can or cannot be stored on the cloud, and by negotiating the proper service level agreements (SLA) to ensure security and access.
Protecting the constant flow and growth of data presents new challenges that require adherence to compliance standards and new security technologies. Understanding the compliance regulations that pertain to your industry is the first logical step in the cloud strategy process.
But the easiest way to ensure compliance, regardless of the standard, rule or legislation that applies to you, is to look for cloud providers that are already compliant themselves.
Another point of concern for cloud adopters is geographical location, ZDnet recently pointed out.
“A cloud service provider, especially a software-as-a-service provider, can offer its services over the web for companies all over the world, and store everyone’s data in a single country,” the report said. “The geographical dispersal of information, often used by service providers to reduce costs and improve reliability, can be a major legal liability. Knowing where your provider will store your data and what legislation applies there is fundamental.”
Organizations have to recognize that regardless of where the data or applications reside, it is their data and in the end, they are responsible for it.