Compliance with Cloud: how much it matters

This is the era of Cloud computing, there are lot of research and development work done for the cloud to make it more and more mature from all aspectes of Cloud like IaaS, PaaS, SaaS perspective, a lot of other too DaaS, NaaS.. so on
Cloud computing evolved a lot around security but now its time to think of compliance side.
Every industry is having their own rules and regulation and their compliance and audit criteria. So apart from the way to move to cloud or to security of data and networking, the most important part is to have complete infra or servers or applications are complied with the regulations with the particular customer or industry or domain.
Banking and financial having their own compliance and regulation.
Pharma and life sciences companies having their own compliance.
Food and drug , auto-mobile companies having own set of compliance and governance.

So now its time to make the Cloud for all , cloud for all compliance, cloud for all regulations so that make the best use of Cloud computing, make best use of each and every resources over cloud with great and best of its ablity abide with all compliance regulations.

Cloud compliance is not just to about storage or network or server level but its related to all aspects starting from process flow and design and development of whole solution of cloud for particular industry, like for Banking all the records must be there in pdf files as well apart from Database record, record must be retain for certain years even if record is deleted in the system. Similar for life sciences companies, every component of Cloud must be documented and must be sign or e-sign for record.
Also compliance is not just about to set-up cloud first time or migration of work load first time, it’s continuous process for day to day BAU activities and it must be taken care with regular business run.

What if no compliance, it’d be serious audit exposure and companies might held up with serious concerns from regulation stand point.

Adoption of compliance as it is from legacy environment to cloud will work : Answer is no as , ownership of Infra, App, Data, Platform changes according the type of cloud implementation so accordingly compliance manage by the level of ownership

Is this only customer would take care of compliance: Answer is no, its responsiblity of cloud provider that all of provider’s services must be comply with the type of customer

Hybrid cloud is more complex to abid with regulations and compliances as there is thin line of data, app and infra ownership, hence, implementing compliance reglation there is very important and challenging.

Location specific compliance, for some customers such as banking and financial institutions data and server must be within their city or state or country location only so Global datacenter of cloud provider would not be feasible, hence to comply with such regulations , cloud provider must have private cloud offering or if public cloud then Point of Deliver (PODs) must be as per regulation requirement
Compliace with Diasaster Recovery: Yes this is true for some industry domain this is also very serious regulation to have cloud with DR or else all the system, infra, app wont be qualify for operation.

—–

Binesh Jaiman – Subject Matter Expert Cloud Solutions & Cloud Adoption at IBM

Leave a Reply