Since the cloud is by nature, “up in the clouds,” it can be harder for enterprises to know if they are complying with industry and governmental regulations than if they were employing on premise hardware and infrastructure.
It’s important to keep up on the potential legal issues that could arise, especially those related to stored, owned and collected data, since there are complex federal, international and state laws that lay out responsibilities to both cloud vendors and users. According to Microsoft’s TechNet Magazine, “Failure to adequately protect your data can have a number of consequences, including the potential for fines by one or more government or industry regulatory bodies. Such fines can be substantial and potentially crippling for a small or midsize business.” Learn three tips for regulatory compliance here.
Cloud Computing: 3 Regulatory Compliance Tips
1. Identify New Challenges
Since the cloud will likely complicate your regular IT workloads, it’s essential to know what new challenges will come your way. At WEI, we’re happy to help you determine which cloud offerings are right for you, and offer advice for what a cloud computing deployment could look like at your organization; contact us for assistance.
2. Choose a Trusted Provider
Since cloud computing use hinges upon you (the subscriber) and a cloud vendor (the provider), it’s important for regulatory compliance that you choose a trusted vendor who will keep up with the ever changing legal landscape. To ensure your chosen provider is the right fit for you, ask the right questions, including finding out their pricing structure, knowing where your data will be physically stored and to how you can access their services.
3. Fully De-Provision Past Employees
Removing user privileges from team members no longer with the company becomes more challenging when your organization uses cloud computing. Since you are able to log in from multiple places to numerous applications, it isn’t as simple as deactivating their account. As Tom Kemp, CEO of Centrify says in an article on CIO:
"When an employee leaves the company, what you'd like is to push a button and that person gets de-provisioned from their Windows account and any internal enterprise applications, their mobile phone gets wiped of corporate information, and they're blocked from the company's SaaS applications. Today, automated de-provisioning can't span both cloud and on premise systems.”
What’s necessary instead is to staff a seasoned security pro at your organization who can ensure all permissions and access points remain well guarded once an employee leaves the company.
Cloud tenants based in the U.S. should follow the above tips to ensure they stay in regulatory compliance. For more help with planning and deploying your organization’s journey to the cloud, contact us today or read more articles on our blog.