The idea of partnerships and trust has always been a cornerstone of business operations. But the specter of regulatory...
compliance -- and the legal implications of compliance breaches -- has put extraordinary pressure on service providers and service consumers. Nowhere is this pressure more acute than in enterprise IT operations that use public cloud services such as Amazon Web Services.
As public clouds take on increasingly important workloads and sensitive data, business leaders must ensure that the public cloud provider can meet and maintain compliance needs. In response, providers are embracing a wide array of certifications to demonstrate an understanding of regulatory issues and assume a role of shared responsibility with their customers.
Before moving to a public cloud provider like AWS, take the time to investigate and verify where each stands on compliance; it will absolutely affect the business and risk assessments in the public cloud.
Perhaps the first and most notable attribute of a compliance-friendly public cloud provider is a public commitment to the standards or regulations that your enterprise needs. For example, a commercial merchant would almost certainly seek a public cloud provider that meets current Payment Card Industry Data Security Standard requirements for certification, while a healthcare business would likely seek a public cloud provider that meets Health Insurance Portability and Accountability Act (HIPAA) requirements. Some providers may specialize in one or more regulations, while the largest providers such as AWS can provide resources that accommodate numerous regulations to maintain compliance.
The goal is to find a public cloud provider that can meet the demands of the relevant regulation -- the provider itself may not hold that actual certification because it isn't in that specific business.
It's one thing for a public cloud provider to promote adherence to regulatory requirements, but it's also worth additional due diligence to investigate the public cloud provider. Speak with account representatives and let the cloud provider explain how it can address your enterprise's specific compliance concerns. If the provider can't explain what they're doing clearly, it might be necessary to find a different provider. Watch the provider's SLA closely and verify that it will continue to adhere to regulations that affect your organization.
Remember, certification instruments such as "letters of compliance" expire every few years, and the provider must renew its own certifications regularly. If they drop support for an important certification critical to your business, the business may face additional risk and even prompt a move to another public cloud provider.
Look for compliance-related support resources, including live support from compliance experts that can offer advice and guidance in the best use of public cloud resources. Support might also include forensic investigation capabilities using auditable logs and other management-level cloud data to ensure your enterprise can maintain compliance. Supplemental support could also offer detailed compliance documentation, such as compliance enablers from AWS, and deployment guidance that can help businesses use the provider's services while meeting compliance obligations and reporting requirements.
No cloud provider will make assumptions about regulatory or security obligations of an enterprise. A business cannot avoid compliance obligations by handing off workloads and data to a cloud provider. In the end, the business is ultimately responsible to maintain compliance, regardless of the cloud provider. Picking the right cloud provider can make compliance easier, but it's still the obligation of the individual business users.
AWS RDS gains HIPAA eligibility
Encryption cements solid base for AWS compliance
AWS supports business regulatory requirements
Dig Deeper on AWS compliance, governance, privacy and regulations
Related Q&A from Stephen J. Bigelow
Administrators in charge of keeping antivirus software up to date have a few options to protect their servers. Learn about the methods and services ... Continue Reading
The Office Insider program can benefit organizations that want as much lead time as possible to see what new features Microsoft plans to release for ... Continue Reading
Microsoft offers Windows Defender Antivirus as its native tool to prevent malware attacks. Discover how it works and what advanced protections it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.