Virtualization Technology News and Information
Iland 2016 Predictions: Cloud Compliance Gets Trickier – and More Critical than Ever

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual series exclusive.

Contributed by Lilac Schoenbeck, VP, Product Management and Marketing at iland

Cloud Compliance Gets Trickier – and More Critical than Ever

2016 will be the year of cloud compliance. The strategies of old, from "hold your breath and hope we're covered" to "avoid the scary cloud altogether" are behind us. Cloud is an indisputable part of the IT ecosystem at almost every level of its infrastructure, and businesses - especially highly regulated ones - can't ignore cloud compliance any longer.

With greater acceptance, however, comes greater scrutiny. In October, the EU nullified the Safe Harbor provisions, a fifteen year old framework that provided a bridge for U.S. and EU firms to share data. This is a big deal for multinational businesses, with several implications for 2016:

1.     Everyone will scramble - and that's a good thing.

The upside to the nullification of Safe Harbor is that it will force organizations to assess current processes and protections. They will (or at least should) look at data flows, talk to Legal, and examine contracts from each of their cloud vendors to better understand the ins and outs of their data. 

2.     Big companies will underestimate the impact of Safe Harbor.

The big guys, like Google, Microsoft, and Apple, have already played down the impact of the ruling. The Internet Association, which represents Amazon, Netflix, and more, said that "companies have mechanisms in place to effectuate data transfers beyond the Safe Harbor," while Facebook stated that it "relies on a number of the methods prescribed by EU law to legally transfer data, aside from Safe Harbor."

While all of that is fine and good, the landscape has still changed. Organizations will be under increased scrutiny internally and externally. Those alternative methods require more time, money, and resources to enforce. And more restrictions will likely become the norm while a new framework is prepared.

3.     Small and medium-sized companies will look for alternatives...

Smaller organizations with fewer options already in place will look for other ways to transfer data from the EU to the US. Binding Corporate Rules and Model Contract Clauses are the low-hanging fruit, existing contracts that allow for data transfer via different approval processes from the European Commission and data protection authorities in member states. Smaller orgs will start there.

4.     ... but will struggle with the overhead to adopt them.

While these alternatives exist, executing on them isn't easy. New processes increase overhead across every dimension, and leaner companies may need to reallocate time, money, and/or manpower to meet them. This will hit legal and IT security teams particularly hard.

5.     We'll hear a lot about Safe Harbor 2.0.

Whether enterprise or mid-market, every business will anxiously await Safe Harbor 2.0. Discussions have been going on for years in an attempt to update the framework, and the EU now appears to be forcing the issue. We'll hear a lot about how to balance data protection and privacy with the interests of the digital economy. The conversation will get especially interesting given the cultural differences between the EU and U.S.

The implications of the Safe Harbor ruling will definitely impact organizations well into 2016. For some companies, it will be a matter of throwing more money at the problem. For others, compliance will become more complex, and potentially a greater burden. Every business, however, should benefit from increased focus on compliance in the cloud. Even if it's a tough road, more secure data is a great destination.


About the Author

Lilac Schoenbeck is VP, Product Management and Marketing at iland. She has more than 15 years of experience with product marketing, strategy, business development, and software engineering in the grid, virtualization, and cloud domains. Prior to this role, she led cloud and automation marketing for BMC Software, and has worked for IBM, Fortisphere, Innosight, and the Globus Alliance. Lilac holds an MBA from MIT Sloan School of Management and a Computer Science degree from Pacific Lutheran University.

Published Thursday, November 12, 2015 6:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2015>