Virtualization Technology News and Information
Addressing the Compliance Hurdle when Moving to the Cloud
Article Written by Vince Arneja, Chief Product Officer, 5nine Software 

The promise of the cloud lies in its fluid and scalable nature. While organizations seek to leverage the unlimited capabilities cloud computing offers, they must also ensure the integrity of the data they store and maintain in a cloud setting. A decision to move data to the cloud is also a decision to enter a new regulatory landscape. Businesses must implement a holistic regulatory framework; otherwise, the cloud's promise can quickly morph into chaos. To check the compliance box during this transition, the most challenging yet critical change businesses must face is a shift in their company mindset.

You must know the where, what and when at all times

Unlimited computing, unlimited storage and unlimited analytics are the "titanium trio" capturing the essence of a cloud advantage. But this boundless nature needs to be carefully considered as companies prepare for their cloud move. Regulations vary by the type of data, where it is stored and what it is being used for. In a setting without boundaries it's uniquely challenging to continually know where your data is located, granularly track its state and keep it secure. When a business has deep and wide visibility into its assets in the cloud, it can vigorously assess its firewall compliance to ensure the integrity and resilience of its data. Having a clear grasp of your data coordinates is key to ensuring compliance.

Despite shared responsibility models, businesses must maintain 100% ownership

Even though cloud providers offer shared responsibility models, businesses who own the data aren't off the hook for protecting it. While there are many benefits to cloud vendors offering security assets to customers through these models, the security burden isn't necessarily balanced across the partnership. Shared ownership can be risky. If company and vendor aren't in sync about responsibility delineation, then certain security and compliance applications will fall through the cracks.

This is often the case - in fact, businesses need only reflect on the current ratio of providers to customers. A cloud provider has hundreds if not thousands of customers with whom it shares security and compliance responsibilities, whereas each business typically deals with only one or two providers. Adding to that, responsibility models may differ by vendor and service offering. For example, SaaS requires a different compliance and security implementation than IaaS. This is a necessary distinction in order to identify whether vendors or end users carry the burden of security, as the answer is different depending on each situation. Despite shared responsibility models, it's important to recognize that the business, ultimately, owns the data stored and maintained in the cloud; therefore it needs to be prepared to take ownership of protecting its data, regardless of who the burden of security sits with within the provider-customer relationship.

Compliance ‘Round the Clock

Compliance is not a one-time task. When preparing their move to the cloud, businesses need to assess all of the regulations to which they're subject, and thoughtfully map out a plan to update, track and maintain compliant cloud activities around the clock. Regularly auditing these requirements, accounting for data movement, and retaining accurate transactional records are necessary components of an effective cloud compliance process.

Many organizations are realizing the potential and benefits of business models powered by the cloud. As with any decision-making process, it's important to assess the risks versus rewards of adopting a cloud strategy. While risks exist with every option an organization may choose to follow, it's essential to identify them beforehand and map out a containment and mitigation plan for each.  Proactively addressing regulatory requirements is the baseline to any successful cloud transition. This allows organizations to not only create a stable cloud infrastructure to operate in, but also maximize the rewards of their business decision.


About the Author

Vince Arneja 

Vince Arneja, Chief Product Officer, 5nine Software

Vince Arneja brings over 20 years of experience in executive and senior level technical product management positions with the last 15 years focused on product management and strategy in the domains of cloud, mobile, application, endpoint and network security. Vince has a very successful track record, both in being part of a private company that went public and working for four private companies that were ultimately acquired.

Vince's responsibilities include leading product strategy, defining corporate product roadmaps, pricing and positioning. He joined 5nine from OPAQ Networks where he helped launch the company and headed up the Product function through two acquisitions. Previously, he was at Arxan where he lead the Product function for almost 9 years which resulted a nine figure exit to TA Associates. Prior to Arxan, he was at Sigaba, a leading email encryption provider acquired by Proofpoint, where he was an executive leading Government and Commercial Product Management.

Vince also serves as an advisor to various Cyber Security companies in the DC Metro Area and the Bay Area. He started his career as a software developer and was part of an IPO after working towards a degree in CIS. He is also a graduate of various Executive Management Programs at University of California, Berkeley.

Published Friday, March 23, 2018 7:41 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2018>