Compliance in a Cloud-Computing Era
With its reimagined approach to businesses’ technology, the growth of cloud computing has become one of the fastest growing in the IT Industry. Despite its attractiveness, this relatively new environment has been a slow adoption process for some companies with compliance concerns at the top of the hesitation list.
This shift towards the cloud is now being referred to as the ‘Next Architecture’ and the true capabilities of the cloud are only just being realised. Yet despite cloud-computing’s business and cost-saving potential, it poses a significant compliance threat. Security, privacy and trust are among major concerns when adopting cloud technology, along with continually tightening privacy-related laws such as the General Data Protection Regulation and the California Consumer Privacy Act. On top of this, different industries have their own set of stringent guidelines like the HIPAA for the healthcare industry in America.
This idea of IT Governance, which is becoming increasingly crucial for businesses, centres around effective management of IT functions. Cloud computing has disrupted these IT functions considerably, especially when shifting to a public cloud server, as ‘public’ means it is offsite. The benefit is that the provider is responsible, but it also means relinquishing control.
Cloud-computing’s complexity roots from the vast number and intracity of laws and regulations that surround cloud settings. Establishing transparent relationships with cloud service providers is a good initial strategy along with an understanding of how the service has previously approached compliance on a technical level.
A recent study released by training company O’Reilly highlighted a lack of skills as the main barrier for almost 50 percent of IT managers and executive CXOs looking to implement cloud-based infrastructure. Compliance and security issues were identified among these top concerns.
The main issue for Chief Information Officers is understanding where and what data is being stored. When data is stored inhouse, this data is readably available, however when moved externally this creates a new set of challenges. It also shifts security that was once internal to external. The issue of “data sovereignty” is then introduced along with knowing where your data ‘is’ at any given moment.
With this in mind, highly confidential information may be best remaining internal or being hosted on a private cloud premise. Many companies are choosing to adopt this use of a hybrid cloud architecture. This approach has been adopted by 28 percent of companies, whilst another 17 percent equally utilise a combination of public and private cloud.
With a projected growth of over 17 percent by the end of 2019, the cloud services market is expected to be worth $206 billion by the end of the year. Despite cloud computing concerns, the power and benefits of the cloud are undisputed. The ability to have virtually unlimited space and the cost-effective nature of only paying for what is being used outweigh the challenges.