Cloud, Compliance, Cybersecurity
When your day-to-day is consulting with prospective clients in IT, you begin to get a feel for which technologies are having the biggest impact. Questions that are asked, articles that are published, etc. all give pretty clear indications about how technical markets are evolving over time. Naturally – it likely comes as no surprise – cloud and security are at the top of everyone’s mind.
Cloud has gone through an interesting evolution as it relates to security. Four years ago, you couldn’t convince most IT leaders that housing their highly important information on the same infrastructure as someone else would ever be a good idea. Makes perfect sense, right? When people share an office, they need only turn their head to see what others are working on. Why wouldn’t it be the same when people share servers?
Fast forward, and now we are talking about how cloud infrastructure has some of the highest levels of regulatory compliance including PCI, HIPPA, GDPR, multi-national, government, and many more.
The reality of what we are facing is that cloud is no more or less secure than it has ever been. The underlying cloud infrastructure providers, however, are taking on more responsibilities as it relates to the key regulations that their customers worry about. This additional support from providers brings a level of comfort that was necessary to achieve mass market adoption of the cloud.
Unfortunately, this is also HIGHLY misleading.
In order to achieve regulatory compliance, organizations must possess a deep understanding of their clients, technology, and themselves. The key here is making sure that you have the level of technical expertise internally to build, deploy, and manage off-site (cloud) infrastructure. Cloud providers have no interest in these nuances.
In short, cloud is absolutely one of the most defining technologies that has achieved mass market success in the post-internet era. In order to effectively deploy workloads (test or production) in the cloud, organizations need technical teams that understand the culture of their organization and how compliance will affect that culture. By way of an internal IT team or a really adept managed IT services provider, mapping regulatory requirements to the cloud will always be about understanding the delicate balance between people and technology. Cloud providers likely won’t be the one-stop-shop for compliance in the next decade, but the right internal or external partnership will ensure that we maximize the capabilities of cloud infrastructure without the risk of oversight as it relates to security and compliance.