The cloud going commercial has created a whole new world of opportunities.
No longer are companies held captive by the increasing costs of maintaining data centres. Plus, data is now available, anytime, anywhere – which massively improves any organisation’s agility.
However, with this opportunity come new challenges with regulations and compliance. Where is our data located? How is it going to be sent and retrieved in the cloud? Who can access it? And how will it be secured?
In previous Barriers to Cloud pieces, we’ve explored security, the talent gap and the misalignment between tech teams and business.
This time around, we’re talking compliance with our own Group Account Director, Karen Haydon.
Karen has almost two decades of experience managing technical projects with global clients on a variety of infrastructure and web projects. Now she wears the hat of Information Security Manager too!
Karen oversees our implementation of compliance and security related policies day-to-day and also trains and onboards new members of the #jamfam on information security best practices – so she’s the perfect person to ask.
What is cloud compliance?
In a nutshell, it’s about complying with the laws and regulations that apply to using cloud or cloud-based services.
Are there different laws and regulations governing the usage of the cloud?
To date, the use of the cloud isn’t governed by a single international law. However, there are guidelines, standards, laws and regulations that span multiple industries and geographies.
Although the majority of these align on core principles, there are some differences. As data is exchanged over international borders, the different laws and regulations governing how that data should be stored and/or handled need to be considered and adhered to.
It’s not just a question of whether or not your organisation uses cloud, but ensuring they use it correctly and securely. All of this makes cloud compliance very complex.
The different pieces of legislation, guidance and regulations applicable to data protection and management are too numerous to list here – especially accounting for international equivalents.
For example, whilst EU GDPR applies to Europe, Singapore has its own PDPA. The US doesn’t have a single equivalent, but there are various federal and state-level privacy regulations that align with (and differ from) GDPR and PDPA.
The bottom line is, when you’re thinking about cloud, it’s important to understand how these different laws and regulations can intersect in the context of international data, and how to manage that intersection.
That sounds like a headache! Is there a way to simplify compliance in the cloud?
Protecting and securing all your organisation’s data across multiple environments and locations is no easy feat, but it has to be done. However, you’re not alone in this. And your cloud service providers (CSPs) can be a real asset.
CSPs AWS, Microsoft and Google have to ensure their businesses are in line with strict security controls, laws and regulations. They accomplish this by:
- Developing guidelines/frameworks to comply with requirements
- Ensuring that they have the necessary accreditation(s) and compliance certifications
- Going through rigorous internal and external audits
They have a wealth of resources and experience for dealing with the complex web of standards and laws. Plus, their success is tied to their customers being compliant in the cloud, so it’s in their interest in the long run.
Are there partners who offer help with compliance in the cloud?
Aside from CSPs, organisations can work with a partner who is familiar with the various cloud vendors’ compliance posture and has experience of the regulations and standards required for the relevant regions.
Just After Midnight is such a partner.
We’re a vendor-agnostic managed cloud service provider working with businesses around the world.
We migrate, modernise and architect. And we’re always happy to discuss any additional requirements your industry has.
We’ve built recognised partnerships with the major CSPs, and behind our business is a team of qualified engineers who help consult on and implement the strictest level of compliance frameworks.
But it’s not just our technical engineers who know about compliance and data protection regulations.
Everyone in the organisation plays a part in keeping the business compliant in the cloud.
This is even more important as remote working is on the rise and companies are increasingly transitioning to virtual infrastructures.
It’s during this transition that risks are heightened as there is a greater possibility of things being overlooked. A managed cloud service partner like JAM can help you tackle these risks head on.
The takeaways:
- There is no common regulation of cloud use that holds throughout the world but there are some common core requirements
- Be aware of best practice guidelines, standards, and regional/international laws applicable to your organisation and your customers
- Cloud service providers/vendors have a wealth of resources in dealing with the complex web of standards and laws and have undergone numerous audits
- Organisations can explore working with a third-party IT service provider with nationally and/or internationally recognised certifications, experience with a variety of CSPs’ compliance posture, and who’re backed by a reliable team committed to upholding compliance for their customers – just like us
How we can help
If you are still concerned about your regulatory compliance, bringing in a partner like JAM might help.
This is the last instalment of a 4-part series on barriers to cloud adoption in Singapore. You can read the previous parts here: Part 1, Part 2, Part 3.
