Compliance and the Cloud

March 14, 2011, Tom McAndrew, EVP Commercial Services, Coalfire

“The Cloud” is a hot topic right now. Yet most people can’t even define what “the cloud” really is. As I talk to more companies, who are considering the move, they all have two main concerns: security and compliance. Of course, security and compliance are key when it comes to cloud computing, but the questions you really need to be asking is not, “Will I be secure and compliant if I move to the cloud?” but rather, “What do I need to do to be secure and compliant when I move to the cloud?”

The switch to cloud computing is inevitable for most companies, and choosing the best cloud environment is a huge decision. There are two simple steps you can take to safeguard your migration and make sure it is successful.

Get it in writing

First, you must compare the service provider’s contracts with the regulatory needs of your business. Your provider must acknowledge in writing their responsibility to protect your data. Contracts must stipulate that the provider understands what type of data they are dealing with. This will guarantee its protection and make sure that they will notify you immediately if there is any suspected incident. Also, make sure that if an incident does occur that they will cooperate with any investigation.

Know Your Stuff

Second, you must ensure that all of your stakeholders, this includes external auditors, regulators and IT staff, understand what cloud computing is. Many of your key players will have a varying level of technical knowledge.

Cloud computing is here to stay; it is only going to get bigger. While the standards of this newest IT evolution are still being established, there is no need to let uncertainty slow your migration. With a fundamental knowledge of cloud environments and a well-trained auditor, your organization can successfully lead the charge to the agile, on-demand world in the cloud.

Tom McAndrew


Tom McAndrew — EVP Commercial Services, Coalfire

Recent Posts

Post Topics