Can a Cloud Solution Really be Secure and Compliant?

by Sherry Thompson | October 10, 2018      

The cost savings from moving data to the cloud provides a strong competitive advantage, and in today’s highly competitive business climate, businesses must leverage every advantage available. Across the communications, manufacturing, technology, and financial industries, total cost savings ranges on average, between 37% and 42%,1 making cloud computing a financial imperative. As compelling as it is from a cost reduction standpoint those who have researched the cloud, or who are already leveraging the cloud, know security and compliance can become huge concerns.Given the magnitude of recent data breaches,3 it’s important to understand what cloud security and cloud compliance look like.4

Cloud Compliance Challenges

Regulations for managing health data vastly differ from those of a merchant or other service provider’s data regulation requirements. Compliance on the cloud means organizations must offer solutions that can meet the spectrum of compliance requirements and discern when to apply different rules for different data sets. Following the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), is required for health-care providers on the cloud just as it is when storing and using personal health information (PHI) on their internal network. To do this, cloud providers must understand the industry-specific regulations for data management and ensure they are all applied accurately.5

While this may seem like a nearly impossible task, competent cloud providers know how to work directly with an organization’s staff and network to determine the security provisions and match the compliance requirements. The level of complexity in this process varies by industry, but when a reputable provider is selected, and a strong enterprise or organization wide cloud compliance strategy is developed, it can be done successfully.

Security Concerns

While it is good practice to be concerned with security when migrating to or operating on the cloud, it is also imperative to remember some industry experts believe that moving forward, cloud providers will be the only entities capable of providing a truly secure environment for data, simply because they will have the resources and the knowledge to defend against security threats.6 It’s important to remember that most valid security threats and concerns on the cloud are a result of the way that individuals and organizations use the cloud, rather than the technology itself. In fact, it is estimated through 2022, at least 95% of security failures are predicted to be the customer’s fault.7

This year alone, it is predicted organizations on the cloud who have adopted sufficient safety measures will experience approximately one-third fewer security failures.8 Conversely, those organizations that warehouse data on premises will be vulnerable to an attack because it will be easier to breach their security measures than those on the cloud. With this in mind, cloud solutions become even more compelling than on-prem solutions and there are several key actions that can be taken to ensure data on the cloud is secure and compliant.

Best Practices for Ensuring Security and Compliance on the Cloud

  • Develop a comprehensive cloud strategy: 
    This means organizational leadership must be involved in the process from the outset. Planning and policy should account for all concerns and identify potential weaknesses, so they can be mitigated.                                                          
  • Control access: 
    Controlling access to data is often more important than how it is stored. This is true whether data is housed on premises or on the cloud. Since the vast majority of anticipated security failures are likely to come from customers, it is crucial threats be reduced as much as possible by limiting access only to the data needed for each individual.           
  • Educate employees on security threats:
    While IT professionals can usually identify a threat in seconds or minutes, many employees lack this ability. Conducting training sessions (and refresher courses) can help employees understand how to spot and respond to potential threats.                                                                                                                                                                                   
  • When unsure, test: 
    As has always been the case with new IT implementations, the best way to determine weaknesses and ways to respond is to test. Conducting regular tests can help you identify vulnerable hosts or other resource threats. They can also help you gauge your own internal processes for responding to a threat and determine how to enhance this process.                                                                                                                                                                                                   
  • Keep current on technologies and advancements:
    Whether data is warehoused on premises or on the cloud, it’s vital that the environment stays current on its required updates. It’s also a great idea to work with your cloud solution to determine whether emerging technologies, such as those using artificial intelligence (AI) or machine learning (ML), can be leveraged to enhance your security environment.

Cloud technology offers a clear advantage by providing for scalability, mobility, and reliability while also reducing costs. However, it requires vigilance in monitoring and maintaining security and compliance. While there is no way to eliminate risk completely, these best practices offer a solid first step in understanding how to keep your data safe on the cloud. By selecting an experienced cloud service provider who holds security expertise and the required industry certifications for compliance, organizations can improve their data security by moving to the cloud.

 

 

References
1. Cloud Technology Partners. (2018). Cloud economics: Are you getting the bigger picture? Retrieved from https://www.cloudtp.com/doppler/cloud-economics-getting-bigger-picture/

2. Buchanan, J. (2011, August 8). Cloud computing: 4 tips for regulatory compliance. On CIO. Retrieved from https://www.cio.com/article/2405607/cloud-computing/cloud-computing--4-tips-for-regulatory-compliance.html

3. Panetta, K. (2018, March 27). Is the cloud secure? On Gartner. Retrieved from https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

4. TechTarget. (2013, June). Understanding IT’s role in cloud security and compliance. Retrieved from https://searchcloudcomputing.techtarget.com/feature/Understanding-ITs-role-in-cloud-security-and-compliance

5. AWS. (n.d.). HIPAA Overview. Retrieved from https://aws.amazon.com/compliance/hipaa-compliance/

6. Tripwire. (2016, May 9). 4 Reasons why the cloud is more secure than legacy systems. Retrieved from https://www.tripwire.com/state-of-security/security-data-protection/4-reasons-why-the-cloud-is-more-secure-than-legacy-systems/

7. Panetta, K. (2018, March 27). Is the cloud secure? On Gartner. Retrieved from https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/

8. Panetta, K. (2018, March 27). Is the cloud secure? On Gartner. Retrieved from https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/