What is Compliance?
Compliance when dealing with cloud computing can be an issue for those using cloud storage or backup services. When you transfer data from your internal storage to a cloud provider’s you must examine how that data is stored so that you stay in compliance with laws and regulations. Financial cloud computing, for example, requires IT sox compliance to ensure quality of service.
In 2002 the Sarbanes-Oxley Act (SOX) was implemented as a response to huge accounting scandals. Companies like Enron, Global Crossing and others misled investors and cost shareholders billions of dollars. This, in turn, changed the IT world forever. What does this have to do with IT? It changed how we approach things like storage, data, security and other functions.
Cloud compliance is, simply put, a principle that states a cloud based system must be compliant with standards that the cloud customer faces.
Compliance departments ensure that businesses conform to established rules and it’s important to understand, when switching over to a cloud service, how and in what ways the cloud meets compliance standards. Luckily, there are cloud providers that ensure compliance with regulations like SOX.
If you’re in the financial services industry there are a few things to think about when considering IT solutions for finance or a cloud provider.
How Compliance Works
A global survey conducted by Veritas Technologies, a data management company, revealed that of the 13 countries and 1,200 businesses surveyed, 69 percent of organizations or 828, wrongfully believed that data protection, data privacy and compliance are the responsibility of the cloud service provider.
When it comes to cloud compliance you need to be aware of the data you should move to the cloud and the data that should remain in house, the questions you need to ask of your cloud provider and what be written in a service-level agreement (SLA) to maintain industry compliance.
When SOX was first written, it explicitly left out how regulations should be met. This ensured that industries could adopt the most recent technology instead of having to wait for lawmakers to catch up to technology. Because of this, the cloud is a viable infrastructure for financial companies that forced to adhere to compliance rules.
The way IT departments store records changed due to the implementation of SOX. Regulations state what kind of information needs to be stored that relate to SOX compliance. Things like electronic records and messages, spreadsheets and emails are considered valuable and fall under the regulation.
It’s important that you not take this for granted, and evaluate your SLA’s with the provider.
The first thing that organizations need to do is be aware of the type of services they use. There may be certain information that’s regarded as highly confidential and a company may decide to keep it on an internal network. Or if it is moved to the cloud, it’ll be a private cloud that will be hosted on the premises.
Nerds Support has a hybrid cloud in a secure location that has military grade security.
Ensuring Cloud Compliance
Once your company has decided what information is to be transferred over to the cloud look at the contracts you have between with your cloud provider. Depending on whether the cloud is internal or external the approach will be slightly different. If it’s external, you have to make sure both you and the provider are clear about what type of data should reside on their cloud services and how they’ll protect said data. If it’s an internal cloud, are you going to have internal compliance checklist to make sure you’re within the regulatory standards?
With cloud financial services, customers and cloud providers share the responsibility to maintain compliance. It’s the duty of the organization to investigate the security policies of the vendor.
Important questions to ask include:
- Where is data stored?
- Who has access to the storage areas or data centers?
- How is my data protected?
Service Organization Controls
In some cases, companies can look at providers that certify compliance and chose their services without any further research. There are times, however, where a company will have to be more thorough and get involved in the cloud providers security to make sure it complies with industry standards. When it comes to SOX compliance, however, you should look for a vendor that provides you with Service Organization Controls.
This report enables user auditor to evaluate audit risks associated with the use of a financial cloud provider.
It’s also important to establish and verify benchmarks that help check the effectiveness of the security around your data on the cloud. Make sure your provider uses federal government guidelines for cloud security if it’s based in the US.
In order to avoid miscommunications between your cloud provider and your organization, make sure you take the time to classify the data in level of importance, delegating carefully what is suitable for the cloud and what needs to remain internally stored. Have the right contracts and go through them, establishing what will be covered under their services and how they’ll protect and back up your data. A business continuity plan is also imperative, just in case of any hiccups.
Nerds Support has cloud services that comply with financial regulations.
Contact us today to schedule a free IT assessment that can identify gaps in your IT infrastructure.