Is compliance standing in the way of enterprise cloud adoption?

The cloud is here to stay. Across the business world, enterprises have bought into the power of the cloud and are starting to adopt it, albeit to different degrees. Most IT departments and decision makers have some sort of plan to make use of the cloud — be that private, public, or hybrid — or have already implemented a cloud storage policy. For the most part however, the utilisation of cloud is still much below its potential.

Cloud security

Security issues are still by far the main sticking point. IT security has always been, and continues to be, a major blocker for enterprises when it comes to cloud adoption. In the early days decision makers worried that moving to the cloud would leave their enterprise networks vulnerable to theft, loss of data, and accidental or malicious exposure. As cloud services became more mainstream, and organisational leaders saw their uses and gained a better understanding of how the cloud works, such fears were largely allayed.

The one barrier that has remained is compliance. Industries are ruled by complex regulations and laws such as the PCI-DSS, HIPAA, Sarbanes Oxley Act (SOX), and the European Union Data Protection Directive, to name a few. Many organisations find these regulations are an inhibitor when moving to the cloud. They seem to feel that while the cloud promises innovation and agility, the regulations and complex data laws hinder flexibility by their inherent rigidity. In a Global Cloud Data Security Report by cloud security company CipherCloud, 64 per cent of the organisations surveyed said that compliance and auditing is the biggest challenge associated with cloud computing.

On this basis alone many enterprises remain wary of adopting cloud on a major scale. Instead they prefer to either take baby steps or just do what IT recommends to save costs and increase productivity, without getting into any compliance-related issues around cloud.

So will compliance become an insurmountable roadblock for widespread cloud adoption?

Service providers and vendors are key to removing the fears within enterprises — from less expensive cloud hosting options to greater security measures, and of course, better understanding and visibility on compliance requirements.

To get around directives on the actual geographical location of your data for instance, the best service providers now offer geographical nodes that you can choose to specifically store your data in. Additionally, many of the unanswered questions from the early days of cloud adoption around multi tenancy security, data control while being mobile, data loss prevention and detection are now fully addressed by the cloud providers and security tool vendors.

Organisations need to stay on top of service providers to ensure that the provider maintains regulatory controls on an ongoing basis and to enforce vendor compliance by setting down your requirements in an SLA.

There are also tools to help with compliance and to track and monitor the measures required to remain compliant. In fact, emerging research indicates that compliance is pushing organisations to strengthen their data security on the cloud, which is a good thing. To this end, many organisations are evaluating and implementing Governance Risk and Compliance (GRC) applications. GRC applications integrate and manage IT operations that are subject to regulation. Instead of keeping data in silos, administrators can use a single framework to monitor and enforce rules and procedures enabling organisations to better manage risk, reduce costs and minimise complexity.

Keeping on top of compliance

Just like any other security solution, the best access governance systems are not those that are implemented rapidly and then allowed to run uninterrupted. Rather, implementation should be an iterative process that is continually tweaked as policies evolve and visibility into user roles and responsibilities improve. Monitoring regulations continuously and the compliance policies and processes the enterprise has in place minimises exposure to risk. Automation helps mitigate risk by resolve issues that arise around access in a timely and efficient manner.

The march to cloud continues. As more organisations look to implement cloud, service providers and vendors will have to continue to proactively meet and allay concerns around security and compliance. Implementing a GRC application is an effective way to reduce risk and actively manage complexity around compliance, helping organisations on the path to realise the full promise and potential of cloud.

Priya Kanduri, Head of Risk and Compliance Practice at Happiest Minds Technologies

Image Credit: faithie / Shutterstock