Security, compliance concerns at the heart of cloud solutions

Firewalls, security keys and compliance are essential components to any cloud solution

The cloud has proven to be a valuable tool for companies of all sizes in every industry. Cloud storage, communications and applications can save companies money, manpower and time and bring them to the cutting edge of modern technology. But putting data into the cloud does create concerns for businesses, mostly in the areas of security and compliance. 

While security has come a long way, companies in certain highly regulated industries like healthcare and finance, must ensure that security standards are up-to-date and aligned with regulatory specifications as laid out by HIPAA, PCI/DSS, etc. Here are some security features to keep in mind when assessing a cloud provider: 

  • Firewalls: The latest firewalls combine intelligent applications that constantly monitor for suspicious activities, protecting internal resources and monitoring databases that track malevolent operators.
  • Security keys: Organizations that operate in highly regulated spaces are best served by owning the encryption keys, rather than letting the provider own them. This works best when data is housed in a hybrid deployment, both in the cloud and on-site.
  • Certificate monitoring: It is important to monitor security certificates, set up alerts to know when certificates are expiring or interacting oddly with other services, and knowing the origins of your certificates.

Finally, companies must ensure that they and their cloud providers are compliant with all relevant regulations. This is of paramount importance to general counsel and chief compliance officers. They must investigate which providers meet certification standards of the regulations in question. Companies should inventory all systems, categorize them based on risk level, implement security controls, while conducting continuous risk-assessment audits and monitoring. In this way, businesses can experience the benefits of the cloud while minimizing the risk involved.

 

For more information on the cloud, check out the stories below:

Modernizing privacy for the new IT

Technology: Are there clouds on your board’s radar? 

Technology: The impact of digital age innovations on the attorney-client privilege

Managing Editor

author image

Rich Steeves

Richard P. Steeves is Managing Editor of InsideCounsel magazine, where he covers the intellectual property and compliance arenas. Rich earned a B.A. in English Literature...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.