Around the world, cloud computing and compliance regulation are having a major effect on businesses. Not only are they transforming operations, but they are also having an effect on an increase in cyber threats, which is causing headaches for IT professionals.
“Too many are trying to apply risk procedures, controls and regulations to a cloud business model, which they don't truly understand,” Garry Sidaway, global director of security strategy, NTT Com Security, told Information Age.
While the cloud allows businesses to become more agile, compliance restrains it, which is preventing some businesses from taking full advantage of what the cloud can do. According to NTT Com Security research, businesses are apprehensive of using the cloud. Interestingly, a whopping 86 percent say their issues around data protection, legislation, and regulation are responsible for cloud computing being adopted slowly.
With increasingly complicated data laws from NSA and PRISM revelations and compliance, it’s becoming a minefield for businesses looking to use the cloud. These days, we typically use compliance to improve business and corporate governance. This helps improve approaches to risk management, enabling businesses to understand risks of using the cloud and what processes they have in place to protect themselves.
But, something needs to change, according to Sidaway. Compliance should, instead, look forward and work with businesses and governments. In this age of the cloud, IT professionals face an overwhelming amount of laws including the ICO’s guidelines putting the security responsibility on the business owning the data, instead of the third party cloud provider.
Further, some organizations are making big assumptions about the skills required to develop and deliver secure cloud services. In addition, too many are trying to apply risk procedures and regulations to a cloud business model, which they don't fully understand. They apply old compliance methodologies to new business models, to decide that they can't use the cloud effectively because of compliance.
Instead, they should get a better understanding the cloud before applying these controls. IT professionals that do understand the right way to merge the cloud and compliance see good cloud skills as the priority.
With the right knowledge, businesses can then explore the technology of the cloud and how it can improve their operation, as well as apply the controls to manage risk.
For more news on the cloud and compliance, check out these articles: