We deal with compliance on a daily basis: traffic laws, tax laws, and other regulations. It should be no surprise that there are rules for how we deal with some data, especially data in a public cloud. These rules exist largely in the health care and financial sectors, but other industries have their regulations as well.
Besides security, compliance is the top reason that enterprises don't move to the cloud. But in my experience, this compliance-based resistance is more about not understanding compliance in the cloud rather than actual obstacles to being compliant. Here are three steps to dealing with compliance in the cloud that work every time.
Step 1: Understand the laws
Most enterprises don't have a good understanding of the details of the legal issues they actually face, such as how the data should be handled and by whom, how they need to be certified (if they do), and what location restrictions exist.
There should be no speculation as to what's legit and what's not. It's all written down someplace, and you need to read all of it. If needed, hire a lawyer to figure out what's legally required and what's not.
Step 2: Look for best practices
The fact is that other companies have already figured out how to keep compliant in the cloud. It's good to seek out their experiences, so you can avoid making their mistakes all over again.
Looking outside your walls for best practices also means employing consultants, who carry knowledge between enterprises like honey bees carry pollen. They can save you many dollars if they have the right knowledge.
Step 3: Automate, automate, automate
Most of the issues that I see around compliance have to do with human errors. Data is put in the wrong place and is found in a compliance audit, putting the enterprise on the hook for a hefty fine, for example.
There are governance tools that focus on compliance. They use policies that control where the data can go, who can see it, and what processes can act upon it. Use them!
Moving to cloud computing is not that difficult when you break things down into steps, then define each step in detail. Doing so should ensure your move to the cloud is compliant.