What on Earth is 'Cloud Compliance'?
Whenever we hear the term cloud computing we always get words in our mind like elasticity, scalability, low cost, easy to use, etc. But people face major challenges like security, privacy and compliance while moving their business to cloud.
So, let's try to understand compliance in an easy way today. Are you ready?😋. Let's go.🚀
- What does Compliance mean?
- Why Compliance is important?
- How you should evaluate required compliance as cloud user?
- What a cloud provider might cover?
What does Compliance mean?
Cloud compliance is all about complying with laws and regulations that apply to use the cloud. Cloud compliance ensures that cloud computing services meet the compliance requirements of customers. We should keep in mind that every cloud company(Azure, AWS, GCP) is able to meet the organization's unique requirements because compliance-related service offerings vary.
Compliance is considered to be a shared-responsibility model means service providers and customers share equal responsibility.
To get even more clear understanding, compliance in simple, are some laws and regulations between service provider and organization. The organization must be wise in choosing the compliance terms offered by the service provider. Let's see how the compliance offerings look or vary for different providers.
AWS: displayed region-wise
Azure: differentiated the offerings as regional, industry-specific, etc.
Each provider uses different ways to provide compliance offers.
Why Compliance is important?
Compliance is a very important concept that should be understood in serious depth as compliance failures can lead to regulatory fines, lawsuits and reputational damage.
Therefore, the key point is to understand what the cloud provider offers and what the company requires.👍
How you should evaluate required compliance as cloud user?
- Decide what data will be stored or not stored in the cloud.
- Check whether the cloud service provider reveals the information about where the data is located
- You should thoroughly check who has the access to what data. What data is being accessed by people in your company and what data can be accessed by cloud provider including third-party(if exists).
- It is important to understand the degree to which a cloud provider will protect your information.
- A cloud auditor is a party that can perform an independent examination of cloud service controls with the intent to express an opinion thereon. Therefore, understand which third parties are able to audit and read reports.
These are some of the main points that we should consider as a cloud user for compliance.
What a cloud provider might cover?
As discussed, these are different for each vendor. So, I'll provide you links here of different cloud compliance providers. Please check the following:
Hurray!! We have successfully learnt a new concept today.😍🤩