The cloud is here to stay—no one doubts that anymore. Across the business world, enterprises have already seen the power of the cloud and adopted it, albeit to different degrees. Most IT departments and decision makers have some sort of plan to make use of the cloud—private, public or hybrid—or have already implemented a cloud storage policy. However, for the most part, the utilization of the cloud is much below its potential. Why is it that enterprises are not harnessing the cloud to anywhere near its full potential of use?
Security issues are the main reason—IT security has always been, and continues to be, a major pain point for enterprises when it comes to cloud adoption. In the early days of cloud adoption, decision makers worried that going on the cloud would leave their enterprise networks vulnerable to theft, loss of data, and accidental or malicious exposure. As cloud services became more mainstream, and organizational leaders saw their uses and gained a better understanding of how the cloud works, such fears were allayed.
However, one barrier that has remained is that of compliance. With the ever-present fear of fines and penalties that can be levied should an organization fail to follow the multitude of regulations and laws that it is subject to, remaining compliant goes hand-in-hand with security concerns. Industries are ruled by complex regulations and laws, such as the PCI-DSS, HIPAA, Sarbanes Oxley Act (SOX), and the European Union Data Protection Directive, to name a few. Many organizations find these regulations an inhibitor when moving to the cloud. They seem to feel that while the cloud promises innovation and agility, the regulations and complex data laws hinder progress and flexibility by their rigidity. CipherCloud’s recently released Global Cloud Data Security Report shows that 64% of the organizations surveyed said that compliance and auditing is the biggest challenge associated with cloud computing.
Thus, many enterprises remain wary of going through with cloud adoption on a major scale, preferring to either take baby steps or just do what IT recommends to save costs and increase productivity, without getting into any compliance related issues.
So, what does this mean? Will compliance become an insurmountable roadblock for widespread cloud adoption?
There are definitely ways in which enterprises can be persuaded to embrace the cloud’s potential more fully. Service providers and vendors are key to removing the fears within enterprises—from less expensive cloud hosting options, to greater security measures, and of course, better understanding and visibility on compliance requirements. To get around directives on the actual geographical location of your data, for instance, the best service providers now offer geographical nodes that you can choose to specifically store your data in. Additionally, many of the unanswered questions from the early days of cloud adoption around multi tenancy security, data control while being mobile, data loss prevention and detection are now fully addressed by the cloud providers and security tool vendors. Read more on this in another Happiest Minds blog—Key Elements for Total Cloud Compliance.
For your part, you would do well to stay on top of the service provider to ensure that he maintains regulatory controls on an ongoing basis and to enforce vendor compliance by setting down your requirements in an SLA.
There are tools to help in compliance, and to track and monitor the measures required to remain compliant. In fact, emerging research indicates that compliance is pushing organizations to strengthen their data security on the cloud, which is a good thing. To this end, many organizations are evaluating and implementing Governance Risk and Compliance (GRC) applications in a methodical way.
ABOUT HAPPIEST MINDS
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analytics, internet of things, mobility, cloud, security, unified communications, etc...