No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Key Considerations for Compliance in the Cloud

by Mike Mason
May 10, 2018
in Data Privacy, Featured
Cloud Privacy

Data Privacy Hits A High Price in Assuming New Technology Solutions

In this article, Mike Mason reconciles the challenges of maintaining regulatory requirements of data privacy within cloud computing technology. It is critical to keep cloud applications compliant, while meeting the increased demand for cloud-based technology providers.

Gartner predicts that more than $1 trillion in IT spending will be directly or indirectly affected by the shift to cloud technology. Not only does this make cloud computing one of the most disruptive forces of IT spending, it is also indicative of a strong demand to move to the cloud.

Most organizations are harnessing the power of cloud technology, and while IT spending shifts towards the cloud, so does an influx of sensitive data. This kind of data must be secured, especially in heavily regulated industries like finance and healthcare.

The increased cybersecurity regulation in 2017 makes it difficult for compliance professionals to manage and report with a wide array of legacy software services that are complicated, opaque and not optimized to configure for privacy and compliance.

How the Cloud Migration Has Evolved

Cloud computing enables organizations to enjoy increased scalability with lowered IT infrastructure costs and increased interoperability of data. The data is also easily available with increased performance and reliability. Therefore, moving to the cloud not only benefits consumers; it also benefits organizations.

This has created an increased demand, so cloud-based technology providers have strengthened their solutions to meet security and compliance requirements. Cloud technologies now include features such as encryption, tokenization, strong authentication, and the ability for applications to produce audit logs. This allows highly regulated industries to entrust the cloud with their data and continue to reap the rewards of moving to the cloud. Not only do cloud-based technologies contribute to cloud security, they also help organizations to meet basic regulatory requirement standards and to build upon their security and compliance programs.

The High Price of Non-Compliance

Governing regulatory bodies are sprouting up both near and far to enforce new laws surrounding citizen data. In addition to the existing regulations of FINRA, HIPAA, PCI, FFIEC, NY State Cybersecurity Rule, and FCA, organizations continue to face a mounting list of compliance regulations.

The European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018. It affects the way organizations collect, store, and use EU citizen data. Under GDPR, fines can equal four percent of annual turnover or 20 million Euros.

The U.S. has plenty of new regulations as well. The state of Delaware passed a new law, House Substitute 1 for House Bill 180, that requires businesses to alert Delaware state residents affected by a data breach within 60 days of the occurrence, and to notify the state attorney general if more than 500 residents are affected. Meanwhile in Maryland, the Maryland Personal Information Protection Act was amended to expand the definition of personal information and provide a 45-day period for notice of a breach. Not all consequences come in the form of a fine. Having to report a data breach deteriorates the trust between your organization and your customers.

Keeping Cloud Applications Compliant

It is likely by now that your business has a network of cloud-based applications to run your business-critical functions. So, when choosing a cloud application, it’s important for an organization to select an application that will aid in cloud compliance and improve your security posture, not create more risk.

If not properly vetted, adding additional cloud applications into your network can create security and compliance vulnerabilities. If the applications don’t integrate, then you will possibly need to achieve compliance for each application separately.

Be sure, then, to ask about integration when looking at cloud applications. Some other compliance factors to consider should begin with the following questions:

  • Where does my data reside?
  • Who has access to my data?
  • Are my cloud applications secure?
  • Is my data organized to aid in e-discovery?
  • How long am I required to store my data?

What to Consider for Your Cloud Compliance Program

Due to the complexity of the regulatory environment, it is often difficult for organizations to integrate their compliance programs with their security goals. But with the few considerations, you can better align your security and compliance goals.

  • What requirements impact your organization? These requirements can be mandated by specific regulations, which can be based on your jurisdiction, your industry, or the activities that you employ to conduct business.
  • Conduct regular compliance risk assessments. Conducting regular risk assessments contributes to the foundation of a strong compliance program. Regulatory risks change, which calls for the risk assessment process to be updated and revised regularly.
  • Monitor and audit your compliance program. Don’t wait until you are in the midst of a crisis to conduct your own audit. Be proactive in understanding your gaps and how to continue improving your compliance posture.

In addition to reducing the cost of violating a regulation, a focus on compliance continues to help your organization increase customer trust and loyalty to your brand.

An Ongoing Effort

As citizens and government aim to gain control of their data—particularly considering the recent push for greater data privacy—it’s clear that existing and new cloud security and compliance laws surrounding personal information will continue to grow. In recognition of the need for expansive security measures in their cloud-based technology, cloud technology providers have stepped up to the plate. As new laws and regulations arise, partnering with such vendors will further expand the foundation of data security and compliance. This will help organizations remain compliant, avoiding business interruption, regulatory fines, and possible reputation damage.


Tags: Cloud Compliance
Previous Post

TRACE: Spotlight on Switzerland

Next Post

The Merger Mindset: How to Change 80% Failure to 90% Success

Mike Mason

Mike Mason

Mike Mason is the senior product marketing manager at FairWarning. Mike has oversight and financial responsibility over nearly every aspect of FairWarning’s marketplace communications and education efforts. Mike’s efforts are directed at telling the company’s story and its customer stories from an authentic point of view. Mr. Mason was previously a product manager for Rakuten MediaForge.

Related Posts

cloud computing security

Cloud Security Isn’t Just on Your Provider; It’s Your Job, Too

by Wolters Kluwer
March 1, 2023

Organizations want to embrace all the benefits the cloud has to offer while still protecting their sensitive data. Engaging a...

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

amazon web services

Dark Clouds: Capital One Proves Financial Institutions Can’t Rely on Providers for Security

by Michael Volkov
September 7, 2022

Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access...

cloud with ladder to it and caution sign symbol

LogicGate Introduces Risk Cloud Quantify to Put Assessments in Terms of Real Dollars

by Corporate Compliance Insights
September 28, 2021

Illinois-Based Startup Launches New Function in No-Code GRC Platform After Raising $113M in Latest Funding Round Risk software startup LogicGate...

Next Post
mergers and acquisitions

The Merger Mindset: How to Change 80% Failure to 90% Success

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT