05-09-17 | Blog Post
According to a recent Gartner report, nearly half of large enterprises will deploy hybrid cloud environments by the end of this year. That level of growth is super exciting for the cloud, as more organizations take advantage of a digital-based strategy.
However, despite the maturity of the cloud, many CIOs still express concerns. There are two major challenges organizations face in a hybrid cloud environment (or any environment, really.) One is security, which we’ve covered. The other? Compliance. We talked about it a little in our hybrid cloud security post, but we’ll go into more detail about its importance and how you can achieve compliance in a hybrid environment.
In the olden days of public cloud, there was a serious challenge to properly securing sensitive data, particularly PHI. Those who had to follow regulation guidelines, especially the healthcare industry, had a healthy amount of skepticism around jumping on the cloud bandwagon right away, and rightfully so. If you wanted to move to the cloud, you had to develop your own entirely private cloud, which was more expensive and harder to scale than public cloud. Compliance in the public cloud was very difficult—the onus was on the customer to ensure not only they but cloud service provider were compliant with specific regulations.
Now, that’s changed. Public cloud providers now offer compliance as standard, and you can run cloud workloads with multiple compliances in mind, including PCI, HIPAA, FISMA and others. The cloud has matured to the point where it’s possible to seamlessly integrate your public cloud resources to your private cloud services in a way that keeps your data secure and compliant—a must for healthcare organizations, financial or government entities. Regulatory agencies are catching on to the importance of the cloud and adjusting the guidelines address safe use. For example, the Final Omnibus Rule of HIPAA updated the HIPAA guidelines to clearly define cloud service providers as Business Associates requiring them to adhere to HIPAA.
Now that cloud service providers are offering compliance as part of their packages, the most important step is to choose the provider that’s right for you. You’ll want to thoroughly vet each potential vendor, find out what their compliance offerings are, understand the kinds of controls they have in place to achieve compliance, and learn what processes they have in place in case of a security incident or IT disaster. They should also be able to prove compliance with outside audits.
Don’t be afraid to move to the cloud because of compliance issues. That simply isn’t the case anymore. Changes in policies and governance are now helping organizations take advantage of everything the cloud has to offer, in addition to making the transition to cloud easier. It’s definitely still a big move to go to the cloud, and one that requires a lot of thought and planning beforehand. But, the move can be done more easily with the help of the right cloud service provider. You’ll want to really research your potential vendors, especially if compliance is a major requirement of your cloud architecture.