February 08, 2022
How to Comply with Data Safety Regulations in a Multicloud Environment
As organizations increasingly migrate IT resources to multiple public clouds, they must take proactive steps to safeguard their data.
Not long ago, many IT and business leaders were reluctant to push any data at all into the public cloud due to security concerns.
Over the past few years, most industry stakeholders have come to see the public cloud as at least as secure as most on-premises environments. Still, compliance with data safety regulations — especially in fields such as education, government, finance, law and healthcare — is a critically important concern. As more organizations move to a multicloud model that incorporates two or more public cloud environments, IT and business leaders need to take a step back and re-evaluate their compliance efforts.
Here are six steps organizations should take to ensure multicloud compliance:
1. Governance and Organizational Preparation
It may be an industry cliché by now, but that’s because it’s true: Cloud is a journey, not a destination. Cloud teams must identify their key business goals and outline the roles and responsibilities of various departments, executives and business units. Many people first think of tech solutions when they consider cloud compliance, but really, people and processes are just as important.
2. Readiness and Assessment
Something as simple as an effort to identify compliance challenges and sensitive data within an organization is incredibly powerful. When identifying the relevant data safety guidelines, laws and standards, it’s important to understand these are determined not only by where a business is located (or even where customers are located) but can also vary based on where data is stored and shared — even if a business transaction does not take place there. Organizations should also identify the penalties for violating compliance standards and compare them to the cost of remediation. This will not only highlight the importance of compliance but will help organizations to prioritize their efforts and draft effective compliance roadmaps.
3. Compliance / Monitoring
Cloud vendors have monitoring tools and services that produce solid, auditable data in an instant. Not all compliance efforts will require formal auditing processes, but it’s typically a best practice to bring in an impartial third party to periodically assess compliance efforts.
4. Identification of Nontech Risk Factors
Not all — or even most — compliance risk factors are directly tied to IT infrastructure. When assessing and monitoring compliance risks, organizations should look at legal engagements, cultural and social factors and even environmental variables or risks posed by climate change. There may be requirements around employees’ citizenship status in certain cases, and contract verbiage may need to be tweaked based on where data is stored or shared.
5. Implementation and Remediation
Most organizations will require, at minimum, collaboration between a cross-department team. Depending on the level of compliance a business needs to attain, it may also be necessary to engage with trusted security and technology partners such as CDW to assist with compliance efforts.
6. Rinse and Repeat
Ensuring multicloud compliance is not a one-time effort. Regulatory changes will pop up periodically, and organizations must continue to update their compliance efforts to keep up. This is a cyclical process, and organizations should plan ahead to execute compliance checks on a yearly, quarterly or even monthly basis, depending on the scenario.
Story by Erik Ross, a principal cloud solutions architect with over 25 years’ experience in application and product development, IT infrastructure and digital transformation.