Data Compliance Traps Abound in Cloud

Corporate risk management professionals have needed as much persuasion as any business group before trusting the security credentials of cloud computing. To a certain extent, cloud providers and industry associations have been making progress in stamping out data compliance and protection anxieties in recent months. Safety will always be a moving target, however, and companies must always be on the lookout for emerging threats or lingering vulnerabilities that may have been missed.

Whether companies are leasing cloud infrastructure or simply a few hosted applications, there is considerable legal complexity to be dissected between service subscriber and vendor. According to Dark Reading, the shared resources paradigm inherent to cloud computing can make protecting sensitive data feel similar to conducting an orchestra of musicians seated in different rooms. As a result, business partners will have to take at least a limited leap of faith and trust one another to stay on the same security beat even when the conductor's back is turned.

Trust is earned, rather than given, among data compliance professionals, however. With that said, confidence can only be cemented by a careful assessment of vendor capabilities and attitudes. According to Dark Reading, a number of industry certifications have recently emerged to aid this process and help identify true leaders in the field. Still, companies will also want transparent answers to the questions which apply most uniquely to their operations.

Additionally, veteran risk management officers know that it is always best to expect the unexpected and craft explicitly detailed contingency plans. Before migrating mission-critical applications to the cloud, for example, companies will want interoperability assurances so that they know programs can be taken offline and data can be transferred to safer environments in event of an emergency. This functionality is important even when things are going according to plan, the news source suggested, as evolving industry and government compliance rules could force companies to perform alignment checks on-demand to avoid fines or further sanctions.

Sustaining security
Each of the aforementioned risks could grow stronger and more complex as a sea of big data floods into enterprise operating environments in the coming years. That's why, according to Compliance Week, it is essential for companies to tie their information assets into protection protocols from first engagement.

By addressing the compliance concerns associated with new data only periodically, as opposed to continuously, companies are harming themselves in multiple ways. Not only do they raise the potential for files to slip through the cracks, they also fail to extract maximum strategic value from that information as it lies dormant and awaits categorization.