[dropcap type=”default”]W[/dropcap]hether they like it or not, compliance is a major consideration for any business leveraging storage or running workloads in the cloud.
As soon as the data leaves their internal storage set-up and moves to someone else’s, perhaps a public cloud provider like AWS or Microsoft, a business needs to be acutely aware of how that data is stored and encrypted to ensure they remain on the right side of international law and industry regulations. Businesses that fail to do so face hefty, sometimes debilitating fines.
So how much responsibility falls to your cloud provider to help you achieve compliance serenity? When shopping around for a CSP, businesses are advised to look for a provider with a security program that matches their own requirements as closely as possible. However, you can only audit the visible – what happens when a member of your staff is using a cloud service you aren’t aware of? Are you liable as a business?
“Shadow IT is happening everywhere” says Chris Steffen, Chief Evangelist of Cloud Security at Hewlett Packard Enterprise. “You want to create a system of DevOps that makes it so your developers arent going behind your back.”
We spoke to Chris in-depth about compliance related concerns in the latest Cloud Security Guru podcast.
Read Chris’ blog series ‘Compliance in the Cloud‘.