Cloud compliance problems emerge as soon as you make use of cloud storage or backup services. By moving information from your internal storage to someone else you are required to analyze closely how that information will be kept so that you remain certified with laws and market laws. When it comes to shadow compliance exactly what data should you move to the cloud and exactly what should be kept internal, what concerns do you need to ask your cloud company and exactly what terms should be composed into SLAs to preserve compliance?
Once you’ve decided to trust a public cloud platform enough to get started, the next question that arises is often compliance. How can you be sure that it’s legal for your organization to do this?
Answering this question can be challenging. Different industries have different requirements—financial services firms are typically more constrained than manufacturing companies, for example—and the rules also differ across countries. Add to this the fact that many of these laws and regulations were written before cloud computing existed, and the result is a complex stew of rules.
Still, the laws are being modernized, and the situation is getting clearer. It’s obvious, for example, that using public cloud technology is acceptable in many situations. The huge growth in software as a service (SaaS) solutions such as Office 365 makes this clear. Just as important, Azure has a range of third-party certifications that can make compliance easier.
If you have concerns about whether you can move data to Azure and remain compliant, you might need to get advice from legal professionals. And there are some situations in some industries that probably won’t be cloud-friendly for a while. But if you’re like most organizations, you’ll probably find that you can do more than you thought you could in the cloud while still complying with the necessary regulations.