Ensuring Cloud Compliance In Regulated Industries

Sam Guiliano
by (86 posts) under Cloud Hosting, Healthcare IT
0 Comments
  • Why is Cloud Computing Worth the Effort for Regulated Companies?
  • What Are You Up Against?
  • What Can You Do to Adopt Cloud Effectively?
  • Partners that Understand Compliance

The businesses that run into the most difficulties when transitioning to cloud computing solutions are those that are strictly regulated, such as finance and healthcare. What are the challenges? How can they be overcome? And why is the effort worth it?

Let’s start with the last of those questions.

Why is Cloud Computing Worth the Effort for Regulated Companies?

According to a presentation at the 2014 annual meeting of the IEEE Computer Society, there are four primary benefits of cloud:

  • Software patching and updating is handled by the provider.
  • There is no need to worry about on-premise equipment maintenance.
  • Cloud is usually more affordable.
  • Virtual machines offer real-time scalability, adapting resource levels to meet your needs.

These advantages are all compelling. After all, cloud computing isn’t just something that’s useful for startups: mega-enterprise General Electric has said that it is cutting down its data centers to 10% of their original size in favor of the public cloud.

Even the Department of Defense is on board. “Procuring [cloud-based solutions and services] will allow the Army to focus resources more effectively to meet evolving mission needs,” explained Gary Wang, Army deputy CIO.

Let’s move on to those first two questions, though – cloud challenges and strategies – so that your organization has a clear path forward.

What Are You Up Against?

As the authors of the IEEE paper, Beckman Coulter and Iyyappan Pandiyan, see it, three features of cloud present obstacles to regulated companies:

  • Within a cloud solution, the information is processed and stored through a distributed network that is at a distance, and federal compliance mandates strict control of all data.
  • Cloud providers update their systems often without their users even aware that changes have occurred, and firms concerned with regulations want to validate all their tools.
  • A cloud virtual machine is able to deliver memory elastically, and regulated bodies want to be sure that all data and memory is accurate and reliable.

There is another, deeper challenge than any of the above, though. As indicated by Adam Hughes of TechTarget, regulated industries struggle with misinformation and confusion.

“If I’m a customer, I need a deep understanding of the regulatory issues, how I will address them and what my priorities are,” commented regulation specialist Brian Benfer of ShareFile. “No one seems to understand the regulatory environment and what’s needed, and what the right steps are to take.”

Larry Freedman, an attorney with Boston technology law firm Edwards Wildman Palmer, echoed Benfer’s sentiments.

Plus, there’s a real-world challenge to these virtual systems in the public sector, according to datacenter expert Larry Veino of Presidio Corp.: politics. The various departments of the government each have their own strategic plans that may initially seem at odds with a “Cloud First” approach. Veino believes that government IT is experiencing the same growing pains that the healthcare segment did a few years back.

What Can You Do to Adopt Cloud Effectively?

Beckman and Pandiyan suggested the following strategies so that companies can migrate to cloud while maintaining federal compliance:

  • You want to validate the cloud architecture when it’s first adopted.
  • You want all updates to occur at specific, predetermined times.
  • You want all modifications to be aggregated.
  • You want to re-validate every time updates are performed.

Partners that Understand Compliance

I discussed the general challenge of confusion above. That confusion is because cloud providers are trying to sell you a service, which can sometimes contradict clarity. How best to pick out a provider? Dan Kusnetzky, IT analyst and founder of the Kusnetzky Group, recently outlined several characteristics that can help to establish that a cloud service provider deserves your business:

  1. You want for the company to prioritize security with the latest industry standards. Two of the primary ones are SSAE 16 and Safe Harbor.
  2. You want to know that the provider has an established record of data safety. Breaches are simply too costly – $3.5 million per incident, according to the Ponemon Institute.
  3. Make sure that the company has private virtualization options. Private Cloud Hosting gives you your own set of dedicated resources.
  4. Your hosting company should have plenty of experience meeting compliance with federal regulations and other common standards such as PCI-DSS.
  5. You want to know that the hosting company’s personnel includes a team of engineers with specialized knowledge related to cloud and regulatory compliance.
  6. Finally, you want your cloud service provider to be financially strong.

That last element is a characteristic that is often overlooked when reviewing providers. Your business may be just launching, argued Kusnetzky, but bankruptcy at your hosting provider is a huge threat to business continuity.

Financial strength is just one of the many reasons why companies in regulated industries choose us as a partner.

“Atlantic.Net’s reputation for 100% up-time, their secure infrastructure and expertise in Healthcare IT were key components in finalizing our partnership,” commented Complete Healthcare Solutions VP Joseph Nompleggi. “Our partner’s financial strength and proven track record are something we view with great confidence.”

Do you need a strong cloud infrastructure for healthcare? Get high quality, proven HIPAA Compliant Hosting today.


Related Posts