IT Regulatory Compliance as the Next Big Focus for Cloud Vendors

Back in October 2014, Defense Information Systems Agency (DISA) submitted a public request for information, calling for the assessment of the marketplace’s ability to “provide cloud ecosystems and services in two integration models that place vendor cloud services on DoD networks for use by the DoD community and mission partner.”

This was one of most serious steps a US government department had made to enable a wider cloud adoption and also a move that marked a significant shift in perception on the usability of cloud technologies in regulated industries. Namely, like other industries that operate with huge volumes of sensitive data, government agencies were slow to adopt the cloud due to the associated security concerns. However, in recent years there has been a striking shift in attitudes towards public cloud resources, which have become central to government, healthcare, finance and legal institutions.

In relation to this, a report by Markets and Markets suggests that the cloud adoption within Government agencies will continue at a stable rate, while healthcare institutions are expected to invest $5.4 billion in cloud computing by 2017. These figures point to a greater interest in the public cloud, while vendors simultaneously focus on building secure solutions to meet the demand. Today, most of the big names in the industry have a solution particularly designed for regulated industries.

Adapting the cloud to regulated industries

Apart from Amazon Web Services, which is currently used to process, store and transmit Department of Defense information, multiple other vendors have released their secure solutions over the last couple of years. Most notably, Box released their Governance platform to enable healthcare specialists to safely manage their data, while Salesforce launched Shield to provide a secure way to monitor and encrypt apps built on the Salesforce App Cloud.

Although the institutions in regulated industries are more open to cloud implementations lately, considerable data security concerns still exist. Ensuring compliance is an imperative for specific organizations, especially after some of the most serious breaches the public in the US has seen over the last few months. Most notably, the recent data breach that enabled hackers to obtain social security numbers of 21.5 million US citizens demonstrated the seriousness of this issue and emphasized the global need for more secure IT solutions.

To be able to manage data securely, while at the same time maintaining the necessary flexibility of key processes, organizations in regulated industries need data storage solutions that meet specific security standards. Suffice to say, most leading cloud vendors have recognized this gap and started focusing on this particular market to provide the requested IT resources and, of course, increase their market share.

Unsurprisingly, the value of cloud computing security services is estimated to grow astonishingly in the next few years. Namely, recent reports suggest that the cloud security market has grown from an estimated $4.5 billion in 2014 to $11 billion by 2022. Obviously, the greater demand for cloud-based security inspires more vendors to enter the cyber security game and enable the targeted industries to ensure regulatory compliance more easily.

Understanding the regulatory compliance

Among the recently launched secure cloud solutions, Salesforce Shield and Box Governance are designed to facilitate document management and communication, while minimizing the risks of data breach. However, gaining compliance extends beyond these basic processes and requires organizations to make sure their whole infrastructure is fully protected. Accordingly, they need to obtain relevant certifications such as FISMA, HIPAA, HITECH, PSQUIA, which are required in healthcare, federal and finance industries need to meet in order to ensure the safest possible digitization process.

In fact, these standards could be said to have completely redefined the role of an IT professional in the associated fields. As suggested by SecureLink, another major vendor that provides HIPAA-compliant solutions, “policies, procedures and access methods that may have been more than adequate a few years ago, may not be sufficient today.”

This is why the IT departments need to work closely with legal and security teams to ensure that all the IT components are integrated in a way that provides maximum security to sensitive data. Among the key processes, authentication, authorization and audit controls are essential to enaling a secure data flow. This means that IT professionals need to know exactly who and how accesses the organization’s networks in order to be able to early identify suspicious activities and prevent a potential breach. By providing the secure way to implement these practices, the new solutions mentioned above open the door to a true cloud innovation in regulated industries.

Conclusions

Although the cloud represents one of the most potent resources for reinventing IT infrastructure in large organizations, it is often associated with a partial loss of control over data security. Coupled with the general misinterpretation of client-vendor relations, this has been largely preventing more institutions in regulated industries to adopt the cloud solutions. However, the cloud standardization has come a long way, changing the opportunities for these industries. As the technology continues to grow in power, more and more institutions are embracing it as a resource for IT modernization. After years of accelerated adoption, it could be said that the year 2015 has finally brought a healthy focus on security that could permanently change the way we see the cloud.

By Sarah Green