Mobile security

It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation

When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one of its top priorities was compliance. As a company that prides itself on delivering compassionate, effective and innovative services that empower people to achieve the highest level of independence possible and to build better lives for themselves, RHD understood that compliance was vital to their operations.

A large portion of RHD’s funding comes from U.S. Government Health Programs. As such, compliance with the Health Insurance Portability and Accountability Act (HIPAA) was non-negotiable. HIPAA is a law designed to provide standards of protection for patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

After an extensive search for the right cloud provider, they selected iland, because it “provided extensive reports showing the compliance of both the cloud platform and organizational processes to HIPAA along with SOC compliance reports. This gave RHD the confidence needed. They understood from these discussions that the target failover location would still maintain their HIPAA compliance.”

Why is compliance so valuable and important?

Compliance is like insurance. It’s not the most fun thing to talk about, and it often does not feature prominently in a company’s marketing materials, but the process of making sure that a company follows the laws, regulations, and ethical practices that apply to its industry as well as any part of the globe that it touches, is essential.

When a company attains compliance, it:

  • Reduces organizational and individual risk
  • Allows employees to operate with more confidence
  • Ensures availability of more reliable data
  • Levels the playing field between operators of all sizes.

Staying in compliance helps a business realize its mission and operate with the security of knowing that the data being handled on behalf of clients or customers is safe.

Abacus Group CTO Paul Ponzeka explains, “As more and more firms move operations into the cloud, they’re facing the increasingly difficult task of maintaining governance and control over applications, workflow and data. As application vendors increase their use and development of public cloud resources, users are following them. Firms need to adapt their compliance policies to encompass this new landscape. This means adopting proper use protocols for mobile and remote devices, as well as increasing use of security controls and review systems to get more transparency of how their data is being used. Gone are the days where a policy can state, ‘if it’s behind our fence, it’s controlled.’”

The details of compliance are often hard to understand, so it is advisable to work with a certified, experienced professional. iland has an in-house team of certified compliance staff that is ready to help ensure its clients have the necessary documentation to fulfill audit requirements in the U.S. the EMEA (Europe, the Middle East and Africa), and APAC (the Asia-Pacific Region). The iland Compliance Professional Services team works hand-in-hand with customers and channel partners to help address customer compliance demands.

iland has natively integrated advanced security features into its cloud platform, ensuring compliance with industry and governmental regulations. “Achieving a CSA Gold Certification validates the active security and risk programs in place at iland that helps identify, mitigate, and monitor information security risks to the scope of our management system,” said Frank Krieger, Director of Compliance at iland.

The most common categories of compliance

  • HIPAA (Health Insurance Portability and Accountability Act): A collection of U.S. regulations that sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance.
  • GDPR (General Data Protection Regulation): European Union (EU) regulation on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
  • CJIS (Criminal Justice Information Services): Requirements outlined for CJIS such as networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths are all enforced for customers utilizing the CJIS services.
  • PCI-DSS: (Payment Card Industry): Security requirements are not to be taken lightly, since breaches continue to occur at an unprecedented rate. Both with internal auditors and external third-party audits, iland maintains strict adherence to PCI-DSS standards used in the housing and processing of payment card activities.

For most organizations, the prospect of trying to establish and maintain compliance can feel overwhelming, and there is no doubt it diminishes any employee’s ability to focus on the work that they were hired to do in the first place. That’s why so many companies are outsourcing their compliance needs to their cloud providers, in the understanding that those companies have procedures in place, and qualified personnel who can manage their compliance status and ensure that they stay on the right side of the law.

To find out more about how iland can help you ensure overall compliance, get in touch today with one of our expert consultants.

By Steve Prentice

Senior CloudTweaks Writer
Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
follow me
Vibhav Agarwal

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as an afterthought. These include a ...
Ankur Laroia

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated solution, poses a challenge to ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception ...
Understanding Data Governance - Don't Be Intimidated By It

Understanding Data Governance – Don’t Be Intimidated By It

Understanding Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose ...
George Foot

Your Biggest Data Security Threat Could Be….

Biggest Data Security Threat Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions ...
Accenture News

Accenture Expands Cybersecurity Capabilities with Network of “Cyber Ranges” to Help Industrial Companies Simulate and Respond to Cyberattacks

Accenture will also open new Cyber Fusion Center in Houston for industrial control systems NEW YORK; Nov. 7, 2019 – Accenture (NYSE: ACN) has expanded its cybersecurity capabilities with the ...
Samsung

Experts Discuss Taking AI to the Next Level at Samsung AI Forum 2019

Samsung AI Forum 2019 Samsung Electronics is committed to leading advancements in the field of artificial intelligence (AI), with the hopes of ushering in a brighter future. To discuss what the ...
Facebook

Facebook admits to another data leak, saying that up to 100 developers accessed people’s data from Groups

More than a year after Facebook clamped down on how much personal data third parties could see, the company has found some app developers still had access to people's data ...