Skip to main content

Maintaining Compliance In The Cloud: Regulatory Standards Are Only a Blueprint

by Rob Curls
Solutions Consultant, Concerto Cloud Services,

One of the greatest benefits of cloud computing is the ability to quickly create and deploy compliant IT platforms and maintain them efficiently.  Despite what many people believe, maintaining regulatory compliance in the cloud means much more than ensuring your provider has checked the "compliance box". Regulatory standards only serve as a blueprint to achieving strong security.  Real compliance involves regularly reviewed processes, physical security, data segmentation and isolation, specific security measures, and most of all, commitment.

So, what does it take to maintain security and ultimately compliance in the cloud?  Below, we'll overview some of the common compliance standards and discuss the special requirements involved.  This is by no means a complete list of the compliance requirements (some of these standards have manuals thicker than telephone books), but rather a broad survey of some of the most common security standards and the concepts involved in maintaining them.

HIPAA and HITECH Act

HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) act are designed to protect Personal Identifiable Information (PII) related to patient information.  Some of the items you'll need to support a HIPAA compliant environment include a defense in depth strategy, which protects the environment at the border with firewalls, and Intrusion Detection and Prevention systems (IDS / IPS).  You'll also need the ability to encrypt the patient data both in transit and at rest.

CJIS (Criminal Justice Information Systems)

Organizations who have access to criminal records or work with the FBI may require CJIS compliance.  CJIS protected data is usually shared between local, state, and federal law enforcement agencies.  This data typically requires encryption in transit and at rest, along with logging and ...

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Rob Curls

As a Solutions Consultant for Concerto Cloud Services, my primary focus is educating customers on technologies that are available and designing solutions that will achieve their strategic objectives. With a focus on cloud solutions, my responsibilities include architecting complex workloads utilizing best of bread technology and service providers, developing and presenting in person and online presentations and demonstrations with customers and industry experts, as well as working with our team to ensure we stay on the cutting edge as a cloud service provider.

With more than 14 years of technology experience, I have a diverse background which has enabled me to work in challenging industries such as Healthcare, Professional Services, and Defense. I've consulted organizations ranging in size from small start ups to large globally dispersed organizations, and I'd love the opportunity to sit down and discuss your needs.

More about Rob Curls