Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • DevOps
    • Automotive
    • FinTech
    • Robotics
    • SAP
    • Amazon
    • Big Data
    • Education
    • HPC
    • Simulation
    • CISCO
    • Web Development
    • AI
    • EPM
    • ERP
    • Project Management
    • Salesforce
    • Sports
    • Travel and Hospitality
    • Unified Communication
    • IT Services
    More
    HPC Simulation CISCO Web Development AI EPM ERP Project Management Salesforce Sports Travel and Hospitality Unified Communication IT Services
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Maximizing the Benefits of the Cloud in Highly Regulated Industries

    By Neal M.Suggs, VP & Associate General Counsel, Worldwide Sales Group, Commercial Business, Legal & Corporate Affairs, Microsoft

    Tweet
    content-image

    Neal M.Suggs, VP & Associate General Counsel, Worldwide Sales Group, Commercial Business, Legal & Corporate Affairs, Microsoft

    Many organizations in highly regulated industries approach Cloud Computing with a degree of trepidation, and some fear that regulators are actively discouraging Cloud Computing. Ensuring that a move to the cloud will meet regulatory requirements is serious business that can result in significant consequences with financial, legal and reputational implications. For these organizations, the benefits of the cloud are within reach, just as they are to smaller organizations operating in less restrictive environments, but success requires planning and preparing for compliance requirements earlier in the process of selecting a cloud provider. Identifying cloud needs ahead of time, selecting and working with a cloud services provider with expertise working with customers in a specific industry and with regulators are crucial. That expertise will enable an organization to evaluate and identify the appropriate workloads (email, content creation and storage, collaboration) that can move successfully to the cloud, while also ensuring that along the way, the right regulatory issues are considered and addressed for the present and the future.

    All Workloads Aren't Regulated Equally

    Before a decision is made on a cloud service, and well before requesting a regulatory analysis from your legal team, organizations should identify the workloads and scenarios they want to move to the cloud. Key questions to consider include whether the organization serves businesses or consumers. Will it feature a consumer-facing website that collects Personally Identifiable Information (PII) or will it transact business? Does the organization work with classified or highly confidential data? Will it handle data for minors? It is essential to consider these questions before engaging a legal team to conduct regulatory analysis, and it will help in making a clearer and more compelling case if and when seeking regulatory approval. Armed with this information, a legal team is better equipped to investigate which regulations apply and what must be done in order to meet compliance requirements.

    Some Rules Apply Across Industries

    A number of existing regulatory requirements apply horizontally across a range of industries. Will a system have access to personal health information for U.S. residents? Then Health Information Portability and Accountability Act (HIPAA) requirements must be met. Does the organization operate in Europe now, or will it in the future? European operations that require the movement of personal data outside of the European Union (EU) raise concerns about the EU Model Clauses.

    "Working with the legal team to understand broad regulatory requirements will go a long way in helping to effectively deploy and leverage the power and flexibility of cloud services"

    If the organization is a state or local government entity, does it rely on access to the Criminal Justice Information Service (CJIS) database? If so, then it must be CJIS compliant. Is it an educational institution handling student records? If yes, the Family Education Rights and Privacy Act (FERPA) will apply. Working with the legal team to understand these broad regulatory requirements will go a long way in helping to effectively deploy and leverage the power and flexibility of cloud services.

    All Clouds Aren't Created Equally Either

    How a cloud vendor approaches regulatory issues is also important. Does a vendor offer a Business Associate Agreement for HIPAA? Does your vendor offer EU Model Clauses? If so, have European Data Protection Authorities reviewed and approved of the contractual commitments? If CJIS is a concern, check to ensure the provider has implemented CJIS compliance by design in its processes and procedures (for example, employee background checks), or are they taking a different approach? Most importantly, a vendor should have a track record of working with customers to address specific regulatory concerns. Equally important is that a cloud service provider be on top of internationally recognized standards, they hold key certifications and attestations, and have a history of working with regulatory bodies not only to meet these today and anticipate future regulations— which is less a question of “if” than “when.”Evaluating how a vendor addresses regulatory changes and engages with regulators is a crucial step that will minimize the risk of eventual vendor replacement because one vendor’s regulatory compliance approach isn’t evolving as is needed.

    Size Doesn’t Matter

    One of the most common misperceptions among organizations is that regulations are only for big customers or vendors. Nothing could be further from the truth, as the investigation by the U.S. Department of Health and Human Services (HHS) of Phoenix Cardiac Surgery, P.C. proved. While there are not a lot of cloud specific regulations yet, existing regulations are being enforced and should be taken seriously. In the Phoenix Cardiac Surgery case, a small professional corporation was fined $100,000 for failing to adequately meet HIPAA regulations relating to their use of a public cloud calendaring system.

    Conclusion

    Regulators are taking a cautious approach to Cloud Computing, as are many organizations in highly regulated industries. However, some cloud providers have a long track record of working with customers to provide traditional on-premises solutions for healthcare, financial services, education and other industries where regulatory compliance is tantamount. This foundation will help ensure a stronger cloud offering. Many times, regulators are simply transferring existing regulations applicable to outsourcing to the cloud, some of which are not applicable in the context of a broad public cloud solution. At Microsoft, we have seen this most frequently with Financial Services Industry (FSI) regulators. Over the last two years we have worked with customers around the world to address this particular issue, and to help customers successfully move to the cloud. Most regulators want assurance that a customer has been thoughtful about t h e need for strong contractual mechanisms to better ensure security of systems and data privacy in the cloud.

    They also want to see that the vendor is open to engagement and evolution as regulators evolve their approach. Being open to their concerns and transparent about our approach to these issues has led to many successful engagements getting our FSI customers into the cloud.

    By talking a thoughtful approach and working with a vendor that understands its responsibility to help customers meet their regulatory obligations, regulated industries can better maximize their ability to move to the cloud.

    Read Also

    How GDPR can open opportunities for APAC businesses

    How GDPR can open opportunities for APAC businesses
    Keeping Pace with Technology

    Keeping Pace with Technology
    Adventures In Sourcing Compliance And Risk Systems

    Adventures In Sourcing Compliance And Risk Systems
    Customer Data: The New Compliance Frontier

    Customer Data: The New Compliance Frontier
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/maximizing-the-benefits-of-the-cloud-in-highly-regulated-industries-nwid-778.html