Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    DevOps

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    IT Services

    Marine Tech

    Networking

    PropTech

    Remote Work

    Robotics

    Scheduling Software

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Construction

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • CISCO

    Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Collaboration

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Contract Management

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Product Management

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Compliance
    • CISCO
    • Collaboration
    • Contact Center
    • Healthcare
    • IT Service Management
    • Microsoft
    • Retail
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    Digital Transformation: Prerequisites for Success in the Insurance Industry

    Nicole Kellenberger, Global Eadmin Lead, Swiss RE and Sven Scandella, Head of ITP&C Business Management, Swiss RE

    Compliance in the Cloud

    Vasyl Nair, Chief Risk Officer, Mine Super & Louis Leung, Executive General Manager Group Risk and Compliance, Mine Super

    Lessons Learnt on Compliance and Culture Change

    Paula Cristina Spirandio, Compliance Manager, Gunvor Group

    right

    Maximizing the Benefits of the Cloud in Highly Regulated Industries

    By Neal M.Suggs, VP & Associate General Counsel, Worldwide Sales Group, Commercial Business, Legal & Corporate Affairs, Microsoft

    Tweet
    content-image

    Neal M.Suggs, VP & Associate General Counsel, Worldwide Sales Group, Commercial Business, Legal & Corporate Affairs, Microsoft

    Many organizations in highly regulated industries approach Cloud Computing with a degree of trepidation, and some fear that regulators are actively discouraging Cloud Computing. Ensuring that a move to the cloud will meet regulatory requirements is serious business that can result in significant consequences with financial, legal and reputational implications. For these organizations, the benefits of the cloud are within reach, just as they are to smaller organizations operating in less restrictive environments, but success requires planning and preparing for compliance requirements earlier in the process of selecting a cloud provider. Identifying cloud needs ahead of time, selecting and working with a cloud services provider with expertise working with customers in a specific industry and with regulators are crucial. That expertise will enable an organization to evaluate and identify the appropriate workloads (email, content creation and storage, collaboration) that can move successfully to the cloud, while also ensuring that along the way, the right regulatory issues are considered and addressed for the present and the future.

    All Workloads Aren't Regulated Equally

    Before a decision is made on a cloud service, and well before requesting a regulatory analysis from your legal team, organizations should identify the workloads and scenarios they want to move to the cloud. Key questions to consider include whether the organization serves businesses or consumers. Will it feature a consumer-facing website that collects Personally Identifiable Information (PII) or will it transact business? Does the organization work with classified or highly confidential data? Will it handle data for minors? It is essential to consider these questions before engaging a legal team to conduct regulatory analysis, and it will help in making a clearer and more compelling case if and when seeking regulatory approval. Armed with this information, a legal team is better equipped to investigate which regulations apply and what must be done in order to meet compliance requirements.

    Some Rules Apply Across Industries

    A number of existing regulatory requirements apply horizontally across a range of industries. Will a system have access to personal health information for U.S. residents? Then Health Information Portability and Accountability Act (HIPAA) requirements must be met. Does the organization operate in Europe now, or will it in the future? European operations that require the movement of personal data outside of the European Union (EU) raise concerns about the EU Model Clauses.

    "Working with the legal team to understand broad regulatory requirements will go a long way in helping to effectively deploy and leverage the power and flexibility of cloud services"

    If the organization is a state or local government entity, does it rely on access to the Criminal Justice Information Service (CJIS) database? If so, then it must be CJIS compliant. Is it an educational institution handling student records? If yes, the Family Education Rights and Privacy Act (FERPA) will apply. Working with the legal team to understand these broad regulatory requirements will go a long way in helping to effectively deploy and leverage the power and flexibility of cloud services.

    All Clouds Aren't Created Equally Either

    How a cloud vendor approaches regulatory issues is also important. Does a vendor offer a Business Associate Agreement for HIPAA? Does your vendor offer EU Model Clauses? If so, have European Data Protection Authorities reviewed and approved of the contractual commitments? If CJIS is a concern, check to ensure the provider has implemented CJIS compliance by design in its processes and procedures (for example, employee background checks), or are they taking a different approach? Most importantly, a vendor should have a track record of working with customers to address specific regulatory concerns. Equally important is that a cloud service provider be on top of internationally recognized standards, they hold key certifications and attestations, and have a history of working with regulatory bodies not only to meet these today and anticipate future regulations— which is less a question of “if” than “when.”Evaluating how a vendor addresses regulatory changes and engages with regulators is a crucial step that will minimize the risk of eventual vendor replacement because one vendor’s regulatory compliance approach isn’t evolving as is needed.

    Size Doesn’t Matter

    One of the most common misperceptions among organizations is that regulations are only for big customers or vendors. Nothing could be further from the truth, as the investigation by the U.S. Department of Health and Human Services (HHS) of Phoenix Cardiac Surgery, P.C. proved. While there are not a lot of cloud specific regulations yet, existing regulations are being enforced and should be taken seriously. In the Phoenix Cardiac Surgery case, a small professional corporation was fined $100,000 for failing to adequately meet HIPAA regulations relating to their use of a public cloud calendaring system.

    Conclusion

    Regulators are taking a cautious approach to Cloud Computing, as are many organizations in highly regulated industries. However, some cloud providers have a long track record of working with customers to provide traditional on-premises solutions for healthcare, financial services, education and other industries where regulatory compliance is tantamount. This foundation will help ensure a stronger cloud offering. Many times, regulators are simply transferring existing regulations applicable to outsourcing to the cloud, some of which are not applicable in the context of a broad public cloud solution. At Microsoft, we have seen this most frequently with Financial Services Industry (FSI) regulators. Over the last two years we have worked with customers around the world to address this particular issue, and to help customers successfully move to the cloud. Most regulators want assurance that a customer has been thoughtful about t h e need for strong contractual mechanisms to better ensure security of systems and data privacy in the cloud.

    They also want to see that the vendor is open to engagement and evolution as regulators evolve their approach. Being open to their concerns and transparent about our approach to these issues has led to many successful engagements getting our FSI customers into the cloud.

    By talking a thoughtful approach and working with a vendor that understands its responsibility to help customers meet their regulatory obligations, regulated industries can better maximize their ability to move to the cloud.

    tag

    Financial

    Cloud Computing

    Weekly Brief

    loading

    Featured Vendor

    • ACTICO: Leveraging AI for Compliance Management
      ACTICO: Leveraging AI for Compliance Management
    Top 10 Compliance Solution Companies - 2020
    ON THE DECK

    Content Management System 2020

    Top Vendors

    Contactless Payments 2020

    Top Vendors

    Admired Tech 2020

    Top Vendors

    Corporate Finance 2020

    Top Vendors

    AI 2020

    Top Vendors

    Travel and Hospitality 2020

    Top Vendors

    Startup 2020

    Top Vendors

    Networking 2020

    Top Vendors

    FinTech 2020

    Top Vendors

    CRM 2020

    Top Vendors

    Scheduling Software 2020

    Top Vendors

    Education 2020

    Top Vendors

    Business Intelligence 2020

    Top Vendors

    PropTech 2020

    Top Vendors

    Salesforce 2020

    Top Vendors

    Big Data 2020

    Top Vendors

    Simulation 2020

    Top Vendors

    Product Management 2020

    Top Vendors

    Legal 2020

    Top Vendors

    Remote Work 2020

    Top Vendors

    Cryptocurrency 2020

    Top Vendors

    CEM 2020

    Top Vendors

    Insurance 2020

    Top Vendors

    Data Center 2020

    Top Vendors

    Banking 2020

    Top Vendors

    RegTech 2020

    Top Vendors

    Wireless 2020

    Top Vendors

    Procurement 2020

    Top Vendors

    Cognitive 2020

    Top Vendors

    Drone 2020

    Top Vendors

    HR Technology 2020

    Top Vendors

    HPC 2020

    Top Vendors

    Pharma and Life Science 2020

    Top Vendors

    SAP 2020

    Top Vendors

    Food and Beverages 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Blockchain 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Logistics 2020

    Top Vendors

    Augmented Reality 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    Oracle 2020

    Top Vendors

    Cyber Security 2020

    Top Vendors

    E-Commerce 2020

    Top Vendors

    Compliance 2020

    Top Vendors

    Enterprise Architecture 2020

    Top Vendors

    Digital Transformation 2020

    Top Vendors

    Manufacturing 2020

    Top Vendors

    Agile 2020

    Top Vendors

    CISCO 2020

    Top Vendors

    Field Service 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    IoT 2020

    Top Vendors

    Microsoft 2020

    Top Vendors

    Retail 2020

    Top Vendors

    Aviation 2020

    Top Vendors

    Healthcare 2020

    Top Vendors

    IT Service Management 2020

    Top Vendors

    Top Vendors

    Big Data 2019

    Top Vendors

    Digital Signage 2019

    Top Vendors

    Sales Tech 2019

    Top Vendors

    Startup 2019

    Top Vendors

    Salesforce 2019

    Top Vendors

    AI 2019

    Top Vendors

    Google 2019

    Top Vendors

    Smart City 2019

    Top Vendors

    FinTech 2019

    Top Vendors

    Admired Tech 2019

    Top Vendors

    Big Data 2019

    Top Vendors

    IT Services 2019

    Top Vendors

    Business Intelligence 2019

    Top Vendors

    Education 2019

    Top Vendors

    Project Management 2019

    Top Vendors

    Enterprise Asset Management 2019

    Top Vendors

    CRM 2019

    Top Vendors

    Data Center 2019

    Top Vendors

    PropTech 2019

    Top Vendors

    Capital Market 2019

    Top Vendors

    Travel and Hospitality 2019

    Top Vendors

    Legal 2019

    Top Vendors

    IT Infrastructure 2019

    Top Vendors

    Plastic Tech 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Fleet Management 2019

    Top Vendors

    CEM 2019

    Top Vendors

    Sensor Tech 2019

    Top Vendors

    RegTech 2019

    Top Vendors

    Marine Tech 2019

    Top Vendors

    Collaboration 2019

    Top Vendors

    Software Testing 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Automotive 2019

    Top Vendors

    Food and Beverages 2019

    Top Vendors

    Insurance 2019

    Top Vendors

    HPC 2019

    Top Vendors

    Wireless 2019

    Top Vendors

    Simulation 2019

    Top Vendors

    Corporate Finance 2019

    Top Vendors

    Drone 2019

    Top Vendors

    AI Healthcare 2019

    Top Vendors

    SAP 2019

    Top Vendors

    Procurement 2019

    Top Vendors

    Cyber Security 2019

    Top Vendors

    IBM 2019

    Top Vendors

    Construction 2019

    Top Vendors

    Logistics 2019

    Top Vendors

    Managed Services 2019

    Top Vendors

    Manufacturing 2019

    Top Vendors

    Media and Entertainment 2019

    Top Vendors

    Cloud 2019

    Top Vendors

    Banking 2019

    Top Vendors

    Agile 2019

    Top Vendors

    IT Service Management 2019

    Top Vendors

    Retail 2019

    Top Vendors

    HR Technology 2019

    Top Vendors

    Oracle 2019

    Top Vendors

    Cognitive 2019

    Top Vendors

    Compliance 2019

    Top Vendors

    Contact Center 2019

    Top Vendors

    Healthcare 2019

    Top Vendors

    Gov and Public 2019

    Top Vendors

    Microsoft 2019

    Top Vendors

    Pharma and Life Science 2019

    Top Vendors

    DevOps 2019

    Top Vendors

    E-Commerce 2019

    Top Vendors

    Blockchain 2019

    Top Vendors

    IoT 2019

    Top Vendors

    Metals and Mining 2019

    Top Vendors

    Gamification 2019

    Top Vendors

    Field Service 2019

    Top Vendors

    Augmented Reality 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Hiro Imamura, SVP and GM, Business Imaging Solutions Group, Canon U.S.A. [NYSE:CAJ]
    Evolving Customer Relationship Management: Move Fast or Die Trying

    Evolving Customer Relationship Management: Move Fast or Die Trying

    Ed Ariel, Vice President of Service Operations, ezCater
    Importance of Customer Relationship Management Implementation

    Importance of Customer Relationship Management Implementation

    Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
    How enterprise tech startups and corporates can collaborate for innovation

    How enterprise tech startups and corporates can collaborate for innovation

    Paul Santos, Managing Partner, Wavemaker Partners
    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    Faruk Bilgin, Global Director Manufacturing Engineering of Webasto Group
    Empowering the Retail Paradigm

    Empowering the Retail Paradigm

    Jason Williams, VP of Engineering, DICK’S Sporting Goods
    Fortifying the Retail Pardigm Amidst Uncertainities

    Fortifying the Retail Pardigm Amidst Uncertainities

    Vlad Yakubson, Head of Retail, yd.
    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Sanjay Choubey, VP-IT, Briggs & Stratton
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/maximizing-the-benefits-of-the-cloud-in-highly-regulated-industries-nwid-778.html