Companies from every sector and of all sizes are flocking to the cloud. From unprecedented scalability to cost savings to revolutionizing the application development ecosystem, cloud technology is changing the way business is done.
By 2020, Azure is expected to grow to over $12 billion in revenue. With 1.5 million databases running in Azure driving 777 trillion storage transactions per day, statistically speaking, you’re probably already in the cloud.
However, if you haven’t migrated every last database yet, you’re not alone. For many organizations, governance and data control remain one of the last roadblocks to a cloud infrastructure. According to RightScale’s 2017 State of the Cloud Survey, reported cloud challenges declined across the board, with the exception of governance/control. This trepidation is unsurprising:
- According to a study conducted by the Ponemon Institute, the average cost of a data breach is $4 million.
- Complying with industry regulations is challenging and can be costly if not done right. Failure to comply with Payment Card Industry Data Security Standards can cost up to $100,000 per month, and running afoul of HIPAA regulations can cost over $50,000 per violation.
- Shadow IT (the unapproved, unmonitored use of cloud applications by employees) is a continuing problem: according to Cisco, “IT departments estimate their companies are using an average of 51 cloud services, when the reality is that 730 cloud services are being used.” This is troubling, as unauthorized cloud application use is one of the leading causes of both data breach and compliance failure.
At Hanu, we find that aligning IT and business strategies around data governance is one of the hardest hurdles to jump for cloud adoptees.
But it doesn’t have to be.
Understanding and following best-practices for cloud governance and regulatory compliance will ensure you gain all the benefits the cloud has to offer while avoiding the pitfalls that face less prepared organizations.
3 Tips for Combating Compliance
We don’t want to mislead you: getting compliant is a complicated task, and involves understanding your unique position within dozens of industry regulatory bodies. However, there are a few considerations that are universal across organizations.
- Data classification: Data classification is the process of defining what data can be accessed, and by who. Determining what is made available publicly, kept company confidential, or restricted to certain personnel is the first step towards enabling risk-aware data protection and explicitly tracking compliance.
- It’s all about location: Unlike clouds made of water vapor, cloud datacenters exist in a physical location, and this location matters. Depending on the regulations that govern your industry, some of your data may be required to remain within certain jurisdictions. In some cases, data may even be required to remain on-premises. Know your regulations, and plan accordingly.
- Choose the right cloud provider: All cloud providers are not created equal. Once you understand your regulations, ensure your provider can help you get compliant. Microsoft Azure offers over 40 cloud compliance solutions.
Get in Front of Shadow IT
Getting control over shadow IT is paramount for companies that want to ensure regulatory compliance.
Above all else, solving the problem of shadow IT is about one thing: your team. Creating a cloud infrastructure that meets their needs is the secret to crushing shadow IT once and for all.
Move to Single Sign-On ASAP
The reason shadow IT has become a problem is that using shadow applications is often easier than using an unintuitive and limited corporately-approved application ecosystem. One of the simplest and most effective ways to solve this is to implement a single sign-on infrastructure, where employees enter a single password to gain access to data and applications. Such systems enable corporate to manage applications, and are much more likely to be adopted by employees.
Train Your Team
While the problems associated with shadow IT may be old news to you, there’s a good chance many employees are unaware of them. Invest resources in training employees on the importance of secure application procurement steps and IT-approved processes, in addition to data management and security.
Give Your Employees What They Want
If your team isn’t using authorized applications, find out why. Understanding employee behavior won’t just help you increase their productivity; it will foster better communication and stronger relationships between workers and management.
Need help getting your organization secure and compliant? Hanu can help. Contact us today.