The Challenges of Cloud Compliance

Cloud Compliance – Did you know?

42% of all businesses in Australia use paid “Cloud” services in Australia, that statistic shows that the Australian cloud adoption rate is continuing to increase above global growth rates.

Understanding your industry security requirement to select a suitable Cloud service is a good baseline, but to be truly cyber safe you need to be able to not only detect and stop threats but to continually monitor and improve your security posture regularly through compliance.

The challenges of Cloud Compliance in 2020

When organisations first started moving workloads into the cloud back in 2010's clarity in what Data Privacy and governance was low, Customers were comforted with Technology Providers that had similar clients, in certain industries and a track record of providing industry standard tactics like:

• Pen Testing
• Datacentre Failover Live or Manual Activation
• Secondary Backup to Datacentre with monthly tests
• Industry Certifications

Today those components are now considered mandatory when considering technology stacks.

The “Shared Responsibility Model (SRM)” model has manifested to allow all parties to take part of the process whether you are the Data Owner, Data Custodians or Data Stewards all parties need to play their part.

Some of the challenges faced by partners are: 

• Overhead of a compliance program
• Understanding of Industry requirements for technology 
• Users knowledge of Cyber Security , Data Privacy and their obligations 
• Different legislation dictating action e.g. GDPR vs NDB vs Industry regulations 

The challenge faced are many but starting with a strategy that provides transparency between digital work- loads, infrastructure and user access with data privacy at the centre will allow you to map the boundaries of risk. Then wrapping that whole strategy in the perspective of the Customers industry will provide a suitable solution.

‘At a minimum, Compliance should be executed per quarter in a moderate risk-adverse organisation once per month and for a high-risk organisation, this should be continuous’.

Key Discussion Points

Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware and take steps to comply to a set of rules, specification policy, standard or law. Cloud compliance is no different to any other compliance motion in an organisation. So how do Public Cloud providers play their part in the SRM? Check out how Microsoft Azure, Amazon Web Services, Google Cloud Platforms and Oracle Cloud are addressing this.

Key Considerations

Public Cloud providers are at the forefront when it comes to regulatory compliance and are very thorough as they have the means and the needs to comfort prospective customers expectations. A strong posture also requires strong demarcation points as the SRM should be clear at all times as to who is responsible for which part of the SRM model.

The below diagram showcases Microsoft’s demarcation points.

Dicker Data Security Solutions

Dicker Data has partnered with the industry’s leading security providers to ensure the Australian IT reseller community have access to a full suite of technology software’s designed to fight cyber crime, protect data, reduce risk and organisation down time.

Our dedicated in house software and security team work closely with our Australian IT reseller partners to understand their business requirements and deliver tailored, leading edge security solutions. Dicker data IT partners can leverage the experience from our local team of sales, technical and product management specialists, alongside promotions and incentives run from time to time.