We’ve been talking a lot about compliance lately. That’s because, as more businesses are moving to the cloud and storing internal and customer data there, the means to achieving compliance change significantly. But it’s not the approach to compliance that changes in the cloud, it’s the tooling, as we explained in our post How Does Compliance Differ In The Cloud Versus On-Premise? So as more businesses move to the cloud or operate hybrid environments, we want to help them become clear about what they need to do and, for the purpose of this post, when they need to do it.
The Office of Civil Rights (OCR) has been alluding to a large-scale HIPAA audit for quite some time now — and it looks like that threat will soon come to pass.
Compliance would be challenging even if it were a black and white issue. The reality is that compliance regulations, such as PCI DSS and HIPAA, are really just a string of requirements open to interpretation. The definitions of each requirement can vary, sometimes quite a bit, from auditor to auditor or from company to company. Today, even the auditors are getting audited in an effort to ensure that the application of compliance regulations is as uniform as possible.
As a business, whether you’re storing patient records or processing customer credit card data, chances are the government or your customers (or, many times, both) require you to meet some sort of compliance standards. And it ain’t easy.
PCI DSS. HIPAA. SOC 2. SOX 404. Compliance can be a complicated and confusing beast, with plenty of acronyms and layers of regulations — not to mention expenses and stress. But achieving compliance in the cloud can also be the key to unlocking new sources of revenue, winning business, and achieving success in today’s competitive business environment.