You might think mastering myriad compliance standards would be impossible for an enterprise cloud vendor, but some are closer to that goal than others. As a rule, enterprise cloud vendors can raise the bar higher than any single customer still married to a homegrown data center.
Let’s look at a couple of the compliance standards and consider how they can be leveraged.
In government, there’s the FedRAMP cloud compliance standard in the United States. The UK’s equivalent is called G-cloud. What an enterprise cloud vendor might learn from G-cloud can be used with government customers in the United States. Cyber threat intelligence gathered from one industry might be shared with a customer in an entirely different industry.
“We have a very high bar for the controls and certifications we are putting out there. Customers are often not at that bar,” says Ulrich Homann, a distinguished architect at Microsoft. “We build a foundation upon which we can meet these standards. Then we drive ourselves to the highest bar and raise it for everyone else.”
The bottom line is that the cloud has reached a point where it tends to be more secure and compliant than corporate data centers. Microsoft says it has upward of 30 compliance certifications[JC1] for its Azure enterprise cloud platform and more than any other enterprise cloud vendor.
Government, financial services and healthcare have the strictest compliance standards. For example, ISO/IEC 27018 covers how governments handle the privacy of personal information. HIPAA regulates paper, in-person and electronic privacy for healthcare patients. And SOC defines financial reporting standards for information service providers.
As mission-critical applications such as ERP and financial trading systems start to migrate to the cloud, compliance standards will only get more stringent. Facing expanding volumes of data, system complexity and more cyber threats, compliance standards must be dynamic. A hacked financial system can mean huge losses in reputation, time, and money.
“The bar is getting higher every day. Financial services, for instance, are under constant scrutiny,” Homann says. “There are literally hundreds of controls we are meeting on a continuous basis. Our approach is to take the highest compliance standards and use them only as a base.”