The Cloud and Your Compliance Risks

The Cloud and Your Compliance Risks

The Power of The Cloud

Today, every company, big and small, is using the Cloud. From storage to computing. It has become an essential way of doing business. However, this shift to cloud-based services also creates new security and compliance issues.

Storing and sharing documents and files within an organization as well as when communicating to customers or outside vendors has become the norm. Especially when dealing with large media files, emailing is no longer an option. Sending a link to Dropbox, AWS or Sharepoint streamlines the process and makes work more efficient. Project teams need the most recent version that may have been modified by another department or the customer.

Every disaster recovery plan includes at least one cloud data backup option. Again with the handling of such large files today, companies cannot be burdened by limitations of fixed-sized physical hard drives versus the expandable storage capability of the Cloud.

On the computing side, organizations can access high-powered processing through Saas, IaaS, and Paas ( Software-, Infrastructure- and Platform- as a Service, respectively) using a service like IBM’s Bluemix Cloud product without a major investment in the hardware or software.

Imagine the costs involved with the planning, purchasing, housing and implementing such a system locally?

A big advantage of these virtual cloud services is the ability to gain access to the data analytics. Data is key to understanding what you’re doing and how to improve the process in the future. A corporation must have the visibility for forecasting, planning and making improvements.

Additionally, The Cloud gives an employee the ability to access required software services and systems from any device such as notebooks, smartphones or tablets without the need for any major resident software. This feature increases flexibility and productivity. And not worrying about whether you have enough memory is an added bonus (you know what I mean!).

 

But with the benefits come risks.

The Cloud presents risks in security and with software license compliance.  There are important questions that need to be asked.

 

Who’s in charge of the license-management process?

Using the Cloud with so many available options and configurations requires a point-person to act on important questions. It is still so new and there are so many variables, it is most likely that most companies are not in full compliance.  Getting that key person in place is key to rectifying that.

 

Are special licenses required?

How does the device connect? To an Exchange server or something similar?

Does the device require authentication upon access?

If the answer is “yes”, then a Client Access License, or CAL is required for all the devices not previously covered by primary devices.

 

What are the policies regarding accessing the Cloud?

It is critical to provide the company policies relating to Cloud access to all employees. If these policies are not in place, they need to be created as soon as possible by someone (previously mentioned) who understands how the Cloud services are being accessed and used typically outlined in the license agreement.

Some important questions to be asked when setting policy are:

  • What is the process for provisioning and releasing cloud services?
  • What are the required approvals and notifications?
  • What are the terms and conditions involved in using cloud services?

 

Can you transfer licenses to the cloud?

Transferring licenses to the cloud may not be allowed, carry restrictions, require pre-approval by the software publisher, or involve additional costs. Also, reclaiming an organization’s licenses back from the cloud may not be permitted.

This all goes back to completely understanding the full terms and conditions of the publisher and should be included in the policies using clear and specific language.

 

Conclusion

Your organization is most certainly using the cloud. Are you secure? Are you in compliance?

Get some guidance by experts in Cloud security and compliance using the answers to the questions asked above regarding your organization.