Why is it easier to achieve compliance in the public cloud?
Things like HIPPA, FedRamp, PCI, NIST, SOX…just to name few
After twenty-five plus years in the tech industry and involved in more than eight different companies primarily dealing with regulated industries, compliance has never been easier nor more efficient to achieve!
I remember when we started APerfectWeb 1996 (sold to NextIT in 2004) on the sole believe that credit card transactions were going to take place on this new thing called the “World Wide Web” — not many believers at the time ;-)
Fast forward to 2021 and we are now saying “public cloud is the answer to efficiently becoming compliant and more importantly continually maintaining compliance with minimal effort.”
Top three reasons the statement is true:
First — technology and software automation in the public cloud has surpassed what is possible with on premises tools and technology.
Why? Because it had to, there was no other way for it to scale, innovation out of necessity.
Second — infrastructure and hardware as we know it today are a thing of the past like the dinosaurs…public cloud is the new “utility company” and it’s a commodity and just like the power grid a necessity.
Why? That was what Amazon does, remember when they just wanted to replace Barnes & Noble…didn’t Netflix start on AWS, now Prime Video with Prime Originals…Amazon commoditizes entire industries.
Third — timing and circumstance, the global pandemic has changed human behavior in a relatively short amount of time which from a glass half-full perspective it’s moved people who wouldn’t use modern technology and made them relatively proficient…think Zoom, WebEx, Teams, etc.
Why? By forcing people out of their comfort zone and adapting to modern technology it can both increase risk and if done properly reduce risk.
As an example, below is a list of frameworks that can be continuously and automatically scanned for, and an example of the findings with step-by-step remediation instructions. This automated tool runs on AWS, Azure, and GCP.
Top three reasons public cloud isn’t being adopted by organizations:
First — the most annoying line I’ve heard for over 25 years, “well that’s how we’ve always done it.”
Why? Human behavior is the hardest thing on the planet to change, usually takes major events to shift…9/11, COVID, etc.…
Second — fear uncertainty and doubt (FUD)
Why? No one likes to admit they don’t understand something, especially technical folks and public cloud as mentioned early is not the same as they are familiar with and even worse once they do start using it’s hit or miss if they truly understand it.
Third — lack of leadership in the Executive ranks avoiding the discussion about technology and the understanding of it being strategic to the organization.
Why? Public cloud has only really been around for basically a decade. Ten years ago I would not say public cloud is the place to solve your compliance struggles, but a decade later it is due to its rapid development and required innovations.
In summary, the public cloud has become a commoditized utility and needs to be used and viewed as such. It has also become “Infrastructure as Code”, so it needs to be thought of as software and the days of managing hardware are behind us.
This view point needs to be accepted by the Executive Leadership Team and pushed through the entire organization or potentially become the next Blockbuster!
If you’re ready to have compliant environments from day 0, drop us a line @ firstname.lastname@example.org