User Review
( votes)Adoption of cloud services has been steadily increasing, but the trend has been rapidly accelerated in the past year. Companies moved quickly to enable remote working through a range of Software-as-a-Service (SaaS) offerings, including Microsoft Teams and Zoom. Consumption of Infrastructure-as-a-Service (IaaS) platforms like Amazon Web Services and Microsoft Azure has followed and provided access to advanced services on demand.
Understandably, there has been a focus on the continuity of business. Large-scale adoption of remote working technology has enabled businesses to keep going through a hugely uncertain time. But having survived the rollercoaster of the past 12 months, many are now stopping to ask themselves: how compliant are we in this new world? The truth is that they don’t always know.
Businesses have spent decades developing the skills and knowledge needed for on premises compliance regimes. But they are still trying to understand what it means in the cloud and how best to apply it. There can be significant work involved in moving traditional IT controls frameworks to the cloud. And, unfortunately for large enterprises, there is no single button that can be pressed to automatically enable compliance.
A common challenge is keeping audit and compliance teams abreast of new technologies and how they align with regulatory requirements. Technology teams typically consume services that provide business benefits or competitive advantages. But we have seen migration efforts driven by technology lose momentum as security and compliance teams are engaged too late, only to demand delays to ensure security and compliance controls are embedded in cloud platforms, and that updates standards account for ongoing security, privacy, and confidentiality of data.
Transparent communication across an organisation is therefore important, before and during the cloud migration process. Involvement of security and compliance expertise can ensure these requirements are baked in rather than bolted on.
