IT Mythbusting Part 2: Cloud Can’t Comply

Part 2 of a five-part series examining common IT myths.

Even though cloud computing is quickly becoming mainstream, and a feature of most enterprise level companies, there is still reticence on the part of many a CEO to jump headlong into the cloud, even if they’ve identified the benefits of scalability and cost reduction. One reason: myths still abound.

One of these myths revolves around an important element of data storage: maintaining security compliance. Several industries have strict compliance guidelines regarding the security of their information. Failure to abide by them could mean hefty fines. In healthcare IT, for example, storing a patient’s electronic medical records (EMR) simplifies medical engagements across the board for obvious reasons.

If you’ve seen a doctor or nurse with a tablet in hand, reviewing medical history, you’ve likely benefited from EMR in some capacity already. However, given the possibly sensitive nature of this information, there are strict government guidelines related to data storage and security, since the passing of the Health Information Privacy and Accountability Act (HIPAA) in 1996.

Healthcare providers may assume it’s simply safer to store all data in onsite servers to eliminate the possibility of breaking these guidelines. On the contrary, these concerns are largely unfounded. Instead, cloud hosting providers may actually make the auditing process easier, for two primary reasons.  First, enterprise class cloud hosting providers have to deal with audit conditions on a daily basis; it’s part of their value proposition. They often have a streamlined process in place. A given business or doctor’s office, on the other hand, will likely only deal with an annual audit, making for a more arduous process.

Second, migrating data into the cloud provides a natural opportunity to examine, allocate, and segment data in accordance with any relevant government guidelines. This in and of itself can greatly reduce the scope of an audit. In addition, it allows for a documentation health check, since the occasional error in entry, storage, or allocation point may have been made over the life of the system.

Some important questions to ask your cloud hosting provider regarding security compliance are:

  • What experience do you have with security compliance?
  • What specific measures do you have in place to ensure you abide by them?
  • What experience do you have with compliance audits?
  • Are you able to provide monitoring, updates, and reports regarding ongoing compliance?
  • Have you had any issues with being out of compliance and how did you handle it?

True North works with hundreds of IT managers to implement the most effective security solution for their network and data needs, outperforming the strictest government and healthcare security requirements. We’ve found it an immensely important part of our value proposition to provide open and transparent insight into the relationship of our cloud hosting process with government compliance guidelines.

At True North, we aim to provide business leaders and IT pros with useful insight into the dynamic field of IT Solutions, consulting, and Managed Services and hope you found this information helpful.

Please check in next week for Part 3 of our five-part series in Common IT Myths: Cloud Hosting Means No One Knows Where My Data Is

Join Our Newsletter & Learn

Get our latest content delivered to your inbox.

Speak to an IT Expert

Book a Complimentary 30 Minute Consultation