December 28, 2021

Can The Public Cloud be Compliant?

Stop exposing yourself! How to add compliance into your public cloud infrastructure.

Image source: Flickr

The public cloud seems oh-so-easy when you set up a free trial environment in one click and choose add-on services willy-nilly.

But given some of the harsh penalties of failing compliance, setting up environments whenever you want or selecting the wrong types of add-on services could be costly. Unless you’ve got a team of Azure or AWS specialists who truly understand the finer nuances of cloud configuration (and the regulations you’re being audited against), chances are you’re going to accidentally expose something you don’t want the world to see or leave yourself open to a major vulnerability.

You do not want to be embarrassed by the auditors when they come calling and find all sorts of leaks in the ship you thought was built so well. Plus, a failed compliance check means fines and lost credibility. (Stay tuned - compliance can be easier in the public cloud if you have the right tools.)

In an era of increasing privacy concerns, achieving compliance in the cloud is becoming more important as the standards you’re measuring yourself against determine who owns your data, who has access to it, how it’s accessed, and why.

So let’s discuss some roadblocks to cloud compliance and steps you can take to achieve compliance in the public cloud.

The Shared Responsibility of Compliance

According to the 2021 Flexera State of the Cloud report, more than half of respondents are considering storing sensitive data to the public cloud, reflecting increasing confidence in the security and compliance practices of hyperscale providers. That said, achieving and — perhaps more importantly — maintaining compliance in the public cloud is easier said than done.

When it comes to compliant cloud infrastructure, the public providers have it made. AWS, Azure and Google all offer compliance against HIPAA, PCI DSS, FEDRAMP, GDPR, NIST and more — good stuff, right?

However, hyperscale cloud providers like Amazon, Microsoft, and Google all follow a Shared Responsibility Model when it comes to compliance. That means that both the provider and the consumer have a duty to maintain regulatory compliance at different layers of the stack. The Shared Responsibility Model is called out on each provider’s website and clearly outlines what they will take care of and what they will not. Unfortunately, it’s not “we’ll take care of everything, why don’t you go put your feet up.”

Roadblocks to Cloud Compliance

Despite more organizations moving their data to the public cloud, compliance remains an obstacle to public cloud adoption. According to Cloudlytics, about 90 percent of decision-makers say that meeting compliance standards in the cloud impedes further public cloud adoption. And almost 80 percent within that group believe they could not clear all of the compliance audits. (In the words of Scooby Doo, “Ruh Roh.”)

Achieve Cloud Compliance with the Right Tools

No matter where you host your environment, you’re going to need staffing resources who can help you configure your environment correctly. If you choose an outsourced private cloud, your MSP should help you ensure that you’re meeting the correct regulations. If you go the DIY route (public cloud specifically), you’ll need some additional help.

Before you freak out and go on an expensive hiring spree for PCI specialists, why not consider a powerful, affordable tool like, well, us – Tenacity.

Tenacity can audit your environment (before the auditor) and identify gaps in policies or procedures. This will not only help you meet your regulatory standards and avoid an embarrassing stain on your record, but also help you make smart hiring decisions on additional staffing resources to fill in the gaps where needed.

You can store your data safely if you do so carefully, whether you use public cloud or any other cloud provider. However, compliance regulations in the cloud are constantly evolving, and it’s important to stay up-to-date on the latest changes.

Leveraging a tool like Tenacity to help you identify compliance gaps and risks before the auditors come calling can save a lot of time and money. For MSPs, it’s a great value-add service to teach your users who want to use public cloud about some of the risks involved and help them meet compliance more easily. Contact us to learn more!

BTW – are you an MSP struggling to compete in the hyperscale world? Check out our latest white paper, “How MSPs Can Leverage New Value in Public Cloud Services” to learn how you can stay ahead of the competition and keep those users who are considering dumping you for public cloud.

Latest articles

Browse all