Cloud environments are dynamic and
require continuous compliance
automation to keep up with all the
constant innovations coming from the
cloud platform providers and changes
coming from the regulatory agencies.
The app delivery process used to be concentrated; in
the cloud, it’s decentralized. Many developers and
DevOps personnel play a role in software delivery.
Some may not have experience pushing changes to
test or to other environments. This adds a layer of risk.
The different cloud environments create a layer of
complexity. The trend today is for companies to
embrace multiple cloud environments – such as AWS
with a combination of Azure and/or Google Cloud
Platform, or other combinations. Each new tool and
new environment, increases the learning curve for a
staff that’s already struggling to stay current in their
training. Plus, the cloud providers themselves are
constantly innovating, adding new services and new
techniques.
Here’s the bottom line. Cloud engagements are so
dynamic, they require new, updated compliance pro-
grams just to keep up with the commonplace changes
in their environments. You can’t check every six
months and hope for the best. You need to check con-
tinuously that the programs in place are robust and
happening continuously. Therefore, you need a con-
tinuous monitoring and remediation program to
ensure that those services running in the cloud are
compliant.
The Impact of Cloud in Highly Regu-
lated Enterprises
Compliance challenges, of course, vary by industry.
Moving to the cloud exacerbates the impacts of
already complex, interrelated regulations and over-
sight in highly regulated industries such as financial
services and healthcare.
In any industry, the penalties for noncompliance are
stiff. Companies face potential fines, loss of business,
loss of clients, firings, suspensions – even potential
jail terms in certain circumstances. In retail, for
example, companies are grappling with the effects of
the new PCI regulation requiring a business to pro-
tect credit card data and customers’ identities. Com-
panies that don’t comply may have to pay more for
credit card transactions – or lose the ability to use
credit cards at all. Noncompliance is clearly not worth
the risk.
WINTER 2018 | THE DOPPLER | 7