Cloud Security and Compliance

What Is It All About?

As organizations extend their data repositories from on premises platforms into SaaS applications like G Suite, Salesforce, Dropbox, and others, data governance and compliance regulations follow. Achieving both internal and external compliance requires deep understanding of what information is shared on those platforms. Internal compliance means adhering to organizational protocols, where protecting intellectual property and sensitive information is key. The other side of the equation is about satisfying industry compliance mandates such as PCI, HIPAA, and FISMA.

Which Ones Should I Worry About?

That all depends on your industry, business practices, customers, and even sensitivity to compliance. Below are a few of the common regulations we have come across, many others might apply.

  • PCI-DSS - require merchants and service providers who store, process, and transmit credit card information to protect cardholder data regardless of its location.
  • HIPAA/HITECH - HIPAA (Health Insurance Portability and Accountability Act) has been put in place to protect the privacy and security of sensitive personal health information (PHI). The HITECH Act (Health Information Technology for Economic and Clinical Health) further mandates the security of electronic health records (EHR).
  • Sarbanes-Oxley - applies to all U.S. public companies, public accounting firms and firms providing auditing services and mandates both disclosure controls and the assessment of internal controls.
  • FERPA - The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records, applying to all schools that receive funds under an applicable program of the U.S. Department of Education.
  • FISMA - The Federal Information Security Management Act (FISMA) is a federal law applies to all information systems used or operated by US Government agencies or any other organization acting on behalf of a US Government agency. The act requires each agency to develop, document and implement programs that ensure integrity, confidentiality and availability of information and information systems.

Where Do I Start?

A good starting point is to research and understand your organization’s unique compliance needs. Are you subject to PCI compliance? Are you a healthcare organization required to meet HIPAA compliance? A public company required to meet Sarbanes-Oxley compliance? And the list goes on. Learn more in our library of educational compliance guides.

Meeting Compliance Sounds Like a Lot of Work

Once you know what you’re looking for, it’s quite simple, really. Meeting compliance regulations and protecting sensitive data in the cloud starts with the ability to monitor the environment, intelligently inspect all information, surface potential concerns around sensitive data existence and exposure, and subsequently exercise control over its accessibility.

Other Resources on the Topic

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser