The implementation of cloud-based data management is becoming increasingly prevalent amongst organisations around the world. In Australia and New Zealand (ANZ) alone, 61 per cent of businesses operate with a cloud-first mentality when deploying new applications.
Despite this, many are still neglecting the fundamental first step of cloud adoption: the development and application of a cloud strategy that focuses on education and knowledge sharing, whilst remaining aligned to business objectives. In fact, according to Veritas’ Truth in Cloud report, 63 per cent of businesses in the ANZ region export full responsibility for data protection, privacy and compliance onto their cloud service providers (CSPs) – a concerning misbelief that signals a widespread lack of awareness.
Unfortunately, the consequence of this neglect is that many businesses are left unaware of their responsibilities in the cloud, and are therefore vulnerable to penalties. This is especially so with the introduction of information governance legislations such as the General Data Protection Regulation (GDPR), which is due to take effect in May 2018.
While the common misconception among Australian businesses is that the GDPR will have no effect on their business, the reverse holds true. In fact, any organisation that undertakes transactions with European residents or other businesses in the EU region will be held accountable to the laws outlined in the new regulation.
With cloud adoption showing no signs of slowing down, it’s imperative that Australian businesses place further emphasis on educating staff members of their responsibilities when it comes to data management and the cloud, in order to avoid penalties. Successfully executing GDPR-compliant cloud strategies within the new standards will require businesses to be reiterative, agile and consistent in their approach to data management education.
Be proactive in asking questions to your cloud providers
Cloud service agreements and contracts can be fraught with fine print and varies widely from one provider to the next. Organisations’ IT departments may be switching from one CSP to the next as data management requirements change and evolve. Or they may be looking to multiple CSPs to meet individual business needs. This can often lead organisations to overlook contractual differences as they migrate their data from one CSP to the next, and entrust a number of CSPs with their valuable data assets.
To mediate this issue and stay on top of regulatory compliance in the cloud, it’s imperative to review contracts and agreements with the utmost scrutiny. In the event where written agreements do not explicitly detail your responsibilities as a customer, proactivity is key. Reach out to CSPs and ask your account management team to run through your data protection, privacy and compliance obligations as an organisation.
Share the knowledge
Once an organisation’s IT department is equipped with the knowledge it gathers from CSP providers, it’s important for this information to be diffused throughout the business. This will ensure that the responsibility of compliant data management is not only placed on the organisation, but on individual employees as well.
IT departments should make it their mission to educate the rest of the business on compliance in the cloud. To further enrich a culture of compliance, management teams should also make it a priority to highlight good data compliance habits. For instance, businesses can do so by rewarding employees who consistently demonstrate good data management in the cloud, and perhaps even go as far as taking disciplinary action out against those who don’t.
Don’t set and forget
It’s important to remember that adhering to regulatory guidelines in the cloud is not a task that can be set, then forgotten. The fast pace of cloud technology means that there will be constant reiterations of laws and to keep up, continuous learning is necessary to ensure organisations are up to date with the constant changes in data regulations.
Be proactive about keeping up-to-date with regulatory frameworks and ensure staff also understand the importance of ongoing learning.
Although it may seem excessive to invest the time and money to build a healthy culture of compliance, it is an unavoidable necessity in an age where data is king. Specifically, the adoption of cloud-based data management is on an upward trajectory and in Australia and New Zealand, with 54 per cent of businesses predicting an expansion in their cloud portfolio.
There are a lot of advantages that comes with embedding cloud compliance and knowledge sharing into the workplace culture and despite common belief, cloud compliance doesn’t have to be convoluted. To simplify the process, businesses should look to partner with data management vendors who understand CSPs and are equipped with the knowledge and tools required to comply in today’s increasingly stringent regulatory environment.
In order to remain competitive, businesses must take advantage of the trajectory towards the cloud, whilst being acutely aware of their responsibilities and making sure their cloud strategies are aligned to their business needs and objectives.