3 Ways to Balance Cloud Computing and Regulatory Compliance
Attorneys have been cloud-cautious for awhile, worried about potential breaches of confidential data and other legal considerations. But that hasn't stopped them from jump onboard -- and they lag well behind businesses generally.
But it's not just law firms who should think carefully about their cloud usage. According to a recent survey, 88 percent of businesses with over 100 employees have to comply with some regulatory standards when using the cloud. But don't worry, a few corporate policies can help make cloud usage and regulatory compliance easier.
1. Make Sure Someone Knows What They're Doing
You're a lawyer, not an IT expert. You don't have to be master of all things cybersecurity and cloud computing. (Though it wouldn't hurt. A survey of business executives found that most higher-ups wanted more expertise in cybersecurity from their in-house legal department.)
But someone in the company should be a cloud expert. You don't have to take their word on it, though. According to Alex Miller, a cloud research analysis at Clutch, certification in cloud security from the Cloud Security Alliance can ensure that you're cybersecurity expert can actually properly design, build, and protect a business's cloud computing system.
2. Look for ISO Standard Compliance
Another tip from Miller: check out the International Organization for Standardization. They don't have cloud-specific certifications, but they do have standards for the handling of personally identifiable information. You'll want to make sure that your cloud provider complies with ISO/IEC 27018:2014 and is certified for all of ISO 27001.
3. Take Inspiration From the Feds and Beyond
We've recommended looking to federal procedures for supply chain security before and it's a good idea to take some federal inspiration for your cloud policies as well. There are a few places to look, too. You can check out the FDA's regulations on electronic records as well as the National Institute of Standards and Technology's cloud computing standards.
The ISO, the NIST, and the FDA aren't the only ones with guidance. There are a few industry-specific cloud standards out there as well, such as standards for retailers and for law firms. If you're looking for more, the Cloud Standards Wiki is a good place to start.
- Resources Abound to Make Cloud Services More Secure (Network World)
- Survey: Law Departments Are Warming up to the Cloud (FindLaw's In House)
- The Greatest Threat to Your Data Security May Be Yourself (FindLaw's In House)
- 5 Ways In-House Counsel Can Improve Vendor Cybersecurity (FindLaw's In House)