Compliance, Governance, Consistency: What To Consider As Your Workloads Flow to the Cloud

Most of today’s businesses operate in multiple cloud platforms. However, few apply clear management strategies to these platforms. For too many enterprises, this has resulted in a disjointed mix of vendors and inconsistently applied security and access policies. Managing the workloads, data and users that interact with these environments proves to be a challenge.

There are three key areas that must be part of your management strategy as you shift workflows to the cloud: compliance, governance and consistency. By understanding the importance of each area and applying best practices, you can help your enterprise more effectively govern and manage multi-cloud environments.

Compliance

Compliance ensures that the treatment of data follows applicable rules and regulations, whether from the government, the law, regulatory bodies, accreditation bodies or even the business itself. These rules are designed to protect data from misuse, loss and theft.

Compliance regulations vary widely based on geography and even industry, which complicates management tied to these regulations. For example, HIPAA, the Health Insurance Portability and Accountability Act, governs health information and protection in the United States. PCI, or payment card industry compliance, applies globally and is mandated by payment card companies to protect and secure card data.

Compliance failures can lead not only to the loss of reputation of a business, but also to financial loss, either through lost income or fines and lawsuits that result from the failures.] These types of losses can sound the death knell for a business and should be sufficient motivation to follow best practices to ensure compliance.

• Go Beyond the Minimum Requirements. Meeting minimal requirements for compliance helps you achieve the letter of the law, but not the spirit. The intent of compliance is protection—of your data, your customers and your business. That should be the ultimate goal of any compliance standards put in place.
• Security Goes Hand-in-Hand With Compliance. Security threats constantly evolve. Protecting data from loss or theft means staying updated about trending security risks and knowing how to detect and respond to security threats as they happen.
• Prioritize Data. All data must be protected, but not to the same degree. Prioritizing data by its value helps your business spend its limited resources more wisely.
• Compliance Is an Ongoing Process. Laws change. Best practices are refined. Security threats evolve. Compliance is not a singular step. Rather, it must be reviewed regularly to ensure data and information remain protected even as threats and rules change.

Governance

Governance is the overall authority for how data is organized, managed and used. While compliance tends to be outward facing, governance is inward facing and sets the internal mechanisms to manage data. It describes the rules for the use of data within a business and defines who is responsible for data quality, security and access.

• Draft Written Rules and Share Them Across the Organization. To be effective, governance needs to be applied equally across your organization. Written rules help ensure consistent management of data. These rules should also outline the roles of those that manage governance as well as their specific responsibilities.
• Conduct Audits. Written rules are only the first step. Audits help ensure rules are followed and may also reveal flaws or vulnerabilities that need to be addressed. Audits might include reviews of information types being gathered, who accesses that information, the justification behind the collection of data, how the information is stored and for how long. Audits recognize that data is a valuable asset and ensures sufficient care is taken to protect it and the business.
• Prioritize Data Quality. Accurate data analysis drives tactical decision making and correlates directly to the quality of the data being analyzed. Governance guidelines should aim to ensure data accuracy (“Is it true?”), uniqueness (“Are there duplicates?”), completeness (“Is this the full picture?”), relevance (“Does it matter?”) and timeliness (“Is it current?”).
• Look for Ways to Drive Efficiency. Part of the governance process should drive the operational and cost-efficient use of data sources. Governance can help remove redundancy in how data is treated. Rules and open communication should help achieve this goal.

Consistency

When it comes to data, “consistency” can have multiple meanings. Sometimes it relates to data accuracy and ensuring data is not changed when it is accessed. More generally, it relates to how businesses set security and access policies for the information and data flowing into and out of them. Those policies need to be applied consistently no matter where the data resides. It’s this second meaning that we’ll focus on here.

• Ensure Policies Translate Across Cloud Platforms. Most businesses use multiple cloud vendors. A prime reason for inconsistent security and access of data sets has been lack of portability across these platforms. Ensuring policies apply across platforms is critical to the enterprise and the protection of its data.
• Follow the Principle of Least Privilege. This principle governs who has access to data and systems, and means that users have access to only the systems required to do their jobs.
• Regularly Review Policies. Just like governance and compliance, ensuring consistency is an ongoing task. Enforcement requires reviewing the details of access and security policies to ensure they align with the business strategy.

Learn more about Lumen hybrid cloud solutions.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 Lumen Technologies. All Rights Reserved.