Navigating cloud computing regulations and compliance requirements

Last updated:July 2013

Editor's note

Attempting to achieve an adequate level of compliance in the cloud can leave providers and customers scratching their heads -- and for good reason. There is a dizzying number of acronyms to refer to a wide variety of cloud computing regulations and requirements that both parties must address, and it's a task that induces a lot of stress and skepticism in potential customers. Customers worry that moving their data to the cloud not only can compromise their industry-specific compliance requirements, but also put them at risk for security breaches. This cloud compliance guide will clarify where the bulk of the responsibility lies when attempting to achieve cloud compliance, what customers expect from providers, and what advantages and obstacles initiatives like HIPAA and FedRAMP introduce.

1Accommodating customers: How far should you go?

In the world of cloud computing, providers do their best to accommodate customers, but they also have to look out for what is in the best interest of their own business. This section of our guide explores how providers can do right by their customers without jeopardizing their goals and objectives at the same time.

2Can FedRAMP compliance boost adoption?

Former U.S. CIO Vivek Kundra issued the Cloud First policy in 2010, mandating that all federal agencies give preference to cloud-based technologies over on-premises products. The Federal Risk and Authorization Management Program (FedRAMP) was created to support this plan and standardize agencies' security requirements. In this section of our guide, explore how your cloud offerings can become FedRAMP-compliant and what challenges lie in the complex authorization process.

3HIPAA: Improving healthcare's relationship with the cloud

Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) partly to standardize the security and privacy requirements of healthcare-related data systems. Compliance with HIPAA is mandatory for healthcare organizations, meaning it's also a non-negotiable for cloud providers looking to attract them. In this section of our guide, Dr. Peter Tippett, vice president of Verizon's healthcare solutions group, discusses the unique relationship between HIPAA, providers and customers.