Recaps from #GRCChat
Cloud providers and customers forced to adapt
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
GRC plan that streamlines management
The dramatic effect of cloud computing on IT operations in recent years has changed the way CIOs think about data storage, analytics and management. And while the cloud isn't exactly new anymore, risk remains a major pain point, especially given the proliferation of regulatory concerns.
To kick off our recent cloud-themed #GRCchat, we asked participants about their cloud computing issues and challenges, especially in light of emerging governance, risk and compliance (GRC) considerations. Participants suggested that while things have improved, there is still a lot of work to be done, as risk management strategies that make sense now might not make sense in the future:
A1 Cloud providers+customers need to stay flexible, GRC regs constantly changing- security and RM that works now might not always #GRCChat— Ben Cole (@BenjaminCole11) March 27, 2014
And then, there's HIPAA, HIPAA, HIPAA. Cloud service providers who don't have the Health Insurance Portability and Accountability Act on their minds risk losing valuable customers:
While keeping compliant with industry regulations, it's also important for organizations to make sure their employees can get the information they need when they need it. We asked, "How can companies ensure timely access to cloud-stored, compliance-relevant regulatory data?" Respondents made clear that employees who require access to data -- whether for business or security purposes -- know exactly where to find that information:
SearchCompliance site editor Ben Cole advises outlining processes to stay on track:
Finally, we asked our #GRCchat participants, "What security or governance features should businesses look for to ensure compliance and reduce risk when seeking cloud services?" Compliance with GRC mandates, business continuity capabilities and encryption were all must-haves cited by #GRCchat-ters:
A3 Must have full auditing and control of encrypted data, including on mobile devices and other endpoints. #GRCchat— betsy kosheff (@betsykosheff) March 27, 2014
What GRC-related cloud computing issues and challenges have you encountered? Sound off in the comments below. For more of this conversation, search the #GRCchat hashtag on Twitter. Our next tweet jam will be Thursday, April 17, at 12 p.m. ET. Follow @ITCompliance for topic and expert announcements.