Corporations are increasingly including cloud services in their data architecture, says Gartner. As well they should. Compared to proprietary on-premises systems, cloud services are more easily scalable, reliably available and reasonably priced.
The concern that the IT community has felt over cloud data security is fading, too. In the care of full-time security professionals, the data security of cloud environments is often better than their in-house counterparts.
But there is one set of companies whose cloud adoption lags behind. Companies in regulated industries face an interesting conundrum. The companies themselves may be well aware that a cloud service is secure. If they’re lucky, even their customers may understand this to be the case.
But how can they convince regulatory bodies that customer data is safe and being handled appropriately throughout its lifecycle, even if it takes a spin through the cloud layer?
The role of standards and compliance
Lots of industries have their own standards that define how to store and handle data related to their field. They ensure that data is not at risk of being accessed or manipulated in a way that hurts those who provided that data or are represented in it.
This is done through a shared set of best practices and defining the minimum level of data security. In short, the fact that Company, Inc. is awarded a certificate of compliance tells the regulators and the general public that Company, Inc.’s practices are secure.
If Company, Inc. now purchases cloud services, the issue starts getting… well, clouded. The company is at risk of voiding their certification if the practices of their cloud service provider don’t live up to the standard. Purchasing companies are therefore very careful in selecting providers. At the same time, they’re not keen to spend time and money auditing other companies themselves.
Here’s where the importance of certification for cloud providers comes in. If the CSP can bring their own certification to the table, Company Inc.’s purchasing decision becomes much easier. They instantly know what they can expect, and can continue to assure their own customers that their services continue to be compliant.
For the CSP, the process of getting certified may feel like a drag. You may figure that if a customer wants a piece of paper signed, they should be the ones to jump through the hoops to get it.
At Aiven, we have a different approach. We’re more “give us all the certs”! We maintain compliance in all major data regulations and are ISO 27001 certified.
Certainly part of the reason we do this is that it’s easy to use the standards to communicate the level of our security. A bigger part is that it helps our customers to ensure that they stay compliant where it comes to the services they provide for their own users.
But there’s a third reason. We care about your data. We want to keep it safe. And compliance with the relevant standards means we don’t have to do all that work of figuring out what could go wrong. The work is already done, in the requirements that have to be met for compliance. Certification isn’t the point, and compliance isn’t the point.
The point is to provide a secure, high-quality environment to store your data. Compliance with security standards is one of the tools we use to achieve that.
P.S. That’s not enough…
We’d be remiss if we didn’t remind you at this point that it’s not enough to be compliant. Responsibility for data security lies with all parties involved. Data is only as protected as the weakest link in the chainmail allows.
P.P.S. Further reading
If you're interested in how Aiven actually implements security, read our Help article on the topic.
As a customer, even if you're not working in a regulated industry, but especially if you are, require compliance with data security standards from your cloud service providers. This protects your users and makes your life easier. And as a CSP, get compliant! Following rigorous standards of data security benefits everyone.
Not using Aiven services yet? Sign up now for your free trial at https://console.aiven.io/signup!