We are asked daily questions around what it takes to be compliant on the cloud. Sometimes it's simple, like how long to retain PHI data for disaster recovery (answer: it depends, but probably 90 days). Sometimes it's complex, like if the emergent serverless computing paradigm meets the requirements of global compliance regimes (answer: it depends, but pull up a chair).
Consistently, the biggest barrier to a successful cloud compliance program is simply the complexity of understanding everything. This is really hard! But not because it's hard to understand, only hard to absorb all the information.
In order to help those assessing their own compliance posture on a public cloud like AWS, Azure, Google Cloud, or IBM, we crafted a lightweight self assessment. We say lightweight because by no means is it a comprehensive risk assessment tool—you should stick to something like a self assessment with the HITRUST CSF v9.1. Instead, it is purposefully designed to condense all the controls into an easy to understand list. Brevity was the focus but in the Datica way of transparent content and helpful guidance. You can download it free today.
The assessment is pretty straightforward:
- It is cut up into the three broadest layers of cloud technology with which we can advise—the physical layer, the operating system layer, and the administrative layer. Consider these the main layers to think about abstracted cloud services.
- Within the layers, we itemized general considerations, like network encryption or access control lists. The items are somewhere between the granularity of an official risk management framework and an understated bulleted list. Broad enough to not cause your eyes to bleed from the legalese, but concise enough to accurately describe the consideration.
- Along with the item we offer a quick binary assessment, to which a simple Yes or No answer will guide you to understanding if you have more research to do.
For those who are not experts, and are trying to wrap their head around what it takes to be compliant on the cloud, will find the tool useful. Let us know what you think!