June 6, 2013
by Shawn J. Burke
ServiceLink, FNF’s National Lender Platform – USFN Associate Member
This article is the third in a series aimed at taking 2012’s hottest buzzword and determining what it means for your business in 2013. Specifically, this segment will address the question of how (and if) you can be compliant when putting your business in the cloud.
Let’s just get to the heart of the matter. Yes. You can be compliant in the cloud.
You’d probably feel much better if I could put some substance behind that statement and not just ask you to trust me. I can. The first consolation being that I am using the cloud. Colleagues in the USFN, like NetDirector, provide a cloud-based service. Your auditors are probably using the cloud and may not even realize it. However, let’s see about addressing some of the standard concerns and increase your confidence level.
Remember “The Cloud” is just a term. Recently at a USFN seminar, I had the pleasure of facilitating a session on the cloud. One of the participants, who was obviously trying to decide whether they could be compliant in the cloud, revealed the following: They use co-location. It’s not a cool term, but frankly that’s a cloud. Clearly they could be compliant as they had been audited and passed. One could argue it’s a private cloud, or that co-location doesn’t have the full support of a hosting company (co-location means your IT people manage the systems) but, regardless, it’s not hosted in your operation — it’s “in the cloud.”
What makes everyone think the auditor is always right? A USFN member related a story about auditors stating that an attorney is required to “own the hardware.” The easy answer is you could absolutely own the hardware and have it in the cloud. Let’s have fun though and suggest something crazy — “the auditor is wrong.” That’s right, I said it. I’m not trying to be difficult, but the idea that ownership makes things more secure is silly. Why would anyone want to own hardware when you could lease it and upgrade before end of life? How can owning one piece of hardware be more reliable than being on a farm of hardware providing redundancy and scalability at a moment’s notice? Talk with your auditor. Find out “why” they have the requirement and look to see if you are meeting it in other ways. Quite possibly, you might have a level of understanding that they may have not had the opportunity to see before.
Finally, the most important thing I can say is that most technology companies are working in the cloud. Not just the providers like Microsoft, Amazon, or Salesforce, but most hardware appliance providers and software providers. Everyone knows the cloud is important and they need solutions that are secure and capable “in the cloud.” They want your business. They are listening to your concerns. They are responding. You can be compliant.
© Copyright 2013 USFN. All rights reserved.