Once a company is in the cloud, it should be concerned with how the cloud provider will help the company remain in compliance with the laws, such as Europe’s General Data Protection Regulation (GDPR) or HIPAA in the U.S. This discussion should start from the very beginning rather than after the cloud service is established.
Businesses sometimes find themselves in the cloud long before they planned on it, and that complicates things. One of the core tenets of the cloud is that there should be a self-service interface so it is easy for the customer to set up, change, and exit from cloud services.
What is not clear, however, is who at the customer’s business will do this. As it turns out, it could be anyone today. All that is needed is a corporate credit card, and a department can be off to the races putting data in the cloud. The term for this is not new; it is shadow IT. This term is getting a lot of use these days because of the characteristics of the cloud.