Roman Sakhno - Fotolia
Global compliance has become a thorny and perplexing issue for many enterprises migrating to the cloud, but one vendor is trying to clear up the confusion, one country at a time.
Thursday, CipherCloud Inc., a cloud security vendor based in San Jose, Calif., introduced its Global Compliance Resource Center, a free online repository of reference materials on the various compliance laws, industry standards such as PCI DSS, and data privacy regulations across six continents and 83 different countries.
The resource center includes an interactive map of the different countries, which are rated on the level of data privacy protection (strong, moderate, and limited), as well as reference guides to each country's relevant data compliance laws.
Willy Leichter, global director of cloud security at CipherCloud, said that while cloud adoption continues to grow, compliance and data privacy are two of the biggest issues that stall that adoption.
"A lot of our customers are concerned about compliance," he said. "It's a large, daunting task to understand the different laws in every country, and it's complicated by the fact that data moves all over the world in the cloud."
CipherCloud spent approximately 12 months working on the resource center by compiling documentation on different compliance mandates and data privacy laws, as well as consulting with subject matter experts, such as cloud service providers and law firms. The company's aim was to provide a set of resources that fosters common understanding of what various compliance measures mean for enterprises operating in the cloud.
"We worked with a lot of major cloud providers with data centers all over the world on data residency and privacy issues," Leichter said. "The laws differ greatly from country to country, and even region to region within the country."
Leitcher highlighted Canada as an example of the challenges posed by varying compliance mandates within national borders. While the country is rated "strong" under CipherCloud's data privacy protection scale, Alberta is currently the only province that has a data breach notification law, while British Columbia has a law that prohibits public organizations from storing and accessing any personal data outside of Canada.
In addition, Leitcher said the Global Compliance Resource Center offers illustrated patterns about how data privacy protection in the cloud has evolved over the years, and how differently countries view the subject. While Europe has stronger legal frameworks for personal data privacy, he said, the U.S. has a much stronger focus on data breach notifications and industry-specific compliance like HIPAA and SOX.
"We talk more in this country about compliance laws and meeting compliance," Leitcher said, "but other regions like the European Union are much more focused on data privacy laws."
In addition to the interactive map and breakdown of each country's relevant laws, the CipherCloud Global Compliance Resource Center offers a downloadable guide on global data privacy as well as links to third party subject matter experts and national enforcement authorities.
Leitcher said anyone is free to use the resource center, and that CipherCloud can offer additional assistance to prospective customers on proper security controls and data protection practices.
Learn more about the Cloud Security Alliance's updated Privacy Level Agreement for Europe