Compliance Checklist: Cloud Encryption Best Practices for Banks and Insurance Companies

Best Practices 0 Comments

Written by Michael Higashi

For industries whose handling of sensitive consumer data renders them subject to strict regulations, the cloud is anything but a simple choice. Before you can commit to the cloud, you’ll have to understand exactly what cloud information protection measures you must take to remain in regulatory compliance. Follow this checklist to protect your organization’s data and business interests.

  1. Understand your regulatory challenges
    The more regulated your industry, the more important due diligence


     becomes. As Vic Winkler points out in Microsoft’s TechNet Magazine, “Assessing the different laws and regulations your enterprise needs to abide by may well define what you can deploy in a cloud or which type of service you can use.” Different organizations must abide by different regulations. Due diligence will tell your organization what “data privacy, data and systems security, business continuity and contingency planning, and liability/risk management concerns” your organization’s cloud strategy must address.

  2. Plan where to apply cloud encryption, and how
    Now that you know by what regulations your organization must abide, you can begin planning your cloud encryption strategy. What data do the relevant regulations require you to secure, and how strongly? To most effectively meet your cloud encryption needs while still retaining the functionality that enterprises expect from cloud IT services, you’ll need an information protection platform that offers various encryption options and the ability to apply them at a granular level to your customer data.
  3. Classify your sensitive data and add DLP enforcement to your toolkit
    Even after you encrypt your sensitive data from prying eyes, you must still protect it from both inadvertent and malicious leakage by insiders with access to the data while it’s in the clear. Data Loss Prevention (DLP) is a must for regulatory compliance. A strong DLP system will scan content before it ever ventures beyond your enterprise’s perimeter, enforcing your corporate confidentiality policies to ensure that individuals do not undo all the data protection you’ve put into place.
  4. Monitor and audit enterprise data activity regularly
    Automation is a critical component of any cloud information protection platform, but automation can only go so far. To tie protection of all your enterprise’s data together and maintain regulatory compliance, you’ll need to monitor activity and conduct regular audits, as well as remaining ready for any external audits regulations demand. A cloud information protection platform that unifies visibility of all your cloud services into a single pane of glass will help. So will robust logging and timestamping features that automatically create a clear audit trail.
  5. Protect your endpoints
    No matter what you do with your on-premises and cloud-housed data, the fact remains that endpoints create vulnerabilities. Whether they get lost, stolen, or infected with viruses or malware that open them up to intrusion, endpoints are often a weak point in an organization’s data confidentiality strategy. To mitigate this weakness, find a cloud information protection platform that also provides antivirus, malware protection, and other endpoint remediation solutions. This way, your data will be safe at every stage of its lifecycle.
  6. Lather, rinse, repeat
    Once you’ve hammered out your enterprise’s cloud information protection strategy, keep it up to date. Regulations change over time, particularly when it comes to the cloud, where rapidly developing technologies create new concerns to which the laws then adapt. And ignorance of changes to the law isn’t an acceptable defense for compliance violations. Stay on top of regulatory changes to make sure your organization remains consistently in compliance.

The right cloud encryption and information protection platform can significantly ease regulatory compliance, even for banks and insurance companies. Ultimately, with the right cloud information protection choices, your business can maintain compliance while still benefiting from today’s and tomorrow’s cloud IT services.

Next Steps

Leave a Reply

Your email address will not be published. Required fields are marked *