Many projects are well suited to cloud resources but have to be extra carfeul about how their information is stored, especially projects dealing with privacy-sensitive human data. Such data may need to be specially handled, or subject to regulations and compliance laws. This comes up especially when dealing with privacy-sensitive subjects like medical work, or data received from federal programs with their own sharing agreements.
Data falling under a compliance framework like HIPAA or FedRAMP is not at all deal-breakers for using the cloud, but does require extra care. The first step in using cloud infrastructure here is to plan out the cloud resources you will need, as if your project did not have such compliance considerations. After this, get in touch with the compliance teams at each cloud platform and share said plan. These teams are happy to work with you on getting access to the resources you need, and making sure they are secure.
Here are the compliance pages for each cloud platform, on which you can find guides and contact links:
- AWS Compliance Resources
- Azure Compliance Offerings
- Google GCP Compliance Offerings
- IBM Cloud compliance programs
If you are a CloudBank awardee, or thinking of submitting a proposal to get CloudBank funds, you can also contact us to help you put together a compliance plan for your work.
Regardless of legal compliance, if the safety of the data you keep in the cloud is a concern, there are practices you can take to mitigate the risk of unauthorized theft or ransomware attacks.
For starters, check out our CloudBank Solution on securing your data. Following that, here are some great articles from cloud vendors about adopting a cybersecurity mindset. While each is authored by a specific vendor, they are generally applicable regardless of which platform you are using.
- GCP: Best practices to protect your organization against ransomware threats
- IBM’s definitive guide to ransomware (PDF)
- AWS: Top 10 security best practices for securing data in Amazon S3
- Azure data security and encryption best practices
- TODO: UW Medicine case study