Platform
- Data Resiliency Cloud
  Data Resiliency Cloud
  Enterprise Cloud Backup and data management across edge, on-premises and cloud workloads
- Data Protection
  Data Protection
  Modernize data protection to reduce costs and complexity
- Cyber Resiliency
  Cyber Resiliency
  Be ready for cyber attacks with data that is always safe, always ready
  - Accelerated Ransomware Recovery
  - Security Posture & Observability
- Governance & Compliance
  Governance & Compliance
  Secure, protect, and streamline data governance for all your critical data, wherever it lives
  - eDiscovery and Legal Hold
  - Sensitive Data Management
- Take a Tour
Solutions
- Business Drivers
  Business Drivers
  Learn how Druva helps you accelerate key business initiatives
- SaaS Applications
  SaaS Applications
  Druva provides comprehensive data protection that supports multiple SaaS applications from a single platform. Discover the Druva difference today.
- Enterprise Workloads
  - Virtualization
    Virtualization
    Transform data center backup and disaster recovery for virtual environments
    
    VMware
    
    Nutanix
  - Databases
    Databases
    Reduce the cost and complexity of data protection for enterprise databases
    
    Oracle
    
    MS SQL
    
    SAP HANA
  - Files
    Files
    Discover a more cost-efficient way to protect on-premises and cloud NAS
    
    NAS/files
  - Public Cloud
    Public Cloud
    Protect native AWS and Azure deployments with secure backups without the cost and complexity
    
    AWS
    
    Microsoft Azure
- Enterprise Endpoints
  Enterprise Endpoints
  Unify SaaS apps and end-user device protection to reduce data risks. Improve cyber resilience and compliance by protecting enterprise workloads and assets.
- Free Trial
Customers
- Explore All Customer Stories
  We are trusted by the world's leading organizations to protect their data. Explore customer success stories to see how your peers are using Druva.
- Ransomware recovery ready
  Learn why Medallia chose Druva
  
  SaaS data protection across the enterprise
  See why Regeneron partnered with Druva
Resources
- 2023 Gartner® Magic Quadrant™
  See why Druva is recognized as a Visionary
  
  Data Resiliency for Dummies
  Get your guide to data resiliency
Partners
- Strategic Partners
  Strategic Partners
  Learn about Druva's strategic capabilities across platform, OEM, and other partnerships. Find out how Druva accelerates and protects customers' cloud journeys.
  - Dell Technologies
  - AWS
  - VMware
  - Nutanix
- Programs
  Programs
  Learn how you can profit with Druva and a cloud-first SaaS selling motion. Explore partner programs, access resources, and discover the benefits of partnering with Druva.
- Become a Partner
Company
- - Company
  - Leadership
  - Investors
  - Careers
  - Contact Us
  - Newsroom
  - Awards
  - Events
  - Blog
  - Diversity, Equity & Inclusion
- Get in touch with us
  Contact Us
  
  News, product innovations, and more
  Blog
Get Started
Support
Login
Language

News/Trends

Data Compliance Made Simple in The Cloud

March 27, 2017 Chandrajeet Panda

As the scope of regulation continues to expand, global enterprises face the daunting challenges of safeguarding data privacy, minimizing security risks, and managing the scope of data growth. While platforms like Amazon Web Services (AWS) possess both the certifications, attestations, and infrastructure to handle corporate workloads, users must be familiar with their own regulatory environment so they can use these cloud services effectively.

Taking the first step
When considering a cloud-based data solution, you’ll naturally have many questions about the security of your data. Where is your data stored? Who has access to it? Are they the same people who manage the infrastructure, and are they internal employees or vendors of the provider?

If you choose a public cloud provider, you may have additional questions about security and how that provider protects data and addresses regulatory requirements.

These questions, if left unanswered, can turn into roadblocks for your migration to the cloud. So it’s imperative that your service provider address these concerns clearly and spell them out as part of their service-level agreements. After all, your organization is ultimately liable, so it makes sense to verify that your data is compliant and secure when stored in the cloud.

A Quick Guide To Regulation
While there are many regulatory bodies and frameworks based on industry and geography, these are the ones most likely to impact your company’s use of cloud services (and the security of those services):

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Because the requirements set out in ISO/IEC 27001:2013 are generic and intended to be applicable to all organizations regardless of size or type, it is by far one of the most popular compliance frameworks.

Service Organization Control (SOC) is a set of accounting standards that measure the control of financial information for a service organization. SOCs are covered under both the SSAE 16 and the ISAE 3402 professional standards. While SOC 1 examines the financial reporting controls of an organization that provides services to end users, SOC 2 focuses on organizational controls based on trust-service principles that cover security, availability, processing integrity, confidentiality, and privacy. SOC 2 is a common method to evaluate security controls for cloud service providers.

The General Data Protection Regulation (GDPR) is a regulation from the EU Parliament to strengthen and unify data protection for individuals within the EU. The GDPR also addresses exportation of personal data outside the EU. The GDPR’s main objectives are to give EU citizens control of their personal data, simplify the regulatory environment, and standardize international business practices. When the GDPR takes effect in 2018, it will replace the EU Data Protection Directive originally passed in 1995.

Passed in 1996 and updated in 2009 and 2013, the Health Insurance Portability and Accountability Act (HIPAA) is US-specific legislation that provides data privacy and security provisions for safeguarding medical information. Title II of HIPAA impacts IT departments the most, as it directs the Department of Health and Human Services (HHS) to establish national standards for processing electronic healthcare transactions. It also requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS.

The Federal Risk and Authorization Management Program (FedRAMP) is an assessment and authorization process used to ensure security is in place when accessing cloud computing products and services. FedRAMP uses security controls outlined in the National Institute of Standards and Technology Special Publication 800-53, which were specifically selected to provide protection in cloud environments. Prior to the introduction of FedRAMP, individual government agencies would evaluate and use their own cloud service providers according to the Federal Information Security Management Act of 2002.

The Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 by the four major credit-card companies. It’s a widely accepted set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information. In April of 2016, PCI DSS was updated with new requirements for the use of TLS encryption, multi-factor authentication, and new service-provider requirements for change management and penetration testing.

Whether yours is a global enterprise or a governmental agency (or anything in between), organizations like yours face complex challenges: data privacy and security risks, the growth of data and the mobile workforce, and shifting privacy regulations. Druva combines complete data privacy and security with a transparent, intuitive user experience to deliver best-in-class data protection and regulatory compliance in the cloud. Learn more about security and trust.

Data Compliance Made Simple in The Cloud

Blog

Druva Data Resiliency Cloud

Cloud Backup & Recovery

Data Protection

Governance & Compliance

Cyber Resilience

Business drivers

Workloads

Partners

Customers

Resources

Company