Companies in highly regulated industries, such as financial services and healthcare, must comply with numerous regulations, including PCI DSS, SOX, GLBA, HIPAA and HITECH, and many others. These regulations offer specific guidance on handling personal information and cloud compliance for sensitive data, and companies are bound to ensure that their information security policies and IT systems comply with the guidelines. Perspecsys’ solution can help organizations meet their regulatory standards while benefiting from the use of cloud applications.
Examples of industry regulations that encompass information related to cloud compliance standards include:
PCI Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while the payment card brands enforce compliance in the cloud. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
More about PCI DSS cloud data security >>
The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl). Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules require healthcare organizations to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information.
More about HIPAA cloud data security >>
The FBI’s Criminal Justice Information System (CJIS) is responsible for providing many critical pieces of data that criminal justice organizations and contractors need to conduct business every day - including fingerprint records, sex offender registries and criminal histories. There are understandably strict regulations and standards for anyone accessing CJIS data and this applies to any cloud application provider or vendor providing products or services related to this data.
More about CJIS cloud data security >>
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to establish standards for protecting the security and confidentiality of their customers’ non-public personal information.
More about GLBA cloud data security >>
In the U.S., requirements for personal information protection extend to the education field and student personal information. The Family Educational Rights & Privacy Act of 1974 (FERPA) is a federal law that gives students access to their education records, the ability to seek to have the records amended, and control over the release of the information to third parties. With some exceptions, schools must have a student’s consent prior to disclosure of personal data including grades, enrollment status, and billing information. The law applies to educational agencies and institutions that receive funding from the U.S. Department of Education.
More about FERPA compliance and regulations >>
“Based on the Segregation of Duties security principle, key management should be separated from the cloud provider hosting the data. This provides the greatest protection both against external breach of the service provider as well as an attack originating from a privileged user/employee of the provider.”- Guidance ,
“Aberdeen’s research shows that by selecting and implementing security solutions that augment the current capabilities of the cloud solution providers, but remain under enterprise control, companies spend one-third less annually on a per-application basis — driven in part by better security and in part by more consistent and efficient operations. These findings align with the PerspecSys solution, which is designed to give enterprises an innovative new option for security by keeping their data out of the cloud and enabling them to control it within their own environment.”- Derek Brink ,
1750 Tysons Blvd, Suite 1500
McLean, VA 22102
+1 (703) 712-4752
71 Stevenson St, Suite 400
San Francisco, CA 94105
+1 (415) 655-6733
68 Lombard Street
London, EC3V 9LJ
+44 (207) 868-2037
86 Healey Road
Bolton, ON L7E 5A7
+1 (905) 857-0411