DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
  • 5 Key Performance Metrics to Track in 2023
  • Debunking Myths About Reliability
  • New Relic Bets on AI to Advance Observability
  • Vega Cloud Commits to Reducing Cloud Costs

Home » Blogs » The 3 Compliance Questions to Ask

The 3 Compliance Questions to Ask

Avatar photoBy: contributor on June 10, 2016 3 Comments

As companies move to cloud, they require more certainty around export compliance.

Recent Posts By contributor
  • How to Ensure DevOps Success in a Distributed Network Environment
  • Dissecting the Role of QA Engineers and Developers in Functional Testing
  • DevOps Primer: Using Vagrant with AWS
Avatar photo More from contributor
Related Posts
  • The 3 Compliance Questions to Ask
  • Moving to the Cloud? Consider These Questions
  • Threat Stack Cloud Security Platform™ Achieves AWS Security Competency
    Related Categories
  • Blogs
  • DevOps in the Cloud
    Related Topics
  • cloud compliance
  • compliance
  • data
  • data sovereignty
  • export compliance
  • service provider
Show more
Show less

Of the many complexities associated with cloud computing, export compliance laws arguably are some of the thorniest. From a legal and technical perspective, the export compliance laws currently on the books—as they vary from country to country—can make even the savviest and most experienced attorneys’ and engineers’ heads spin.

TechStrong Con 2023Sponsorships Available

All enterprises must adhere to a variety of industry- and country-specific rules related to important security, data privacy, taxation and export controls. But these rules become especially murky around cloud services. For example, if a U.S.-based company provisions a virtual machine abroad, say in China, does it need to develop region-specific export controls?

Export compliance rules raise other, broader questions. For example, how do you retain agility while complying with the necessary regulations? And how do those regulations and controls vary according to workload? Like tax regulations, rules for collecting and distributing user data vary depending on location.

Not having the proper compliance protocols in place can have serious implications. Say your client is expanding into a foreign market and, at the last minute, they request a number of changes that have not been evaluated from a compliance perspective. Either the expansion is delayed, which could be damaging from a reputation and financial perspective, or the company runs the risk of being cited for compliance violations.

So, as more and more companies expand globally, how can they prepare to meet the compliance challenges stemming from cloud computing?

Three questions in particular are critical to answer when it comes to cloud export compliance.

Is it possible for companies to be both agile and compliant?

Increased business agility is perhaps the single greatest benefit cloud offers. Cloud computing facilitates rapid provisioning of resources, allowing companies to scale quickly and adapt to changing client and market needs. But what effect does export compliance have on cloud’s speed and flexibility? This type of unprecedented agility requires a re-think of how governance and policy enforcement is managed. Instead of manual checks, companies must transition to real-time policy enforcement and recording that matches the agility of cloud. This is a change to both culture and process—the rocky road where foundations can begin to crumble.

How do compliance rules vary from country to country?

Companies that operate internationally are subject to a number of rules related to citizens’ data protection, taxes, variations relating to workload, region-specific controls, paperwork and registration. When conducting cross-border provisioning, legal counsel is mandatory to establish best practices and to ensure compliance. Unfortunately, because the cloud is a relatively new phenomenon, legal expertise in this area is scant.

Further, even when there is some legal expertise, when it comes to uncertainty, the default answer from legal counsel is often, “No, we can’t do that.” Indeed, when there is a certain amount of risk and haziness around the law, the easiest—and safest—thing for legal counsel to do is to say it can’t be done. But that’s not helpful to a business.

What steps can companies take to prepare for these differing requirements?

There are three essential measures that companies can follow to help ensure their cloud services are compliant with global export regulations.

  1. Identify: All software that could be subject to cross-border exports—either packaged software or homegrown code transferred between between countries—requires legal guidance and approval. So the first step is to determine the software being exported.
  1. Register: Once you have identified the appropriate software, you need to maintain a registry. Whether an image or an automation routine deploys the software, it’s important that you have a clear record verifying what must be registered.
  1. Record: Companies that employ cloud across borders may be required to keep a record of all export transactions. Many businesses make excuses why they don’t properly document these transactions—the virtual machines in question do not belong to them; their cloud software is publicly available; or recording export transactions is only mandatory when exporting to riskier markets such as China, Iran or North Korea. To protect companies from liability or legal action associated with cross-border data transfers, legal counsel often will suggest recording all cross-border software movement.

These steps are critical to the export process, and partnering with a cloud provider that can help clear up export confusion can ease the pain. Some cloud brokers and providers offer applications that track cross-border exports, which can save a number of headaches. They have tagging and metadata reporting systems in place ahead of time. These are necessary for security and privacy compliance anyway, so it can be leveraged across domains.

A good cloud platform provider anticipates a business’s needs and offers services that a company may have never even taken into consideration, such as tracking tools to keep tabs on software so that it can be easily reported. These companies have in-house counsel with expertise in cloud export and tactical, strategic plans (such as the metadata tracking) so you know what software is going where for how long and how often—data that can also help support audits.

Information is power, and the more you have, the more prepared you are to deal with thorny issues such as export compliance. Having a partner to guide you through the process—an experienced cloud platform provider with sound advice—can help arm you with the information you need to get to cloud quickly, safely and securely.

About the Author / Rodrigo Flores

Rodrigo Flores_headshotRodrigo Flores is Managing Director of Product Innovation, Architecture and Management for Accenture Cloud Platform. The Accenture Cloud Platform is a multi-cloud management platform that procures, provisions, orchestrates, manages and governs enterprise cloud resources.

Filed Under: Blogs, DevOps in the Cloud Tagged With: cloud compliance, compliance, data, data sovereignty, export compliance, service provider

« What is JSON? How Do I Use It? Does It Beat BSON?
Building to Scale »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

https://webinars.devops.com/overcoming-business-challenges-with-automation-of-sap-processes
Tuesday, April 4, 2023 - 11:00 am EDT
Key Strategies for a Secure and Productive Hybrid Workforce
Tuesday, April 4, 2023 - 1:00 pm EDT
Using Value Stream Automation Patterns and Analytics to Accelerate DevOps
Thursday, April 6, 2023 - 1:00 pm EDT

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
March 31, 2023 | Richi Jennings
5 Key Performance Metrics to Track in 2023
March 31, 2023 | Sarah Guthals
Debunking Myths About Reliability
March 31, 2023 | Kit Merker
New Relic Bets on AI to Advance Observability
March 30, 2023 | Mike Vizard
Vega Cloud Commits to Reducing Cloud Costs
March 30, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

Don’t Make Big Tech’s Mistakes: Build Leaner IT Teams Instead
March 27, 2023 | Olivier Maes
How to Supercharge Your Engineering Teams
March 27, 2023 | Sean Knapp
Five Great DevOps Job Opportunities
March 27, 2023 | Mike Vizard
The Power of Observability: Performance and Reliability
March 29, 2023 | Javier Antich
Cloud Management Issues Are Coming to a Head
March 29, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.