Compliance is a relative term, as every industry has its own rules and regulations. Healthcare has the Health Insurance Portability and Accountability Act, banking has the Dodd-Frank Wall Street Reform and Consumer Protection Act, and retail has the Payment Card Industry Data Security Standard. These rules are meant to protect the interests of consumers, but staying compliant is often expensive for businesses, and regulators struggle to strike the right balance between costs and benefits.
The complexity of these regulations presents a challenge to cloud service providers. As more and more businesses and industries move data to the cloud, CSPs must be well-versed in their customers’ particular compliance requirements.
Compliance Is Essential
For most businesses, noncompliance means incurring fines, but the penalty for a CSP will be a loss of customers. For example, the British government blacklisted Fujitsu in 2012 for failing to comply with Cabinet Office standards, and a little over a year later, it lost three government contracts worth 255 million pounds, or about $390 million today.
Governments and larger corporations may employ compliance teams and internal auditors, but compliance is no longer just an internal issue. Businesses in highly regulated industries — such as healthcare, banking, or government — need CSPs that understand those compliance demands. Those that fail to acknowledge this will soon be extinct.
By carving out a portion of its customers’ compliance issues as a niche, a CSP can make itself invaluable and ensure that it continues to receive lucrative contracts. In 2013, IBM won a $1 billion cloud contract with the U.S. Department of the Interior, and one year later, Amazon Web Services secured a $600 million deal with the CIA.
Compliance is a major selling point, and with geographical and governmental discrepancies beginning to appear, CSPs need to become leaders to mitigate security and privacy risks — and thereby profit.
How to Leverage Compliance
For CSPs operating in the most heavily regulated industries, such as healthcare and banking, this requirement isn’t new. HIPAA-defined business associates are already just as liable for data breaches as the covered entity, meaning any organization that indirectly handles electronic protected medical records is required by law to comply with regulations.
Maintaining compliance is not always easy, but for a CSP to attract attention in the marketplace, it needs to embrace this obligation. Doing so not only provides existing customers with peace of mind, but also increases the demand for services.
There are two key ways for CSPs to stand out in the marketplace:
- Display compliance reports online. Business leaders want CSPs that can help with the compliance headache, and they will make that a top priority when exploring their options. FireHost, for example, does a good job of marketing its compliance as a service. Not only do providers that display compliance reports on their websites stand out, but they also tend to appear higher in search results, boosting their traffic.
- Establish compliance in branding and messaging. Compliance shouldn’t be limited to just the relevant pages on a website. It should also be an important aspect of a CSP’s branding and messaging on social media and elsewhere and should be backed up with appropriate certification or third-party audit reports, such as SOC 2, SOC 3, and ISO 27001.
The more prominently a provider displays its commitment to compliance, the more likely it is to profit. By making it as simple as possible for customers to fulfill their regulatory requirements, a CSP can transform itself from a potential vendor into valuable partner.