Date: November 6, 2019
Author: Will Urban
Editor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.
British Airways is facing a record £183 million ($230 million) fine over a security breach and compromised personal data.
Marriott is facing a $123 million fine over a security breach from last year.
These numbers are staggering, and for anyone in IT, they can be terrifying. How do you know you are doing the right thing to protect your organization? How do you verify that you are following best practices in security and data protection? Many times security and compliance are lumped together, but they do have slight differences that work together to form the overall picture.
IT security, infosec or whatever nomenclature you use is all about the tools and processes that you use in your organization to protect it. Physical security at the datacenter, firewalls, anti-virus/malware, intrusion protection software, user training about passwords, USB keys and more are all part of the day-to-day battle. All of this revolves around the security aspect of keeping your data, environment, and organization safe from outside harm. Whether in house or in the cloud, security is in constant evolution, an “arms race” so to speak, as bad guys figure out new ways to break in and good guys figure out new ways to stop them. We’ll talk more about security, security strategies, and how cloud can help you secure your environment in another blog post but let’s take a minute to discuss compliance and how that plays into all of this.
Security revolves around the tools and applications you use daily to make sure your company is protected. Compliance, while related to security, is all about the best practices, requirements, validation of tools, and mandates of outside third parties who are seen by the industry as the source of truth for what you should be doing in your organization to protect it. Compliance is necessary because it forms the base level of an organization’s ability to meet the strict regulatory best practices. Additionally if you are accredited with a certain compliance regulation, other people know that you follow all of the steps and processes outlined by them. When dealing with international contracts, customers or putting in processes, by leveraging these compliance frameworks, you guarantee that at a minimum, someone can look at your certifications and know exactly what you are doing to potentially protect their data and information. Could you imagine if every time you talked to a vendor you had to see their entire suite of security software, tools, and processes and then verify that they are up to a good level of standards that you feel comfortable with? It would be impossible, and that’s why adherence to compliance helps solve that.
When it comes to cloud, compliance can get a little muddy because you never really know what’s your responsibility and what the cloud is doing. Do you bring your own tools and certifications? Do you have visibility into the reports you need for auditing? Do they even know how your regulated industry treats the various compliance requirements? That’s where we come in to help. When you make the transition to cloud, you no longer have to make sure that everything you do falls under various guidance whether you are in a regulated industry or not. That includes everything from the data center where your applications will now live to how changes and issues are communicated with you. You need to have that ultimate trust in your cloud service provider and as you can see here:
We have multiple certifications and attestations for various global compliance directives. In fact, we are one of only two companies nominated for CSA STAR gold certification.
For financial services firms, our compliance to PCI-DSS v3.2 and hands-on support of the audit process, as well as underlying security controls of the 11:11 cloud platform attracts customers.
For healthcare specifically, 11:11 Systems is able to help customers achieve the full cycle of HIPAA and HITRUST CSF compliance for their cloud workloads with third party-issued attestations and certifications for HIPAA adherence to the HITRUST CSF framework as well as HIPAA reporting available through the 11:11 Cloud Console and compliance experts to help with audits and executing BAAs.
11:11 Systems performs various audits throughout the year, covering a wide breadth of industries to ensure compliance and regulatory compliance. The following are the current audits performed by third party entities annually:
- ISO 27001
- ISO 9001
- ISO 20000
- CSA STAR
- HITRUST CSF
- BS 10012:2017
- PCI-DSS v3.2
In addition, 11:11 adheres to various regulatory requirements for security and breach notification, including of SEC, FISMA, EU GDPR, UK ICO and PCI-DSS. The management of these notification processes is performed through the 11:11 Risk Management, Incident Management, and Problem Management processes. Additionally, senior management is involved through the compliance and security representation at the executive board level.
At this point your head is probably spinning. Where do you even begin? It’s not easy but that’s why we have a dedicated compliance team who can help answer any of your questions or concerns. Worried about GDPR? Sure, we know all about that! Data protection acts and data sovereignty rules got you up all night? Not a problem! We have got you covered. With full integration of reports in the 11:11 Cloud Console, you can download any of the compliance reports you need for auditing and have the utmost confidence that your cloud solution will adhere to any compliance needs you have, regulated or not.
Don’t let compliance concerns halt your cloud adoption. Find out more.