July 21, 2015 | Written by: David Weck
Share this post:
Your U.S.-based company is humming along with steady growth and your CEO informs you that the company is expanding globally.
Your data centers and IT infrastructure are all within the U.S. border. While your high speed and reliable network provider would like to support you outside the U.S., you realize region specific and country specific regulations may force your company down a different path.
This is where a global service provider and hybrid cloud can make you look like a hero to your CEO.
Hybrid cloud can quickly connect your existing infrastructure and system of record to ready cloud infrastructure in other countries. It can solve many compliance challenges with data localization.
Understanding the challenges of regional and country restrictions on doing business worldwide is hard. Let’s start with expansion into Europe.
The European Union (EU) has privacy restrictions that organizations must adhere to when conducting business within the EU. Here are a few questions I hear when dealing with EU countries:
- Can you guarantee my data will be stored in Europe?
- Can you guarantee my managed services will be delivered from Europe?
- Can you guarantee no one outside of EU can potentially have access to my data?
Hybrid Cloud allows you to leverage existing infrastructure within an EU country to solve these potential inhibitors for companies based outside the EU. IBM offers cloud data centers throughout Europe that can integrate with your existing infrastructure, creating a hybrid cloud.
There are also country-specific restrictions. Providing cloud infrastructure in Italy, for example, often poses additional requirements including: requiring specific log retention policies; requiring appointment letter documentation for system administrators who have access to the servers in the cloud; and specific data transfer agreements concerning Italian data.
And there can be local government restrictions and regulations. One client I worked with was required to keep the data in a specific region within the country.
Industry-specific regulations also must be understood and solutions must ensure compliance. I engaged an insurance client in Germany that processed personal data, which was governed by Section 203 German Criminal Code, referred to as “secret data.” To fulfill the requirement, the cloud provider had to structure the delivery team to be part of companies that are fully owned and controlled by Deutschland or direct subcontractors of Deutschland companies.
As a business expands into Asia, there are more country-specific regulations. China has specific data-transfer regulations that must be followed when conducting business there.
If your company is within the financial services industry, there are regulations such as penetration testing and ISO/IEC 27001 certification requirements, along with several others.
The Payment Card Industry (PCI) Data Security Standard is required for banking and other financial services firms. Faced with a spate of security breaches, the major card brands, including Visa, MasterCard, American Express, Discover and others introduced the PCI standard to enhance payment account data security.
The 12 major PCI requirements include:
- Build and maintain a secure network (addresses requirements 1 & 2)
- Protect cardholder data (addresses requirements 3 & 4)
- Maintain a vulnerability management program (addresses requirements 5 & 6)
- Implement strong access control measures (requirement 7, 8, and 9)
- Regularly monitor and test network (requirement 10 & 11)
- Maintain an information security policy (requirement 12)
IBM Cloud Managed Services supports PCI requirements to allow clients to host their financial applications within a cloud.
Using hybrid cloud and a globally experienced provider allows for rapid expansion of your business without the need to expand your staff with local country or hire industry regulation compliance experts. Data localization is made possible through a multitude of physical hosting locations as well as specific offerings, which allow compliance with industry regulations.
Rather than becoming an expert on regulations around the world, work with a global cloud service provider who can help guide your business IT infrastructure and management needs to navigate these complex regulations and requirements.
Join in the conversation and let me know what you think.
David Weck can be reached on Twitter @DavidWeck.