Cloud storage providers typically must comply with a range of requirements from their customers. These requirements include best practices common to all forms of cloud storage as well as unique requirements for specific users. Numerous legal requirements also dictate cloud storage practices for users in certain areas, especially the financial, legal and medical sectors where highly secure online document storage is required..
Logs and audit trails are common practices for all types of cloud storage, and standard for most virtual data rooms. Users must ensure that their provider keeps these records according to their requirements. Providers must also implement data recovery plans to maintain business continuity in the event of data loss due to a natural disaster or other emergency.
The contract between cloud providers and their customers typically specify terms of liability in addition to security requirements. These terms generally address the resolution of any incident involving the compromise or loss of the customer's data. The contract should also specify the conditions under which the provider will return applications and data to the customer, commonly known as the contract's end-of-service terms.
Cloud providers may also need to maintain their data centers according to other requirements in addition to those their customers require. Compliance with these requirements becomes more complex when providers keep data on multiple systems within the cloud platform.
Data that may be used in litigation or other legal proceedings is subject to additional compliance requirements. These requirements may include the need to make records available to the general public in a particular manner as determined by legislation. A public agency that maintains records may also have its own set of rules and practices with which the cloud provider must conform.
Financial data is subject to numerous compliance requirements such as the Payment Card Industry Data Security Standard. The PCI DSS is a proprietary standard that specifies the means by which organizations must maintain information on credit cards and other payment cards. The Sarbanes-Oxley Act of 2002 is a federal law in the United States that specifies accounting standards for public firms.
The Health Insurance Portability and Accountability Act of 1996 contains five titles that deal with health insurance for workers and their families. Title II of HIPAA is most relevant to cloud service providers since it covers methods for ensuring the privacy of health information. If dealing with sensitive health data, verify if your cloud storage provider or virtual data room will help you ensure compliance.
Cloud storage comes in many forms and the nature of the information being stored should guide the choice of storage provider. Virtual data rooms offer the highest level of security in online data storage and should be the choice when the information being stored is sensitive or regulated by law.