Dynamic compliance for a dynamic cloud
Central to the book's premise is that the cloud is no longer other people's computers. Instead, we are in a post-cloud era full of cloud-native microservices and managed services, which creates new challenges for both technology teams and compliance departments. In order to avoid obsolescences, all companies must keep pace with the rapid changes on the cloud; for companies in regulated industries, compliance makes this more challenging. As cloud services are delivered in more discrete, abstracted layers to improve developer experience (a good thing), more control is being taken away from the user thus making compliance attestation harder (a bad thing). The improved developer experience allows for faster development on the cloud (also a good thing), but greater developer freedom circumvents traditional security and compliance procedures (also a bad thing).
Complete Cloud Compliance details the problem facing developers and organizations and gives a path forward in the form of a novel compliance management program geared towards adapting to the dynamic nature of the cloud.
After a brief introduction stating the business need for a new approach to compliance management, the book details the history of compliance by breaking down the complex details into digestible parts. The goal is to educate technologists on compliance fundamentals. The next chapter takes the same approach but with cloud technology, breaking down complicated technical concepts in a way to help compliance officers understand where the cloud is headed. From there, the key concept of “complete cloud compliance” is detailed followed by best practice recommendations.
“The cloud is fundamentally changing how technology is developed and scaled, making it cheaper and faster for every organization to innovate and transform itself with digital technology,” said Dr. Good. "But, this ease of use, especially for developers, has opened up an entirely new set of challenges to ensure the security and compliance of digital assets. We're excited to share the lessons we've learned and applied over our five years of managing compliant workloads on the cloud for the most risk-averse industry in the world, healthcare.”
Conference goers can receive a free preview copy
The Complete Cloud Compliance book is due in Fall 2018 and will be available for general purchase online. In the meantime, free copies will be available at the 2018 HITRUST Annual Conference held Sept. 11-13, Microsoft Ignite Conference held Sept. 24-28, and AWS re:Invent conference held Nov. 26-30. Stop by the Datica booth or schedule a meeting to receive a copy. Visit completecloudcompliance.com for more details.
About Datica
Datica de-risks the cloud for digital health with software that manages all ongoing compliance and security burdens not covered by cloud service providers. Through its suite of products, customers deploy cloud-native applications and integrate with EHRs. Datica is HITRUST CSF Certified, and services all who handle PHI in the cloud, from startups to the Fortune 100. For more information, go to Datica.com.
Videos